Contrary to claims by the US Department of Defense that Office Open XML might lead to increased security concerns, vendor lock-in and backwards compatibility issues, Microsoft claims that OOXML resolves exactly these issues.
The Department of Defense, which is a member of the International Committee for Information Technology Standards (INCITS), in August voted against OOXML becoming a standard document format.
Firstly, it said that allowing binary information in the standard might lead to security concerns. Secondly, the referencing of "unexplained backward compatibility modes" might pose a problem for third party implementers. And finally, it saw the use of proprietary file formats within the open standard as a potential cause for intellectual property ownership concerns.
However, in a video interview this week, Redmond-based group project manager of Microsoft Office, Gray Knowlton, told ZDNet Australia that OOXML would provide higher levels of security.
"One of the benefits we have with the Office Open XML formats is that we know when we read and write and document because we have an XML based representation of what's in that content -- we know what should and should not be there," he said.
Knowlton said another weapon against attackers is Microsoft's Office Isolated Conversion Environment, which "forces a binary document format to be converted to Open XML when it's opened, so that before it gets to a user's machine it will be an XML-based format that we can read and parse and understand."
OOXML, which was approved as a standard by Ecma International in December 2006, is an XML specification for documents such as spreadsheets, presentation and word-processing documents and is designed to replace previous binary file formats.
According to Joe Sweeney, a consultant with IBRS research, although XML can be described this way there are concerns regarding its security.
XML or Extensible Markup Language is a way of categorising information in an open way and can be used to identify a piece of data, explained Sweeney. The benefit from a developer's perspective, he said, is it allows the creation of a data structure that can be used in multiple applications and multiple systems.
However, Sweeney believes the DoD is concerned about the potential risks that could arise when binary files are embedded within an XML file.
"Although XML is currently a 'text-only' format, there is no reason why you can not encode binary data as a stream of text. This is exactly how many XML-enabled applications treat image data (jpg, png, etc).
"The issue is, what safeguards will you put in place to ensure that incoming binary data is not passed to an existing application for execution," asked Sweeney.
To run an executable file encoded within XML would require a client-side program that would open the XML file, locate the appropriate binary data and then run it.
"It is absolutely possible to build a application to do that," said Sweeney.
According to Sweeney, anytime you have a theoretical breach, someone will show how it can be made real, meaning that the problem is not XML per se but rather the coding that sits on the client side.
The greatest fear by some opponents of OOXML is that Microsoft could one day clamp down on users and demand payment for access to their information.
Michael Warrilow, a consultant with Hydrasight Research, told ZDNet Australia, that even if Microsoft's intentions with OOXML are "pure", the issues raised by the DoD in its rejection of it are very well grounded.
"Microsoft generally has a poor track record in conforming to 'open' standards, although they are slowly coming around in recent years," he said.
There are numerous examples where Microsoft has derailed previous standards efforts, such as its support of the WS-Management SOAP protocol rather than Web services standard, WSDM, he said.
"Historically, Microsoft has been far more comfortable when it is able to control the market via its own initiatives being positioned as the 'de facto' standard," he said.
While Microsoft has achieved this status amongst consumers and small business users, who "just want the thing to work", he said Microsoft is trying hard to gain acceptance by government and large corporations.
Yeah, right.
I've heard lots of screams from Windows users who have tried to make Vista 'just work;.
It's so bad in fact that, that I'm telling my colleagues and friends that if they buy a new PC and want to ensure that their Windows apps continue to 'just work', then they deploy Linux on that PC and install VMWare Server on it. They then use the VMWare Converter to take a snapshot of their old PC and then run it (at perfectly acceptable) speed within the VMWare instance on their new Linux PC.
The benefits of this?
1) No new Windows Vista licence
2) No new Windows Vista headaches
3) All your apps will work on your new PC as they did on your old
4) No need to re-install all those apps
5) Use Linux for most of your Internet-facing needs - it's simply a safer deal.
6) Whenever you want any of your old Windows apps, they're all there, and functioning.
7) If you want, you can make easy snapshot copies of your Windows VMWare image and replicate it to your laptop etc.
And did I mention that all of the software listed above (Linux, VMWare Server, VMWare Converter) are all zero cost?