‘Don’t you dare touch that .DOC’ . . . Part II

The overwhelming majority sided with Snyder. Among the dissenters, only a couple went so far as to endorse stripping .DOC attachments – one called Snyder the moron – while most expressed a more nuanced disdain for Word, and, in general, Microsoft security.

Three weeks ago we opened a can of worms here in recounting a dust-up between security expert Joel Snyder, a regular Network World contributor, and the IT department at another unnamed publication. Snyder was miffed about being ordered to file stories to that other magazine in .RTF rather than .DOC because that magazine’s network folks “have gotten religious about stripping .DOC attachments” for fear of macro viruses.

Snyder wrote to one of that publication’s editors: “Your IT people are morons. . . . If they cannot deal with this problem, they need to be fired and replaced by people who understand that a magazine is a place where people send and receive Microsoft Word documents.”

We asked readers to weigh in, and about 70 of you did. The overwhelming majority sided with Snyder. Among the dissenters, only a couple went so far as to endorse stripping .DOC attachments – one called Snyder the moron – while most expressed a more nuanced disdain for Word, and, in general, Microsoft security.

“What exactly would be lost if the journalist sent his masterpiece in .TXT format?” asks one dissenter. “A vice president of finance should be allowed to distribute viral code – they are stupid and sneaky – not journalists.”

(That might be the most backhanded compliment any journalist ever received.)

“How about respecting the valid concerns of a justifiably paranoid IT department and embedding the .DOC in a .ZIP file?” asks Dennis Perkins. “Maybe Word .DOCs can’t carry as heavy a payload as other methods of infection, but so what? An infection is just that, and if you’re in danger of infection, protect yourself.”

Snyder’s supporters held nothing back.

“I normally look to your column for a laugh, but this time my blood started to boil and my husband is still cleaning up the mess from where I went through the roof,” writes Chey Cobb. “I’ve published books and written magazine columns so I know how backward some publishers can be, but blocking .DOC files was the stupidest thing I’ve read in a long time! Those admins should be canned.”

“Thank you so much for not editing [Snyder’s] ‘moron’ comment,” adds Julie Johnson. “Too many times IT staffs issue edicts without fully understanding the impact they can have on end users actually being able to do their jobs. IT staffs forget they are there to support end users – NOT control them.”

No one suggested that macros in attachments are an imaginary threat. Tactics are at issue here.

“If I were to make a bone-headed rule like that I’d be joining the ranks of the technology unemployed,” writes Coyt Watters. “Have these people never heard of running and maintaining antivirus software?”

“Today, we have automatic updates and the ability to push patches through the network,” adds Mike Flemmer. “Also, most modern antivirus programs have the ability to pass attachments from ‘trusted’ sources. There is no reason that an IT department can’t make a coherent antivirus policy that enables business to do business.”

Respondents also questioned the effectiveness of stripping .DOCs.

“Rename a .DOC with an AutoExec macro to an .RTF and it still runs when you open it,” writes James Myler. “Let’s hope the hackers don’t figure that one out.”

Others saw the issue in broader terms.

“The real problem here is not whether to allow .DOCs into your e-mail system, but that modern IT has become so big and complicated that no one can possibly fathom it in all its depth and complexities,” writes Scott Wozny. “So instead of people being willing to talk about what they do and don’t know, they’ll issue edicts to prevent themselves from looking less than perfect and being made fun of at next week’s D&D gaming session.”

Got more to say? The address is buzz@nww.com.