Corel refutes Microsoft's file format 'insecurity' claims
Are Corel's file formats 'less secure' than those in Microsoft Office 2003 and 2007, as Microsoft told customers in a highly controversial support bulletin? Definitely not, according to Corel officials.
Corel officials today hotly refuted claims by Microsoft that older file formats for CorelDRAW and its Quattro spreadsheet software ever posed security risks when opened within Microsoft Office. But they stopped short of contending that Microsoft is intentionally vilifying either CorelDRAW, an illustration package which Corel sees as complementary to Office, or Quattro, a spreadsheet that's the counterpart of Excel in Corel's WordPerfect Office X3.
Microsoft publicly raised issues about security implications surrounding older file formats from Corel as well as IBM's Lotus arm and Microsoft's own Office suite in a technical support bulletin that first went online in December.
In that article, Microsoft tells customers that, by default, the Service Pack 3 update to Office 2003, released by Microsoft in September, blocks older file formats from CorelDRAW and Quattro, Lotus Notes, and Microsoft's own Excel, Word, and PowerPoint packages, since these formats are "less secure" than the formats in Office 2003 and 2007.
"They may pose a risk to you," Microsoft cautioned users.
The Microsoft KnowledgeBase article also provided some cumbersome and potentially dangerous workarounds -- involving changes to registry settings -- for making it possible to open older CorelDRAW, WordPerfect Office, and Microsoft Office files in Office 2003 once SP3 has been installed.
But in an interview today, Gerard Metrallier, Corel's director of product management for graphics, denied that Draw's file formats present any security problems whatsoever, instead suggesting that any issues that might conceivably crop up are probably related to import filters in the older editions of Microsoft Office products.
"We've been looking at all of this up and down," Metrallier told BetaNews. Corel, he said, has never received any security complaints from CorelDRAW customers.
Further, in thoroughly perusing online security databases such as US-CERT and FrSIRT, Corel has come across "no known issues" for CorelDRAW.
But, he added, Corel is in "active discussions" with Microsoft to try to resolve what he perceives as "miscommunications."
"We've been making sure that there are no [security] concerns, and Microsoft is in the process of revising its KnowledgeBase article," according to Metrallier.
Greg Wood, Corel's communications manager for office productivity, told BetaNews he is convinced that Corel's Quattro spreadsheet has never presented any "significant" security risks.
But, he noted, even before Microsoft's support bulletin came to light, Corel had already become concerned that Microsoft's Office 2007 files can't be opened in current editions of either Quattro, WordPerfect, or Corel's Present presentation package.
Consequently, Corel is now in beta with a solution for opening Office 2007 files within WordPerfect Office.
For some reason, Microsoft's bulletin spared Corel's competing WordPerfect word processor and Present presentation graphics packages from any suggestions of file format "insecurity."
Microsoft also failed to offer any registry workarounds for either Notes or Quattro, even though file formats for these particular products were indeed imputed as "less secure" than those of Office 2003 and 2007.
Metrallier told BetaNews today, however, that neither the SP3 update nor use of the workarounds in Microsoft's bulletin have any effect on CorelDRAW files, maintaining that they'll open up in Office 2003 whether or not the SP3 update is installed or Microsoft's CorelDRAW workaround is put into effect.
In any case, he emphasized, most CorelDRAW users who also use Microsoft Office export their CorelDRAW files to Office, as opposed to importing CorelDRAW files from Office -- so that Microsoft's own filters have rarely even come into play with CorelDRAW's.