blob: 4e79b88eaa08155a85fda3ea8363026bb7fb0f39 [file] [log] [blame]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Apache OpenOffice Security Team FAQ</title>
<style>
/*<![CDATA[*/
hr { display: block }
/*]]>*/
</style>
</head>
<body>
<a id="top" name="top"></a>
<h2>Apache OpenOffice Security Team FAQ</h2>
<ul>
<li><a href="#secure">Is OpenOffice secure?</a></li>
<li><a href="#genuine">How do I know my copy of OpenOffice is genuine?</a></li>
<li><a href="#protect">How do I protect my copy of OpenOffice against security issues?</a></li>
<li><a href="#verify">"The publisher of this software cannot be verified" - what should I do?</a></li>
<li><a href="#viruses">How do I stop viruses attacking my copy of OpenOffice?</a></li>
<li><a href="#macros">How do I protect against macro-viruses in OpenOffice?</a></li>
<li><a href="#reporting">I am a developer - how do I report a security vulnerability in OpenOffice?</a></li>
<li><a href="#bulletin">Where can I find a list of all the security vulnerabilities fixed in OpenOffice?</a></li>
<li><a href="#alerts">How can I get email alerts about security vulnerabilities fixed in OpenOffice?</a></li>
</ul>
<a id="secure" name="secure"></a>
<h3>Is OpenOffice secure?</h3>
<p>
The OpenOffice engineers take the security of the software very seriously. We take great care to ensure
that our software is secure, and we will react promptly to any reports of suspected security
vulnerabilities in our software.</p>
<p>
<a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
</p>
<a id="genuine" name="genuine"></a>
<h3>How do I know my copy of OpenOffice is genuine?</h3>
<p>
Make sure you know where your copy of OpenOffice has come from. Download from one of the sites listed in
<a href="/download">our download page</a>, or purchase from one of our CD distributors.
<a href="../download/checksums.html">Use a checksum</a> to make sure your copy has not been corrupted
before you install it.
</p>
<p>
<a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
</p>
<a id="protect" name="protect"></a>
<h3>How do I protect my copy of OpenOffice against security issues?</h3>
<p>
We recommend all users install new versions of OpenOffice as soon as practical after they are released.
Since version 2.1, OpenOffice has included a feature which will tell you if a new version is available.
We recommend you switch this on <em>(Tools -&gt; Options -&gt; Online Update -&gt; Check for updates
automatically)</em>.
</p>
<p>
<a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
</p>
<a id="verify" name="verify"></a>
<h3>"The publisher of this software cannot be verified" - what should I do?</h3>
<p>
When installing OpenOffice under Microsoft Windows, you may see a warning message stating that the
publisher of the software could not be verified. It is safe to ignore this message if you are confident
that your copy of OpenOffice came from a reputable source. If you have any doubts about this, you can
check that the file has not been tampered with by
<a href="../download/checksums.html">using MD5 checksums</a>.
</p>
<p>
<a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
</p>
<a id="viruses" name="viruses"></a>
<h3>How do I stop viruses attacking my copy of OpenOffice?</h3>
<p>
If your computer becomes infected with a virus, it is possible that any program you have installed -
including OpenOffice - may become corrupted. Your computer cannot catch a virus from fresh air. It can
become infected if someone gives you any kind of media - floppy disk, CD, DVD, memory stick, memory
card etc. - anything capable of holding data can also hold a virus. It can become infected if it is
connected to any kind of network, including wireless. Connections to publicly accessible networks like
the internet are particularly risky.
</p>
<p>
There is a whole range of things you can do to protect your computer - firewalls, anti-virus software,
etc. please contact your PC supplier or IT department for details. If you suspect your PC has been
infected, please seek specialist support.
</p>
<p>
<a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
</p>
<a id="macros" name="macros"></a>
<h3>How do I protect against macro-viruses in OpenOffice?</h3>
<p>
Macros are a useful part of any office suite, allowing you to automate repetitive tasks. A macro can
do anything you can do - including potentially destructive actions such as modifying and deleting
files. A macro can attached to any OpenOffice file (document, spreadsheet, etc.).
</p>
<p>
Whenever OpenOffice detects macros in a document being opened, by default it displays a warning and
will only run the macro if the you specifically agree.
</p>
<p>
The safest rule is you should never open any OpenOffice file unless you are sure where it has come from
and trust the sender. Note that it is very easy to falsify an email address - if you have any doubt, do
not open the document until you have proved its identity. If you need to exchange documents regularly.
we recommend the use of digital signatures to certify the origin of the document.
</p>
<p>
<a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
</p>
<a id="reporting" name="reporting"></a>
<h3>I am a developer - how do I report a security vulnerability in OpenOffice?</h3>
<p>
Please report any suspected vulnerabilities to our
<a href="mailto:security@openoffice.apache.org">Security Team</a>. We appreciate early confidential
disclosure to give vendors of products and solutions based on OpenOffice time to react. We will
coordinate the disclosure of your report with you.
</p>
<p>
In your report, please include the following information:
</p>
<ul>
<li>
In which version of OpenOffice did you identify the problem (e.g. 3.3.0, 3.4.1, 4.0.0, etc.)?
</li>
<li>
What is the impact of the problem (data loss, denial of service, executing commands, etc.)?
</li>
<li>
How can the problem be reproduced?
</li>
<li>
Is there an existing exploit?
</li>
<li>
Has the problem already been published?
</li>
</ul>
<p>
After we receive your report, we will work on the evaluation and we will reply to you (typically in the
next business day).
</p>
<p>
<a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
</p>
<a id="bulletin" name="bulletin"></a>
<h3>Where can I find a list of all the security vulnerabilities fixed in OpenOffice?</h3>
<p>
These are listed in our <a href="/security/bulletin.html">Security Bulletin</a>.
</p>
<p>
<a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
</p>
<a id="alerts" name="alerts"></a>
<h3>How can I get email alerts about security vulnerabilities fixed in OpenOffice?</h3>
<p>
Please read our <a href="/security/alerts.html">Security Alerts</a> page.
</p>
<p>
<a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
</p>
<hr />
<p>
<a href="/security/">Security Home</a> -&gt; <a href="/security/faq.html">Security FAQ</a>
</p>
</body>
</html>