
Office Drama on macOS - LaSombra
https://objective-see.com/blog/blog_0x4B.html
======
bartvk
What I find funny, is the quote: "Specifically we’ll show how we were easily
able to [...]". And then the article consists of 3647 words :)

I'm actually quite amazed, and happy, how far security has come.

~~~
sixhobbits
I write a lot of tutorials and guides and I strongly agree and disagree with
this comment at the same time.

a) Yes, the words "simply", "obviously" etc are waay overused in this kind of
writing and when editing it's often simply a case of doing a find and replace
to remove them all (obviously after checking each one to make sure it still
makes sense)

b) 3500 words is not a lot of text. Somehow marketing people managed to
convince the world that a "long form" blog post is 500 words. In reality, 2000
words is often a ballpark minimum to say something useful and interesting, and
10000 word articles are often super useful (and still not that long given how
easy it is to skim over bits of text, how fast text can be produced and how
lightweight text is in terms of bandwidth and storage space.)

~~~
sukilot
> obviously after checking each one to make sure it still makes sense

Did you?

> 3500 words is not a lot of text.

The comment was regarding whether it's "easy".

------
RcouF1uZ4gsC
From Wikipedia article on the sylk format which the exploit uses.

> The format was introduced in the 1980s and has not evolved since 1986[2].

So over 34 years old.

~~~
deathanatos
Likewise, the macro format XLM — which the article notes is a predecessor to
VBA (at which point I'm going, "VBA had a predecessor? but VBA is ancient —
its _still supported?!_ ") — XML was introduced in 1987, 33 years ago. VBA
wouldn't happen until 1993.

Absolutely incredible.

~~~
Beldin
If with "VBA" you mean _Visual Basic for Applications_ , it had (AFAIK)
several ancestors from the BASIC family including Visual Basic and Quick
Basic. Probably GW BASIC and its ancestors count as well.

~~~
taejo
deathanatos seems to be referring to predecessors as a document macro system,
not ancestors as a programming language

------
acomjean
Ugg..

I have macOS 10.12, and office from work. I get prompts to update word, which
then tell me to update the OS...

Good times.

I probably should shift to libre office exclusively...

~~~
hajimemash
Ha! You are me, 24 hours ago, you poor unfortunate soul. Let me save you an
hour of your life.

* Be me, 24 hours ago.

* Have the desire to find alternate word processor

* Find out that macOS support in LibreOffice, and another alternative OpenOffice, is an elaborate hoax similar to this function:
    
    
        func libreOpenOfficeForMacUsers(time:3600s, bandwidth:500MB) { while (time) { time -= 1; sleep } return poop }
    

Basically, running the apps on macs using retina displays (intr. 2012) results
in 100% CPU usage when scrolling even on a blank page, presumably due to a bug
or an extremely inefficient update/drawing method. This has been an issue for
8 years.

Bug link for LibreOffice
[https://bugs.documentfoundation.org/show_bug.cgi?id=113104](https://bugs.documentfoundation.org/show_bug.cgi?id=113104)

I downloaded and tried out both LibreOffice, OpenOffice. The result was 4fps
while scrolling or resizing windows, and of course there was the expected
extreme heat generation and 100.0 energy usage in activity monitor due to max
CPU usage. [My mac is MBP2020 w 5600m, and yes I love it A LOT!]

* Back to the drawing board. Markdown, perhaps?

~~~
saagarjha
Have you tried iWork?

~~~
qubex
I use _Pages_ as my go-to word-processor and _Numbers_ (on account of its
table-in-sheet paradigm) is my favourite spreadsheet by far. I wish they’d
beef the latter up a bit with ODBC access and support for iterated solution
(very useful for balancing projected cashflow where interest-on-short-term-
debt & amount-of-short-term-debt depend on each other) and something more akin
to pivot tables.

Pity, it could really be a thermonuclear option, instead they just add useless
stuff like collaboration features and smart annotations....

I’ve never really used _Keynote_ because that simply isn’t in my line of work.

I really think Apple has a winner on their hands and are handicapping it
deliberately either out of neglect or because they didn’t want to scare
Microsoft off back in the day and have some kind of gentleman’s agreement
going...

~~~
macintux
Pretty much any time there’s a viable alternative to a Microsoft product, I
find the alternative to be a breath of fresh air. There’s something about
Windows software in general that makes me feel like I’m in a prison camp
relative to good macOS applications.

OmniGraffle vs Visio. Keynote vs PowerPoint. Numbers vs Excel.

~~~
qubex
I know precisely what you’re referring to. I used to call it the “Cocoa Smell”
when I’d come across an application designed for OS X’s native APIs and not
some port of something more or less haphazard.

I suppose now they’re more varied (SwiftUI or whatever the technology of the
day may be), but there’s a distinct “this is native” vibe from certain
alternative applications that doesn’t emanate from others.

------
lawrencegs
Does Office.com supports Macro? Seems like it does, but wouldnt it be immune
to these attack?

~~~
guessbest
The web version doesn't support macros.

------
orionblastar
Thanks for the heads up. Would using LibreOffice be safer?

~~~
gruez
Yes, in the same sense that browsing the web with lynx is safer because
there's no javascript to exploit. Some people even consider the lack of
javascript to be a feature. If you're just opening documents for viewing/basic
editing, you probably won't mind macros being missing. The bigger problem
might be the inconsistent layout (and other compatibility issues) that you
get.

~~~
EE84M3i
LibreOffice fully supports a lot of macro features, so I'm not sure what
you're refering to about "macros being missing".

------
ChrisRR
Opens website

Gets instant popup covering the content asking me to sign up

Closes website

~~~
kozhevnikov
If you are using uBlock Origin or similar you can enable 'Annoyances' filter
lists (off by default) that take care of many overlays, cookie popups, etc.

~~~
pc86
Even better, you can just leave websites that do this. I have no interest in
helping anyone beef up their numbers by hanging around longer if they're going
to be outright hostile to their readers/users like this.

------
Rebelgecko
I'm a little bit nervously skeptical of a security website that gives me a
browser prompt about accessing Virtual Reality devices

