[ February 2008 ]

• interchangeability and compatibility with other vendors' applications
• patent and copyright encumbered
• bugs and problems are hidden from public view ie. we rely on the vendor to identify and fix these
• archival value of the format; does the format remain consistent across different versions of the application and will it be readable in 10 or 100 years time

• the specification as put forward to ISO to be regarded as a standard is not the same as the format used in MS Office 2007
  
• will the format remain the same in future Office editions as the current one - we don't know as Microsoft has failed to give any indication of its roadmap concerning document formats
• as part of the continual process for inclusion in the ISO standards portfolio, Microsoft is proposing large amounts of changes to its original submission - when do we get to see the final version, when ( can ) will MS Office support this standard and will it even be available for 3rd party use
• The MS Office implemented version of OOXML can contain scripts, macros and DRM that are not documented in the standard; what other features will be included in MS Office in future that will also break compatibility with the standard
• The Microsoft Open Specification Promise does not cover technologies not included in the standard; why doesn't Microsoft give a list so other vendors can steer around these
• Why were the normally open public comments for Microsoft's ECMA certification suppressed
• If Microsoft Office “Open” XML is truly “open,” why is it that the OOXML specification is tied so heavily to only one vendor’s products, as opposed to 40 applications currently capable of supporting the ODF specification
• Microsoft continually indicates that it is not possible to provide for competition in the office application area while supporting an open format, yet Sun, IBM and others have been doing this for a number of years
• Microsoft has indicated that it can't provide feature difference and variation when supporting an open format yet Sun has done exactly that by creating its ODF plugin filter for Microsoft's own office suite
  

• Excel 2007 can produce a fully binary file format that has the same extension as OOXML for spreadsheets, so the application knows what is inside, but the user will never be privy to that information
• try setting a password on an OOXML spreadsheet file from Office 2007. The document is no longer in OOXML format and the user is given no indication that they are no longer in a documented file format. Is OOXML ready to be an International Standard?
• From the overall document contents, it is acutely clear that no effort has been made in OOXML to start from the existing ISO standard for the representation of documents in XML. (The current standard is ODF 1.0, formally known as ISO/IEC 26300:2006). OOXML is unneeded and only harmful. Why did MS embark on this deliberate departure from an internationally recognized standard
• If you read through the draft submitted to ECMA and ISO you will see MS has only disclosed a disabled subset of the mark-up and functionality of its new file formats. Lots of elements designed into OOXML are left undefined in the specification and require behaviours upon document files that only Microsoft Office applications can provide
• Also, when MS released the feature RTF format for interoperability initially in OOXML, it supported both read and write capabilities in Office. But they changed that so Office 2007 can receive OOXML files but will only “Write” now to a different file format
• The name “Office Open XML” is often mistakenly called “Open Office XML” implying a non-existent connection to the OpenOffice.org project. This naming confusion has been documented and has occurred numerous times, including by analysts and even in Microsoft press releases and blogs. Since “OpenOffice.org ” is the pre-existing name, by 6 years, Ecma should choose a new name, less apt to continue this confusion. Will Microsoft make this change as a condition of gaining ISO status for OOXML?
• The Open Specification Promise that covers OOXML explicitly covers only the “Ecma 376″ version of the standard. However, thousands of changes are being made to OOXML as part of the JTC1 comment resolution process. Are these changes covered as well?
• While Microsoft originally made assurances that the ISO would take control of the standard if it were approved, Microsoft has now reversed that position and will keep near-full control over OOXML within ECMA [PDF], an industry group that exists to advocate its members interests
• MS claims that MS Office can support arbitrary user-supplied XML schemas. If that is really true, then the established ISO standard ODF’s schema could be loaded into Office 2007 and future versions natively, with an ODF option as default and the cloaking of OOXML as a standard dropped? Why not?

• passwords - absolutely make use of them and use a strong value, don't use the same thing for everything and don't share them with anyone
  
• physical locks - computers are not only accessible in network form but also physically, once someone has a device with data on it, they have more time to get at the data
• inactivity monitors - make sure you use screen savers that lock the workstation once a user has been away for a particular amount of time
• email attachments - do not open unknown or unexpected e-mall attachments
• anti-virus - make sure your definitions are kept up-to-date, don't count on the automated update systems
• information - limit the amount of information you post/submit on-line about yourself
• not sure - if you're unsure about a message that might involve security, consult a technical IT person
• wireless - avoid ad-hoc wireless networks, and if you have your own access point, make sure it is using encryption such as WPA
• social networking, IRC and p2p systems - email is not the only avenue for getting viruses, make sure you remain wary not matter what internet application you are using
• phishing - banks and stores that operate credit or financial facilities will NEVER request personal details from you via email; do not engage in financial transactions via phone or internet - always call the bank or institution back using a valid telephone number
  

Trend Micro has unfortunately turned to its patent arsenal in recent years to prop up its flagging fortunes rather than concentrate on making a good product. Not satisfied with taking Symantec, Mcafee and Fortinet to task, they've now set their sites on Barracuda, a supplier of gateway products which include gateway anti-virus scanning, which is the issue at hand. Up until now, most others targeted have caved in and paid ( although Fortinet did fight it a bit ) but Barracuda has done otherwise and has decided to go all the way on this one.

Barracuda has been inundated with positive support, in part due to their inclusion of the world renowned open source ClamAV, which boasts around 1 million gateway deployments along with 100 million-plus pc installations. It appears that there is a large amount of prior art indicating that the patent that Trend is wielding, is in fact worthless. And the open source community has supplied a lot of this information. Were Barracuda to lose, ClamAV could be next ( even though Trend say no but how do you trust a patent troll ).

In the end, this comes down to the atrocious state of the patent system in the US where in the past, patents were issued ( on software as well no less ) without checking its validity. There is some reform on the way but that could be a bit too late for some companies. The threat of patents ( including Microsoft's recent FUD wrt Linux ) is a poor way of doing business and should be removed frrom the software landscape completely. Trend's actions have been noticed by its customers and some have already indicated their unwillingness to carry on doing business with a litigious partner. Other patent-abusing companies would do well to take note.

If you are interested, join the 'Boycott Trend Micro' page here .