Shark Bait

Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Security

Storage

Business Intelligence

Servers & Data Center

Computerworld Reports

Industry

See your link here

Frank Hayes

Frankly Blogging

Word 2007 crashes: A feature, not a bug?

34 comments

IT TOPICS:Desktop Applications, Security

Let me see if I understand Microsoft's philosophy about malformed documents that crash Word 2007. In the words of an unnamed Microsoft spokesmushroom: "In fact, the behavior observed in Microsoft Word 2007 in this instance is a by-design behavior that improves security and stability by exiting Microsoft Word when it has run out of options to try and reliably display a malformed Word document....The sample code in [Aharoni's] postings cause Microsoft Word to crash, and users can restart the application to resume normal operations."

So can we expect to see that approach in other products that use Windows Embedded?

Like maybe...a TV that, when the cable service goes pixellated, shorts out all the circuitry in your house? ("Users can reset circuit breakers to resume normal operations.")

A car CD player that, when it's fed a scratched disc, disconnects the steering and brakes and disengages the clutch? ("Users who survive can restart the car to resume normal operations.")

A cell phone that, when the conversation gets too banal, shuts down your relationship? Oh, wait -- that's been done.

David LeBlanc -- quoted in the news story as a Microsoft secure-code guru -- says "it is better to crash, at least with client apps, than it is to be running the bad guy's shell code." Hooey. This is no either/or situation. For years, Word has been able to announce that a document is malformed and can't be loaded. (Which Word regularly does to me with file formats it doesn't recognize, so I know that notion isn't new to Microsoft's programmers.)

If your application code is in control, it can gracefully reject bad input.

If your app code ISN'T in control, you crash. You're already owned.

This suicide-before-capture approach isn't "by-design" behavior. It's lack-of-design behavior.

And a "code guru" of any kind who thinks that's not a security and stability problem that needs fixing doesn't belong in this business.

Email this

Digg this

What People Are Saying

Add new comment

I heard about not bad

Submitted by zlatan24 on July 10, 2008 - 12:55 P.M.

I heard about not bad application-microsoft word text recovery, can work with .doc, .docx, .dot and .dotx files and with any version of Microsoft Word text editor, can recover only plain text, it means, that text formatting, graphics and all other elements will be lost, can recover your data from corrupted *.doc files, located on corrupted media: floppy and CD disks, flash and zip drives, etc.,This tool can be used by anyone, your level of computer skills does not matter.

Reply | Report this comment

... so tell me people, why

Submitted by POP on September 22, 2007 - 1:15 P.M.

... so tell me people, why does Word 2007 crash when you try to send a document as email?

Reply | Report this comment

I've long suspected that the

Submitted by Bob on April 22, 2007 - 12:51 A.M.

I've long suspected that the BSOD was just a Windows security feature also.

Reply | Report this comment

Zigging where Anonymoose

Submitted by Angela Gunn on April 17, 2007 - 6:52 A.M.

Zigging where Anonymoose zags -- Frank, "spokesmushroom?" Funnier every time I see it. Though I hope you know this will go down on your permanent WaggEd record...

Reply | Report this comment

I think Frank Hayes is

Submitted by Anonymoose on April 16, 2007 - 9:39 A.M.

I think Frank Hayes is exaggerating the severity of a software application crash. His analogies would be more equivalent to Microsoft Word 2007 causing at least a system reboot, and at most the loss of all data on the hard drive to which Microsoft Word 2007 was installed.

Incidentally, I think Frank Hayes is trying too hard to be funny.

Reply | Report this comment

It is simple, we all must

Submitted by Fatpang on April 15, 2007 - 4:22 A.M.

It is simple, we all must publicize the problem and lobby people not to buy the product. Microsoft has for years used their customers as guinea pigs with Beta and unfinished code. Now is the time for Microsoft to be exposed for what they are.
Word 2007 is unuseable and should not be bought until they fix it, period.

Reply | Report this comment

Any one of you would be a

Submitted by George F. Rice on April 14, 2007 - 10:33 A.M.

Any one of you would be a lying to suggest that they have written perfect code, or that even after fixing bugs, there are no more bugs left. This 'feature' that MS is touting around is, in fact, the exceptional case where a bug was unfortunately not found before release.

Nobody here is surprised that serious bugs were found in Microsoft software. The general air of incredulous amusement is found in Microsoft claiming that the equivalent of a segmentation fault is the designed response to a malformed input.

As every student in every reputable university software engineering program knows, the proper response to a malformed input is to catch the exception and cleanly report it.

I'll happily state for the record that any crash from any program I specified or coded over the past 30 years is a bug. I'll fix it or your money back.

If only Microsoft were as honest.

Reply | Report this comment

To jf: Your 'position' is

Submitted by Anonymous on April 14, 2007 - 10:07 A.M.

To jf: Your 'position' is entirely moronic. If some of my coders ever uttered such a thing I can't say I would fire them instantly (I'm not american and therefore the 'you're fired' happÃ¬ness doesn't apply as much) but that poor schmuck would be detached from coding with NO explanation (what's the use) and become the guy to drill holes in the wall or any other tasks suiting his brainpower. No, mate, crashing is NEVER an option. You super-idiot. Tell that to the makers of medical software, tell that to the JPL. Tell that to the ESA engineers. Tell that to the coders of ABS/Airbag deplyment software. If you don't want to do a perfect work you don't belong in this business. I'd suggest you apply for a coder position at Microsoft.

