Ask Your Question
0

MS Office / LIbreOffice: Which one is more vulnerable? [closed]

asked 2013-09-22 07:15:30 +0200

DV gravatar image

updated 2013-10-21 22:26:17 +0200

manj_k gravatar image

All we know that Microsoft release security updates for MS Office every 1-2 months. What about Libre Office? LibereOffice it's not updated so often as the MS Office. Is LibreOffice more secure and needs fewer security updates? Or due to the fewer security updates LibreOffice less secure than MS Office?

thank you

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by Alex Kemp
close date 2016-02-20 15:36:56.038290

Comments

This question is very general. Can you please write down what is your main security concern?

L-user gravatar imageL-user ( 2013-09-22 07:48:39 +0200 )edit

3 Answers

Sort by » oldest newest most voted
4

answered 2013-09-22 07:47:28 +0200

L-user gravatar image

updated 2013-09-22 08:18:15 +0200

First of all LibreOffice updates are in 1 month period. New version releases are two times a year. See release plan for details: https://wiki.documentfoundation.org/ReleasePlan In updates there are most of the fixes related to bugs that are not the security problems.

There is absolutely no rule if fixes are more regular then software is more/less secure. I always remember basic rule I was taught in school: Every program that has more then 10 lines of code absolutely has some bugs. Office programs are made of few hundred-thousands of line of code, so number of bugs...

When we are talking about security we must first provide the potential security risk? You didn't provide more details, so I will try to answer the question in general manner.
1. Protect from unauthorized access to file. Encrypt your files and share the password with your friend/coworker in secure way (like telling the password in person). You can do this by File | "Save as" and check "Save with password" checkbox. Make sure you pick complicated password with at least 14 characters. Few of them must be non-characters like numbers, special characters like: !, $, %, @ etc. This kind of password is very difficult to brake. This way you can also send file by e-mail, just don't write the password in mail. In this case I suggest to use LibreOffice 3.6 or newer, because of implemented strong encryption.
2. Someone from internet is trying to access my files? Implement firewall, antivirus. If extremely paranoid, then edit files offline and store them on USB key.
3. You would like to exchange files securely (paranoid). Use some SFTP server or FTPS or some other means like creating SSH tunnel and then transfer files inside the tunnel. (not really for non-computer-geeks)
4. You are trying to protect access to your local files by someone that has physical access to your computer? You need to install operating system by yourself (most secure) and make sure all of the operating system passwords are strong and well kept. You need to encrypt your hard disks. You need to make sure you don't install too many programs on it, because each of the program can bring some vulnerability.(this is paranoid way and not really for non-computer-geeks)

There are many other aspect of protecting your computer. In my humble opinion there is way way way more ... (more)

edit flag offensive delete link more

Comments

Good answer. One small point: "few hundred-thousands of line of code" should read "millions of lines of code" as LO currently has ~4m lines of C++ alone. MSO probably has tens of millions of LOC.

oweng gravatar imageoweng ( 2013-09-22 09:21:09 +0200 )edit

@ L-user, Many thanks for your prompt reply. As a former MS Office user, I'm a newbie in LO. I had no idea re the LO update plan. Thanks for the info/link. Re my concerns, all I want to know is just one thing: When needed, MS release critical patches for MS Office, i.e: http://technet.microsoft.com/en-us/security/bulletin/ms12-060

LO has a similar plan?

DV gravatar imageDV ( 2013-09-22 10:05:50 +0200 )edit

According to my knowledge there is no such things as security bulletin. In LibreOffice there are just one's per months updates and you should just install them. But most of the security problems in office programs (MS-Office and LibreOffice) in my humble opinion have origin in poor security design of operating system.

L-user gravatar imageL-user ( 2013-09-22 20:11:14 +0200 )edit

I still use Windows XP and for many years I use DropMyRights program see details if interested: http://news.cnet.com/8301-13554_3-9758770-33.html This is a freeware program written by Microsoft employee. The main goal is to run anykind of program on low-as-possible security priorities. So running anykind of program (specially the ones accessing internet - web browser, e-mail program, office programs if opening strange documents with unknown user's macros etc) in security restricted sandbox.

L-user gravatar imageL-user ( 2013-09-22 20:11:57 +0200 )edit

In this case anykind of security exploit in office program that would lead to unrestricted supper user privilege is eliminated in the first place - office program is started in security sandbox.

L-user gravatar imageL-user ( 2013-09-22 20:12:21 +0200 )edit

You didn't specify what is your operating system name and version. Windows security has improved in never versions of windows (not running programs as administrator is a big deal), but what I dislike is that escalation can be easily win by providing a question to end-user, most of end users just accept security questions. So sandboxing is in my humble opinion better option, because if end-user accepts some security question, it can't break out of sandbox.

L-user gravatar imageL-user ( 2013-09-22 20:12:42 +0200 )edit
4

answered 2014-03-25 11:59:27 +0200

erAck gravatar image

Apart from the scheduled updates every 1-2 months, there is a list of applied security fixes.

edit flag offensive delete link more
2

answered 2014-03-25 11:29:32 +0200

Andras Timar gravatar image

The Document Foundation releases bugfixed versions of LibreOffice from stable branches in every 1-2 months - usually for six months from the date .0 release. These bugfixes may include security fixes, too. This is great, however, if people are concerned security and need faster turnaround or longer term support, they can buy support services from companies, such as Collabora. LibreOffice from Collabora ( https://libreoffice-from-collabora.com ) is supported for three years – with security, maintenance and bug fixes – from the date of release, much longer than the community release.

edit flag offensive delete link more

Question Tools

2 followers

Stats

Asked: 2013-09-22 07:15:30 +0200

Seen: 3,894 times

Last updated: Mar 25 '14