A security analyst has welcomed Microsoft's plan to "sandbox" documents in the next version of Office, saying it looks like a "very good step forward."
Last week, Microsoft revealed more details about a new security feature in Office 2010, dubbed "Protected View," that is designed to shut down the popular hacker tactic of feeding users rigged Word, Excel and PowerPoint files.
"It is a good move," said John Pescatore, Gartner's primary security analyst. "It gets away from the 'training' people have that makes them ignore pop-up warnings."
Protected View isolates Word, Excel and PowerPoint files in a read-only environment that prevents malware - which has piggybacked on Office documents for years - from harming the PC or hijacking the system.
"The file is being opened within a sandboxed instance of the application - Word, Excel, PowerPoint - and if there was malicious code present in the file, the goal is that code would not be able to find a way to tamper with your documents, change your profile or other user settings," said Vikas Malhotra, a Microsoft security program manager, in a entry to a company blog last week.
"If nothing else, we'll stay just as secure as before, but [Protected View] should cut down on the messages to the users," said Pescatore, talking about the kind of alerts current versions of Office display when users are about to open an untrusted document.
Within Outlook, for example, users who open an attachment now face a dialog box that asks, "Would you like to open the file or save it to your computer?"
"It is extremely hard to answer this question without seeing the contents of the file first," acknowledged Malhotra. "In Office 2010, we have removed this dialog and instead we now just open the file directly in Protected View ....This allows you to look over the contents and make an informed decision if you really trust the file or not."
"This is all driven by hackers using fuzzing tools," said Pescatore, talking about the dark art of hammering on file formats to probe for vulnerabilities. Microsoft has repeatedly had to patch file format flaws in Office applications, most recently in July when it fixed a bug in Publisher 2007 and in June, when it patched seven vulnerabilities in Excel and two more in Word.
Noting that it's impossible for anyone, including Microsoft, to root out every instance of an input error - the company uses home-grown fuzzing tools on its own products during development - Pescatore said that the only solution is to give people a way to protect themselves after the fact.
In his blog entry, Malhotra spelled out more details about Protected View, including when it's triggered and how enterprise IT staffs can manage those options.
Office 2010 opens a Word, Excel or PowerPoint document in Protected Mode when the file's downloaded from the Internet or an Outlook message's file attachment is opened. In some situations, Protected View will also swing into action when a file is grabbed from the company's internal network.
"This strikes me as a pretty good balance between security and usability," said Pescatore.