Microsoft Explores Security Tweaks in Office 2010

Office 2010 will provide more than just cool new features, like Web-based versions of the suite’s main applications.

It will also improve security for both users and administrators, the company said.

A new security technology that Microsoft (NASDAQ: MSFT) is building into the next release of Microsoft Office aims to make it possible to safely view potentially dangerous files that are saved in older Office binary file formats.

Called “Protected View,” the technology opens questionable files in a so-called “sandbox,” displaying the files’ contents in a safe, read-only mode — but allowing users to edit files once they ensure no attack code is embedded in them.

The move is a recognition on Microsoft’s part that there are billions of customer files stored in the older formats, and that’s not going to change soon. But with enabling users to continue accessing earlier formats, there’s also the chance that users could try to open infected documents as well.

It’s also the latest step forward for Office 2010, which is slated for public beta testing this fall, and final delivery during the first half of next year, according to Microsoft officials.

Last month, Microsoft began a large-scale, invitation-only technical preview of Office 2010, a preview that will go out to tens of thousands of early testers.

Locking down Office

Vikas Malhotra, Microsoft’s security program manager for Office Trustworthy Computing, last week said in a Microsoft Office 2010 Engineering blog post that Protected View is designed to deal with attachments opened in Outlook 2010.

It’s also designed to handle files opened from unsafe locations such as the user’s Temporary Internet Files folder or from the Internet, Malhotra said.

Additionally, the feature will quarantine files identified by File Block Policy, a capability added in Office 2007 that enables administrators to define file types that should not be opened.

“If there was malicious code present in the file the goal is that code would not be able to find a way to tamper with your documents; change your profile or other user settings,” Malhotra said.

Alongside Protected View, Office 2010 will include an Office File Validation feature that scans Office files and validates them to be sure they conform to standard file schemas. If not, they are opened under Protected View.

Users will also be able to open files in Protected View from the file open menu.

“Hopefully now, when you think you received a ‘scary’ Word, Excel or PowerPoint file, you will be able to open it in Protected View and read it without having to worry that something bad could happen to your computer,” Malhotra said.

News Around the Web