Too good to be true?

Olinda99

400ixl said:

So you are quite happy if someone exploits one of the hundreds of unpatched and known exploits to empty your bank account? Not even close to best describes using software that old if the device is ever connected to the internet.

Just use online Microsoft Office which is free, up to date and a lot more secure if cost is your primary driver.

Tell you what - I'll write a letter to me mum using Word 2007 and you empty my bank account....

[Deleted User]

movilogo said:

Majority of people's need is still perfectly served by Office 2007, which does not even require activation.

It's like a race to the bottom sometimes on these forums to see who has got the most outdated software.

How can you say the majority of people's needs are still perfectly served by Office 2007? Mine aren't and 800 people I know that work at my company definitely aren't.

Olinda99 said:

400ixl said:

So you are quite happy if someone exploits one of the hundreds of unpatched and known exploits to empty your bank account? Not even close to best describes using software that old if the device is ever connected to the internet.

Just use online Microsoft Office which is free, up to date and a lot more secure if cost is your primary driver.

Tell you what - I'll write a letter to me mum using Word 2007 and you empty my bank account....

I don't mind drivel on here - it's par for the course on fora but I draw the line at absolute total drivel.

That bit in bold really shows the general naivety about security exploits.

In one sample in Germany in 2019, 73% of the malware attacks were exploiting one particular Office 2007 vulnerability that allowed a hacker to run any code whatsoever on the target machine:

https://www.mimecast.com/blog/ms-office-2007-exploit/

In the top 10 most exploited vulnerabilities from 2016-2019 - yes you've guessed, Office 2007 is number 1 ...and numbers 2, 4, and 9.

https://fossbytes.com/top-10-most-exploited-vulnerabilities-past-3-years/

Think it doesn't happen to you? People of this forum have lost all their data due to hacking and they didn't click anything or download anything dodgy, they were asleep when it happened, all that was needed was a switched-on device connected to the internet.

I left my front door unlocked once when I went on holiday for 2 weeks, and not a single thing was stolen, is ok to do that all the time?

Heedtheadvice

[Deleted User] said:

movilogo said:

Majority of people's need is still perfectly served by Office 2007, which does not even require activation.

It's like a race to the bottom sometimes on these forums to see who has got the most outdated software.

How can you say the majority of people's needs are still perfectly served by Office 2007? Mine aren't and 800 people I know that work at my company definitely aren't.

Olinda99 said:

400ixl said:

So you are quite happy if someone exploits one of the hundreds of unpatched and known exploits to empty your bank account? Not even close to best describes using software that old if the device is ever connected to the internet.

Just use online Microsoft Office which is free, up to date and a lot more secure if cost is your primary driver.

Tell you what - I'll write a letter to me mum using Word 2007 and you empty my bank account....

I don't mind drivel on here - it's par for the course on fora but I draw the line at absolute total drivel.

That bit in bold really shows the general naivety about security exploits.

In one sample in Germany in 2019, 73% of the malware attacks were exploiting one particular Office 2007 vulnerability that allowed a hacker to run any code whatsoever on the target machine:

https://www.mimecast.com/blog/ms-office-2007-exploit/

In the top 10 most exploited vulnerabilities from 2016-2019 - yes you've guessed, Office 2007 is number 1 ...and numbers 2, 4, and 9.

https://fossbytes.com/top-10-most-exploited-vulnerabilities-past-3-years/

Think it doesn't happen to you? People of this forum have lost all their data due to hacking and they didn't click anything or download anything dodgy, they were asleep when it happened, all that was needed was a switched-on device connected to the internet.

I left my front door unlocked once when I went on holiday for 2 weeks, and not a single thing was stolen, is ok to do that all the time?

That is a really valuable post to highlight security flaws and risks to those who might think they are not at risk. It is mainly those who work online (very few do not at some time) or share files who will be most likely to have the highest probability of 'infection'.

You may be able to help further @Tallmansix

A few of questions:

What version of Office is recommended? I would assume the latest all the time!

Do these risks happen when online irrespective of Office running or not?

Is running logged on as a non administrator still a valid risk reduction method?

[Deleted User]

Heedtheadvice said:

Deleted_User said:

movilogo said:

Majority of people's need is still perfectly served by Office 2007, which does not even require activation.

It's like a race to the bottom sometimes on these forums to see who has got the most outdated software.

How can you say the majority of people's needs are still perfectly served by Office 2007? Mine aren't and 800 people I know that work at my company definitely aren't.

