| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> |
| <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> |
| <head> |
| <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> |
| <title>Apache OpenOffice Security Team FAQ</title> |
| <style> |
| /*<![CDATA[*/ |
| hr { display: block } |
| /*]]>*/ |
| </style> |
| </head> |
| |
| <body> |
| |
| <a id="top" name="top"></a> |
| |
| <h2>Apache OpenOffice Security Team FAQ</h2> |
| |
| <ul> |
| <li><a href="#secure">Is OpenOffice secure?</a></li> |
| <li><a href="#genuine">How do I know my copy of OpenOffice is genuine?</a></li> |
| <li><a href="#protect">How do I protect my copy of OpenOffice against security issues?</a></li> |
| <li><a href="#verify">"The publisher of this software cannot be verified" - what should I do?</a></li> |
| <li><a href="#viruses">How do I stop viruses attacking my copy of OpenOffice?</a></li> |
| <li><a href="#macros">How do I protect against macro-viruses in OpenOffice?</a></li> |
| <li><a href="#reporting">I am a developer - how do I report a security vulnerability in OpenOffice?</a></li> |
| <li><a href="#bulletin">Where can I find a list of all the security vulnerabilities fixed in OpenOffice?</a></li> |
| <li><a href="#alerts">How can I get email alerts about security vulnerabilities fixed in OpenOffice?</a></li> |
| </ul> |
| |
| <a id="secure" name="secure"></a> |
| |
| <h3>Is OpenOffice secure?</h3> |
| |
| <p> |
| The OpenOffice engineers take the security of the software very seriously. We take great care to ensure |
| that our software is secure, and we will react promptly to any reports of suspected security |
| vulnerabilities in our software.</p> |
| |
| <p> |
| <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a> |
| </p> |
| |
| <a id="genuine" name="genuine"></a> |
| |
| <h3>How do I know my copy of OpenOffice is genuine?</h3> |
| |
| <p> |
| Make sure you know where your copy of OpenOffice has come from. Download from one of the sites listed in |
| <a href="/download">our download page</a>, or purchase from one of our CD distributors. |
| <a href="../download/checksums.html">Use a checksum</a> to make sure your copy has not been corrupted |
| before you install it. |
| </p> |
| |
| <p> |
| <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a> |
| </p> |
| |
| <a id="protect" name="protect"></a> |
| |
| <h3>How do I protect my copy of OpenOffice against security issues?</h3> |
| |
| <p> |
| We recommend all users install new versions of OpenOffice as soon as practical after they are released. |
| Since version 2.1, OpenOffice has included a feature which will tell you if a new version is available. |
| We recommend you switch this on <em>(Tools -> Options -> Online Update -> Check for updates |
| automatically)</em>. |
| </p> |
| |
| <p> |
| <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a> |
| </p> |
| |
| <a id="verify" name="verify"></a> |
| |
| <h3>"The publisher of this software cannot be verified" - what should I do?</h3> |
| |
| <p> |
| When installing OpenOffice under Microsoft Windows, you may see a warning message stating that the |
| publisher of the software could not be verified. It is safe to ignore this message if you are confident |
| that your copy of OpenOffice came from a reputable source. If you have any doubts about this, you can |
| check that the file has not been tampered with by |
| <a href="../download/checksums.html">using MD5 checksums</a>. |
| </p> |
| |
| <p> |
| <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a> |
| </p> |
| |
| <a id="viruses" name="viruses"></a> |
| |
| <h3>How do I stop viruses attacking my copy of OpenOffice?</h3> |
| |
| <p> |
| If your computer becomes infected with a virus, it is possible that any program you have installed - |
| including OpenOffice - may become corrupted. Your computer cannot catch a virus from fresh air. It can |
| become infected if someone gives you any kind of media - floppy disk, CD, DVD, memory stick, memory |
| card etc. - anything capable of holding data can also hold a virus. It can become infected if it is |
| connected to any kind of network, including wireless. Connections to publicly accessible networks like |
| the internet are particularly risky. |
| </p> |
| |
| <p> |
| There is a whole range of things you can do to protect your computer - firewalls, anti-virus software, |
| etc. please contact your PC supplier or IT department for details. If you suspect your PC has been |
| infected, please seek specialist support. |
| </p> |
| |
| <p> |
| <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a> |
| </p> |
| |
| <a id="macros" name="macros"></a> |
| |
| <h3>How do I protect against macro-viruses in OpenOffice?</h3> |
| |
| <p> |
| Macros are a useful part of any office suite, allowing you to automate repetitive tasks. A macro can |
| do anything you can do - including potentially destructive actions such as modifying and deleting |
| files. A macro can attached to any OpenOffice file (document, spreadsheet, etc.). |
| </p> |
| |
| <p> |
| Whenever OpenOffice detects macros in a document being opened, by default it displays a warning and |
| will only run the macro if the you specifically agree. |
| </p> |
| |
| <p> |
| The safest rule is you should never open any OpenOffice file unless you are sure where it has come from |
| and trust the sender. Note that it is very easy to falsify an email address - if you have any doubt, do |
| not open the document until you have proved its identity. If you need to exchange documents regularly. |
| we recommend the use of digital signatures to certify the origin of the document. |
| </p> |
| |
| <p> |
| <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a> |
| </p> |
| |
| <a id="reporting" name="reporting"></a> |
| |
| <h3>I am a developer - how do I report a security vulnerability in OpenOffice?</h3> |
| |
| <p> |
| Please report any suspected vulnerabilities to our |
| <a href="mailto:security@openoffice.apache.org">Security Team</a>. We appreciate early confidential |
| disclosure to give vendors of products and solutions based on OpenOffice time to react. We will |
| coordinate the disclosure of your report with you. |
| </p> |
| |
| <p> |
| In your report, please include the following information: |
| </p> |
| |
| <ul> |
| <li> |
| In which version of OpenOffice did you identify the problem (e.g. 3.3.0, 3.4.1, 4.0.0, etc.)? |
| </li> |
| |
| <li> |
| What is the impact of the problem (data loss, denial of service, executing commands, etc.)? |
| </li> |
| |
| <li> |
| How can the problem be reproduced? |
| </li> |
| |
| <li> |
| Is there an existing exploit? |
| </li> |
| |
| <li> |
| Has the problem already been published? |
| </li> |
| </ul> |
| |
| <p> |
| After we receive your report, we will work on the evaluation and we will reply to you (typically in the |
| next business day). |
| </p> |
| |
| <p> |
| <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a> |
| </p> |
| |
| <a id="bulletin" name="bulletin"></a> |
| |
| <h3>Where can I find a list of all the security vulnerabilities fixed in OpenOffice?</h3> |
| |
| <p> |
| These are listed in our <a href="/security/bulletin.html">Security Bulletin</a>. |
| </p> |
| |
| <p> |
| <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a> |
| </p> |
| |
| <a id="alerts" name="alerts"></a> |
| |
| <h3>How can I get email alerts about security vulnerabilities fixed in OpenOffice?</h3> |
| |
| <p> |
| Please read our <a href="/security/alerts.html">Security Alerts</a> page. |
| </p> |
| |
| <p> |
| <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a> |
| </p> |
| |
| <hr /> |
| |
| <p> |
| <a href="/security/">Security Home</a> -> <a href="/security/faq.html">Security FAQ</a> |
| </p> |
| |
| </body> |
| </html> |