Microsoft Announces Industry Support For New Security Features in Office 2000

REDMOND, Wash., April 2, 1999 — Microsoft Corp. today announced that leading anti-virus software vendors Network Associates Inc. and Trend Micro Inc. plan to take advantage of the new anti-virus capabilities in Microsoft® Office 2000 to offer integrated virus-scanning solutions for Office 2000-based documents. Recent incidents such as the “Melissa” virus demonstrate that providing effective security protection is a critical issue for the software industry and requires customer education on safe computing practices, new security features in products, and collaboration among software vendors. Microsoft is taking a leading role in addressing this industry issue by introducing the new anti-virus capabilities and support for digital signing of macros in Office 2000. Microsoft today also unveiled a new Office Update Security Web site ( http://officeupdate.microsoft.com/info/security/ ) with information and recommendations for customers about ways to safely publish and share Office documents.

“The new anti-virus capabilities in Office 2000 allow us to better integrate virus-scanning solutions into Office documents so that users are protected when sharing those documents with others,” said Dan Schraeder, director of product marketing at Trend Micro. “Because the ever-evolving nature of viruses requires rapid improvements in anti-virus software, the ability to integrate new anti-virus solutions with Microsoft Office 2000 is critical to protecting users from new viruses.”

“Viruses are becoming increasingly complex, and it’s more important than ever for anti-virus vendors such as Network Associates to work closely with mainstream software companies like Microsoft to protect our customers,” said Sal Viveros, group marketing manager for Total Virus Defense at Network Associates. “That’s why we’ve made our Total Virus Defense solution seamlessly integrated with Office 2000 to make complete virus protection as easy as opening a document.”

A central element in Microsoft’s strategy for protecting Office users from malicious hackers is to support industry security education efforts and to work with software security organizations in responding when new viruses emerge. Microsoft seeks to broadly inform and protect customers when new viruses appear by working closely with software security organizations such as the Computer Emergency Response Team (CERT) Coordination Center. Furthermore, in an effort to bolster user education about viruses, Microsoft has sponsored the International Computer Security Association (ICSA) Virus Prevalence Survey, a yearlong study that assesses the impact of viruses on software users and recommends best practices for addressing these issues. The results of this survey will be unveiled April 14 at the International Virus Prevention Conference in Chicago, Ill.

“Microsoft has played an important role in supporting the work of the anti-virus software community,” said Peter Tippett, president and CEO of ICSA. “By working with anti-virus software vendors to respond to virus incidents and contribute to educational efforts, Microsoft is helping to effectively increase the security protection of software users.”

New Office 2000 Macro Security Features

The macro capabilities within Office enable users and developers to add functionality, including task automation and solutions development, to the applications. Over 2.3 million professional solutions have been developed using Office. For example, macros allow users to create a customized expense reporting form based on Microsoft Excel. It is possible for malicious hackers to take advantage of this useful capability to create harmful viruses within macros. Office 2000 introduces a number of new features that improve macro security:

  • Office 2000 anti-virus capabilities. This new anti-virus application programming interface (API) allows third-party developers to integrate their virus-scanning software so that documents are checked before they are opened. This means that users can supplement Office 2000’s general macro warning tools with anti-virus software available from third-party ISVs.

  • Digitally signed macros. Users who write macros will now have a means of digitally signing their macros, certifying that the code is from a trusted source. End-users and IT administrators can configure Office 2000 so only macros that are digitally signed by trusted sources will be run.

  • Higher default security setting in Word 2000. Microsoft has also improved the macro security protection in Word 2000 by changing the default setting to “High” so macros will automatically be disabled if they are not digitally signed by a trusted source. Other Office applications such as Excel, the Microsoft PowerPoint® presentation graphics program and the Microsoft Outlook® messaging and collaboration client will warn users of the presence of macros when opening documents and give them the option to enable or disable the macros.

Customer Education on Security in Microsoft Office

Office users can go to the new Microsoft Office Update Security Web site, http://officeupdate.microsoft.com/info/security/ , to find information they need to protect themselves against malicious hackers. This Web site suggests ways, such as paying attention to default macro warnings and using technologies such as digital signatures and certifications, that Office users can take advantage of security features in Office to protect themselves. The Web site also provides educational information about macro viruses.

For more information on anti-virus software, users can visit http://www.icsa.net/ or http://www.cert.org .

About Microsoft

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software for personal computers. The company offers a wide range of products and services for business and personal use, each designed with the mission of making it easier and more enjoyable for people to take advantage of the full power of personal computing every day.

About Network Associates

With headquarters in Santa Clara, Calif., Network Associates Inc. is a leading supplier of enterprise network security and management software. Network Associates’ McAfee Total Virus Defense (TVD) suite protects the network at all possible entry points. Network Associates’ Net Tools Secure and Net Tools Manager suites offer best-of-breed, suite-based network security and management solutions. Net Tools Secure and Net Tools Manager suites combine to create Net Tools, which centralizes these point solutions in an easy-to-use, integrated systems management environment. For more information, Network Associates can be reached at (408) 988-3832 or on the Internet at http://www.nai.com/ .

About Trend Micro

Trend Micro Inc. provides centrally controlled server-based virus and malicious code protection. By protecting information that flows through file servers, e-mail servers and Internet gateways, Trend Micro helps major companies worldwide stop viruses and other malicious code from a central point before they reach the desktop. Trend Micro is publicly held in Japan, with North American headquarters in Cupertino, Calif., and offices worldwide. Trend Micro is on the World Wide Web at http://www.antivirus.com/ .

About ICSA

ICSA Inc., a GartnerGroup affiliate, is the world’s source of objective, independent, Internet security assurance services. Through ICSA’s TruSecure suite of services, businesses are managing their information security risks and expanding their use of Internet technology. For the past 10 years, ICSA has collected data on security tools, best practices and the industry at-large to become the central authority on information security. ICSA has used its leadership and expertise to support the growth of Internet business and commerce worldwide. Information Security magazine is the official publication of ICSA and is dedicated to the needs of all security-conscious professionals. ICSA is headquartered in Reston, Va., and has offices in North and South America, Europe and Asia. Contact ICSA at (888) 396-8348.

About the CERT Coordination Center

The CERT Coordination Center is part of the Survivable Systems Initiative at the Software Engineering Institute, a federally funded research and development center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University.

Microsoft, PowerPoint and Outlook are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries.

Network Associates and Virus Scan are registered trademarks of Network Associates Inc. and its affiliates in the United States and other countries.

CERT is registered in the U.S. Patent and Trademarks Office.

Other product and company names herein may be trademarks of their respective owners.

Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass/ on Microsoft’s corporate information pages.