Overview: Security Standards For ‘Microsoft Office 2010′
Comments (0) 
Microsoft Office Application suite has unfortunately been one of the most likely targets for hackers and malware creaters. Their goal is try and find a loophole or an exploitable bug within Microsoft Office, which can be compromised to get the malicious code running on end user computers.
Generally, the malware attack associated with Office applications comprises of a malicious file pretending to be a authentic Microsoft Office document (Word, Excel, Powerpoint..), not only to the end user but also to the office application. Hackers usually dig into file-format parsing and methods that Office applications employ to read any office document.
This time, with the release of Microsoft Office 2010, hacks and malware threats have been addressed on priority by Microsoft and a resilient security workflow has been architectured, to keep the end users more secure against any plausible threats.
The MS Office security team has worked out different security layers which are as follows:
- Enhanced File Blocking
- Binary file-validation system
- Introducing ‘Protected View’ in Sandbox
Enhanced File Blocking: This feature basically looks at the document file type and checks if it has been blocked by Office application or not. Earlier, we couldn’t configure this security check within the application but with Microsoft Office 2010, it is possible. Other technical aspects related to File blocking have also been improvised.
Binary file-validation system: This new validation system is there to validate the older Office file formats and check if it conforms to the documented Office formats or not.
‘Protected View’ : If you realise that some office document of yours has either been blocked or declared invalid by the Office application, but you still want to see what’s there in the file, or you’re well assured that the file is not malicious then you can view that file in a protected mode, a read-only view of the document within a sandbox. This way, you need not be bothered about your viewing of malicious file, causing any damage to your local system or data. As malicious file is opened in a sandbox, it has no chance of getting out of it and effect your system.
As Brad Albrecht, Senior Security PM at Microsoft quotes…
Any file that reaches your machine will get inspected for the file format being blocked, tested for validity, and maybe shown in a read-only protected state. All this happens in real time, with an indistinguishable performance impact on your load time
Another goal of the Office security team was to keep all security measures remain unnoticable to the end users and not effect the performance and speed of the Office 2010 applications. This goal seems to be accomplished as well.
Twitter