Why is Windows still not able to read and write to ext2, ext3 and reiser
file systems yet. They have been around long enough.
Why is Microsoft not able to include a working java interpreter on a
Vista installation?
[/QUOTE]
Ask Sun.[/QUOTE]
Also, because these are not trivial subsystems and the load of
ensuring they don't act as exploitable surfaces is one that MS would
rather not have to carry - and I'm with them on that one.
Why would they need to when MS Word is the worlds most used Office
application?
Because "de facto" standards that leverage proprietary file formats
though markey dominance are crap, and hopfully beyond the pale for an
ethical software vendor.
However, don't look for that clue from the MS Office team. Yes, they
do the right thing at times (free viewers for MS document file
formats, updates for older MS Office users so they can read the new
formats) but they just don't "get" open standards and HTML.
For example, if you "touch" an HTML file in Word (which sets itself up
as the default HTML editor), then that file becomes a special "Word
HTML" type (with special Word-y icon) and immediately blows out to
several times the original size.
This can result in this absurd situation...
A client makes heavy use of Outlook Express, including the
"stationary" feature that uses HTML to craft "rich" (bulky, slow to
download) messages that fall apart when viewed in other email apps.
Their phone number changes, so they find the HTML template file and
Edit it - which invokes Word, of course.
Word then bloats up the file and makes it a "special" file type, even
though the client did nothing other than change two characters in the
phone number text. But that's not alll...
Now OE starts to pop up safety alerts whenever one of their new
(post-edit) outgoing or sent messages is highlighted or clicked, and
others in the same organization complain the same thing happens when
they receive messages from that PC.
Some folks avoid these messages out of fear they are a malware attack
(and rightly so, IMO; just because a message is "from someone you
know" doesn't make it safe). All folks complain that these incessant
alerts make working in OE a total pain (e.g. if they transfer 30
messages from one mailbox to another, they suffer 30 alerts).
Any why is this? Because Word has added some sort of scripting or
binary content that ring heuristic alarms on a well-defended system.
All because someone changed a phone number in a sig.
"Ah, but those aren't default settings! You can 'just' relax your
security back to duhfault and it will work!" - to which the rude
answer is POAGF (or FOAD) and the polite answer is, "why should I
reduce my safety just to accomodate someone else's Word crap?"
Bear in mind that with duhfault settings, the current exploit du joir
(.ANI files that exploit to run as code when a "specially crafted"
HTML email message is (pre-)viewed) will shoot you to pieces.
So let's hear it for harder, non-default settings. Note to MS:
- support your own feature set, not just duhfaults
- keep HTML simple and generic, or get Word out of the way
-- Risk Management is the clue that asks:
"Why do I keep open buckets of petrol next to all the
ashtrays in the lounge, when I don't even have a car?"