Reply | Report this comment

Actually, other programs

Submitted by Anonymous on April 14, 2007 - 8:42 A.M.

Actually, other programs often are better at parsing MS Office files:
I work as a teacher and students often ask for help because they have an important doc they can't open (and no backup, or the backup is at home and they need the file now): in many cases, trying to open the file (doc, ppt) in Staroffice or openoffice at least saves part of the contents of the file while word/ppt crashes right away

Reply | Report this comment

Having been a programmer for

Submitted by Paul Robinson on April 13, 2007 - 10:57 P.M.

Having been a programmer for over 25 years, I have always taken a program fault as a personal insult. I consider that I do not want code that I have written to fail, and if an application fails because of bad input, that represents either incompetence or misconduct amounting to negligence. Granted, there may be some things you can't recover from, e.g. if the database is corrupted the database management system may crash and not allow you to recover, but for a word processor, this sort of behavior (and attitude) is inexcusable. It's this sort of arrogant pedantry which makes me glad I use Word Perfect and (when unavoidable) Open Office and do not use Microsoft Word.

Reply | Report this comment

Bank Trojan users arrested for ZeuS/Zbot hack

Spam culture, part 3: Nigeria (and 419 scams)

Testing Microsoft Security Essentials and the Hosts file

Microsoft: XP is far more vulnerable than Vista, Windows 7

IBM Migration Factory: A smooth transition to new technology
Find out how to migrate your applications smoothly over to IBM.

Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!

All White Papers | All Webcasts

Computerworld Reports

8 Questions To Ask About Your Intrusion-Security Solution

Computerworld Technology Briefings IT Service Management

Computerworld Briefing - Analytics: The Art and Science of Better

All Computerworld Reports

Receive the latest technology news and information.

	Computerworld Daily News (First Look and Wrap-Up)
	Computerworld Blogs Newsletter
	The Weekly Top 10

View all newsletters

* E-mail Address:

* Industry:

* Job Title:

* Company Size:

* Country:

* State:

I would like to receive offers via e-mail from Computerworld partners.

Frank Hayes's Archive

IT Topics

Sponsored Links

Play NetApp's New Data Defense Game.

Return on Information: Google Enterprise Search pays you back. Get the facts.

How Do You Rank as an Innovation Leader? Download Recent Study.

See how AT&T can help protect your network.

3 Innovations. 3 Free Downloads. Free trials of Windows 7, Windows Server 2008 R2 and Exchange Server 2010.

Citrix NetScaler with nCore Outperforms F5 BIG-IP - Learn More

64-page prescriptive guide to security, compliance, and IT operations.

Streamline IT Costs. Boost Performance with WAN Optimization

Enterprise Network & Server Monitoring Software. Cross over to Traverse...

Increase UPS efficiency without sacrificing protection

Crystal Reports Server: Single server access to reports & dashboards

Create new opportunities. See business making progress now

ESET NOD32 with ThreatSense(R) - Get your free trial now!

Looking to add Unix/Linux functionality to Windows?

Join the conversation about the hottest IT trends with Computerworld on Twitter.

ITwhitepapers.com - Access thousands of white papers on 300+ technical topics.

Leverage Your Cisco infrastructure for Superior Application Performance

Learn about the AMD Virtual Experience

Introducing: Project Icebreaker

Stay informed with custom newsletters from Tech Dispenser

New DW Options and Price Points. View Teradata Platform Family Data Sheet.

To get a better view of your entire data center, you need a better vantage point. Improve your vision with Hitachi IT Operations Analyzer - Free 30 day trial

Play NetApp's New Data Defense Game.

Take the Netezza TwinFin TestDrive!

NetScaler VPX : Harness the Power of Virtualized Web App Delivery

Get more enterprise mobility value for up to 25% less.

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion.

NYUs M.S. in Management and Systems. Offered Online and On-site.

Crystal Reports Server: More options. Not more money.

Parallelism is not just for HPC. Create rich apps from desktop to device. Get the eval.

Tolly Performance Report "Citrix NetScaler with nCore Outperforms F5 BIG-IP"

Save up to 61% plus Free Cheesecake

Find IT jobs in the Healthcare industry on Dice.com

With the NEW KODAK i700 Series Scanners get full speed at 300dpi!

Not All QSAs Are Created Equal: What You Should Know Before You Buy

The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability

The AMD Virtual Experience Virtual Trade Show

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map

CIO

Computerworld

CSO

DEMO

GamePro

Games.net

IDC

IDG

IDG Connect

IDG Knowledge Hub

IDG TechNetwork

IDG Ventures

IDG.net

InfoWorld

ITwhitepapers

ITworld

JavaWorld

LinuxWorld

Macworld

Network World

PC World

The Industry Standard

Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.

Word 2007 crashes: A feature, not a bug?

What People Are Saying

I heard about not bad

... so tell me people, why

I've long suspected that the

Zigging where Anonymoose

I think Frank Hayes is

It is simple, we all must

Any one of you would be a

To jf: Your 'position' is

Actually, other programs

Having been a programmer for

Related Posts

Today's Top Stories

Hot Posts

Recent Comments

White Papers & Webcasts

Computerworld Reports

Newsletters

Frank Hayes's Archive

IT Topics

Sponsored Links