Olinda99 said:

400ixl said:

So you are quite happy if someone exploits one of the hundreds of unpatched and known exploits to empty your bank account? Not even close to best describes using software that old if the device is ever connected to the internet.

Just use online Microsoft Office which is free, up to date and a lot more secure if cost is your primary driver.

Tell you what - I'll write a letter to me mum using Word 2007 and you empty my bank account....

I don't mind drivel on here - it's par for the course on fora but I draw the line at absolute total drivel.

That bit in bold really shows the general naivety about security exploits.

In one sample in Germany in 2019, 73% of the malware attacks were exploiting one particular Office 2007 vulnerability that allowed a hacker to run any code whatsoever on the target machine:

https://www.mimecast.com/blog/ms-office-2007-exploit/

In the top 10 most exploited vulnerabilities from 2016-2019 - yes you've guessed, Office 2007 is number 1 ...and numbers 2, 4, and 9.

https://fossbytes.com/top-10-most-exploited-vulnerabilities-past-3-years/

Think it doesn't happen to you? People of this forum have lost all their data due to hacking and they didn't click anything or download anything dodgy, they were asleep when it happened, all that was needed was a switched-on device connected to the internet.

I left my front door unlocked once when I went on holiday for 2 weeks, and not a single thing was stolen, is ok to do that all the time?

That is a really valuable post to highlight security flaws and risks to those who might think they are not at risk. It is mainly those who work online (very few do not at some time) or share files who will be most likely to have the highest probability of 'infection'.

You may be able to help further @Tallmansix

A few of questions:

What version of Office is recommended? I would assume the latest all the time!

Do these risks happen when online irrespective of Office running or not?

Is running logged on as a non administrator still a valid risk reduction method?

What version of Office is recommended? I would assume the latest all the time!
Not always a need for the very latest, it is a money-saving forum after all. A supported version is essential and make sure you update it as and when patches are available - but even supported versions can be vulnerable see this link:

https://www.theregister.com/2022/05/30/follina_microsoft_office_vulnerability/

Office 2013 is supported until 11th April 2023 so if you are using that then you have 9 months left - not worth buying it though for 9 months of usage but carry on until then if you already have it.

Office 2016 and 2019 are supported until 14th Oct 2025 so you could get 3 years out of it - approx £20-30 for Office 2019

Office 2021 only gives another year until Oct 2026 - £35-70

Open Office / Libre Office - free to constantly upgrade to the latest and supported version - is really money-saving if you can cope without MS Office.

Do these risks happen when online irrespective of Office running or not?
As far as I know, the Office-specific vulnerabilities mainly involve opening an email or document in Office so if it is not running then I'm fairly sure there is minimal risk. But just because you haven't double-clicked the Excel icon today doesn't mean something else entices you to open a malicious Excel etc document - get an email from a well-known friend that has been spoofed/hacked and you can inadvertently open malware in an attached document.

But this particularly famous one from years ago only needed a visit to a website and it could exploit vulnerabilities in Office and other Windows components.

https://docs.microsoft.com/en-us/security-updates/SecurityBulletinSummaries/2012/ms12-apr

Is running logged on as a non-administrator still a valid risk reduction method?
Yes, it is and always will be.

The "principle of least privilege" (POLP) is a big thing in IT security. Running as a non-administrator does get part way to that position but there is a lot more that can be stripped away to reduce the risk even further.

Grey_Critic

It really depends what you want to do with it. Whilst I use Office 2010 many of the documents that I work with were created in Office 1997 and I have no problem with any of them - but then I keep my work separate.

I addition I keep my AV up to date and take care not to visit dodgy sites think before clicking on links. No I am not perfect just cautious which I keep telling people when they get in a fix and ask me to sort it out.

[Deleted User]

Grey_Critic said:

It really depends what you want to do with it. Whilst I use Office 2010 many of the documents that I work with were created in Office 1997 and I have no problem with any of them - but then I keep my work separate.

I addition I keep my AV up to date and take care not to visit dodgy sites think before clicking on links. No I am not perfect just cautious which I keep telling people when they get in a fix and ask me to sort it out.

The vast majority of phishing attempts are so poor and obvious it lulls us into a false sense of our abilities to spot them and ignore them, but just occasionally, maybe that 1 in a 1000 will trick us.

At my workplace we execute regular email phishing and malware tests, you would be surprised who gets caught out - embarrassingly I did last month for clicking the link to a free voucher for the ice cream van that was coming to the office later that day.

