|Office 2010 is designed to prevent malicious software||
May 9th, 2011 3:33:28 am - Subscribe
|Microsoft has described security feature in Office 2010 is designed to prevent malicious software associated with the Office binary file formats.
The feature, called "validation of Office files," check if a binary file used by Office applications like Word, PowerPoint and Excel (with. Department of Commerce. PPT and extensions. XLS) is a document worthy of trust, or stored in a trusted location. Otherwise, the file will be protected in a sandbox, or "Protected View", which limit the access of file system resources, according to David B. Heise, a team member of Microsoft Office security, in a note Wednesday.
The validation function has been introduced in Microsoft Publisher 2007 to verify the files. PUB, Heise said. It will take more time to open the Office binary files due to the validation process 2010, but the delay is barely noticeable. Heise said in the blog that "most of the files to validate the range of 1 to 100 milliseconds."
The role of validating new Office files extends the concept of a security tool from Microsoft earlier called "MOICE, or Microsoft Office Isolated Conversion Environment, according to Wolfgang Kandeke, CTO of Qualys.
"Office documents received via email or via the Internet, opens in a protected environment," sandbox "and if the document is trying to change the operating system, has prevented the sandbox," said Kandek e-mail. "If you want to edit and save the document must be printed" allows editing "to download the document in a sandbox."
Professionals may feel nervous about allowing users to edit documents in the sandbox, you can activate MS Office 2010 through "behind the scenes of view." Heise explained that Microsoft provides the Group Policy settings in Office 2010 to disable this option.
In general, attacks take advantage of the binary client-side security is an issue more and more these days, according to Tyler Reguly, security engineer for nCircle senior.
"The entire genre of client-side attacks are coming to the fore, especially when it comes to Office," Reguly said. "So for those of older documents, such as Office 97 and Office 2003 format - before the arrival of the new format of Office 2007 - are actually one of the main priorities right now."
Office 2010, which was published last month in beta that builds on Microsoft Open XML file which later appeared in Office 2007. In general, there was a decrease in security holes in the Open XML document formats, according Reguly.
Despite the new security in MS Office 2010, users still need to run anti-malware, gateway and desktop, according Reguly.