In one of the comments above somebody said they wouldn't get their bank hacked just for writing a letter to their mum in Word 2007 - but imagine they get an email from mum one day with a word document attached saying, look I've written my first ever letter in Word, can you check it for me before I print it out. The only problem is that mum has had her email account hacked and now @Olinda99 has just installed malware without realising that it is logging all their keystrokes.

So yes your advice is 100%, the best antimalware device is the human operating the keyboard and mouse, but we all get caught out sometimes and usually, the weakness is actually a friend or family member who has been hacked and spoofed which fools you into believing it.

So back on topic - using up-to-date software & operating systems is another layer of protection for that 1 in a 1000 mistake we humans can all make.

missile

DE_612183 said:

shiraz99 said:

Olinda99 said:

I use office 2007 and have done since buying it in 2007 !

Good for you, and I'm sure there's people still running Windows XP. If it works for you then great. Just because you can doesn't mean it's best to do so.

I have a desktop in my shed that has OS2 on it!

I am sure someone somewhere uses a Sinclair Spectrum :-)

Neil_Jones

missile said:

DE_612183 said:

shiraz99 said:

Olinda99 said:

I use office 2007 and have done since buying it in 2007 !

Good for you, and I'm sure there's people still running Windows XP. If it works for you then great. Just because you can doesn't mean it's best to do so.

I have a desktop in my shed that has OS2 on it!

I am sure someone somewhere uses a Sinclair Spectrum :-)

The whole "Y2k bug" thing was caused (it is said) by software and systems still being used in various places that dated from the 1960s as the memory capacities were limited and if you could save two bytes by storing a year as a two digit number (and then assuming it would always have a 19 in front it for a year purpose) then it was good.  Two bytes was a lot of memory in those days of systems only having maybe as little as 16k overall.  The practice was fine - if that software/system wasn't still being used 30 years later.  Even the computers on the Voyager spacecrafts only have 70k between the computer systems on each spacecraft, and that was as late as 1977.

As it turned out the the whole Y2K thing had been largely whipped up by the media which painted pictures of Armageddon happening, planes falling out of the sky and anything with a "clock" will stop working.  Except that in most devices that have a "clock" its just to regulate the speed as opposed to tell the time.  So it largely passed by without any of the panic.

adindas

CaptainWales said:

Hi 

I've seen this Microsfot Office on Wowcher Microsoft Office Home & Student 2019 Voucher - Wowcher which seems to be heavily discounted from normal RRP. Does this seem too good to be true? 

I am not quite sure about this but isn't that the student get for free using their university account ?? So as long as they still register as a student and has university account they get the software like this for free for educational purposes.

k_man

[Deleted User] said:

movilogo said:

Majority of people's need is still perfectly served by Office 2007, which does not even require activation.

It's like a race to the bottom sometimes on these forums to see who has got the most outdated software.

How can you say the majority of people's needs are still perfectly served by Office 2007? Mine aren't and 800 people I know that work at my company definitely aren't.

Olinda99 said:

400ixl said:

So you are quite happy if someone exploits one of the hundreds of unpatched and known exploits to empty your bank account? Not even close to best describes using software that old if the device is ever connected to the internet.

Just use online Microsoft Office which is free, up to date and a lot more secure if cost is your primary driver.

Tell you what - I'll write a letter to me mum using Word 2007 and you empty my bank account....

I don't mind drivel on here - it's par for the course on fora but I draw the line at absolute total drivel.

That bit in bold really shows the general naivety about security exploits.

In one sample in Germany in 2019, 73% of the malware attacks were exploiting one particular Office 2007 vulnerability that allowed a hacker to run any code whatsoever on the target machine:

https://www.mimecast.com/blog/ms-office-2007-exploit/

In the top 10 most exploited vulnerabilities from 2016-2019 - yes you've guessed, Office 2007 is number 1 ...and numbers 2, 4, and 9.

https://fossbytes.com/top-10-most-exploited-vulnerabilities-past-3-years/

Think it doesn't happen to you? People of this forum have lost all their data due to hacking and they didn't click anything or download anything dodgy, they were asleep when it happened, all that was needed was a switched-on device connected to the internet.

I left my front door unlocked once when I went on holiday for 2 weeks, and not a single thing was stolen, is ok to do that all the time?

@[Deleted User], can you clarify the bit in bold and how it relates to out of date Office etc?
Wouldn't something need to be clicked/opened to enable the hacking?