REDMOND, Wash., Jan. 31, 2002 — Security has long been a priority with Microsoft Office XP. Released in May 2001, Office XP includes security enhancements that are designed to help stop digital threats at the desktop. These enhancements include digital signatures of documents, expanded constraints on running unsigned macro code to ensure that macros are from a trusted source, access controls, strengthened privacy and confidentiality, improved data recovery capabilities and Outlook security enhancements. Office XP Service Pack 1, released in November, includes additional safeguards, including strengthened protection against malicious macros in Microsoft Word, Excel and PowerPoint. All of these enhancements expand on and complement the Outlook E-mail Security Update, released in May 2000 for users of Office 2000 and Outlook 98.
In a conversation with PressPass, Jeanne Sheldon, director of Microsoft Office Sustaining Engineering Services, called it an “absolutely essential priority” for the Office team to take a leadership role in security. She also outlined how Office XP reduces the risk of a worker’s desktop computer being the entry point for a security problem, as well as how it makes it easier for network administrators to manage varying security needs in an organization.
PressPass: What are the security enhancements introduced in Office XP, and what are some of their benefits?
Sheldon: Very simply, our aim with the Office XP security enhancements is to give desktop users added protection from the growing problem of threats. E-mail-borne viruses have increased significantly over the last couple of years, including the more destructive examples you hear about in the news, such as NIMDA, Goner, Melissa, and so on. Without safeguards, these viruses travel faster than the rate at which anti-virus companies can update signatures to block them.
Before detailing what’s new in Office XP, I would first point out that many security enhancements introduced as defaults in the new product were actually baked into the Outlook E-mail Security Update, which was introduced as a free download for Office 2000 and Outlook 98 in May 2000. The Outlook E-mail Security Update guards against most viruses that are spread via e-mail attachments, as well as worm viruses that can replicate by using the Outlook Address Book.
The settings in the Outlook E-mail Security Update and Office XP separate attachments into two levels of security. At Level 1 security, the attachment is potentially very dangerous. Access to Level 1 files, an example being the executable file type (“.exe”), is blocked and can’t be changed. These attachments are not even opened, and the user never sees them. This addresses the huge problem of e-mail borne viruses and improves security dramatically.
Level 2 attachments require caution. Office documents are deemed Level 2, because they may have macros with malicious code in them. Office XP provides additional safeguards against bad attachments. With Level 2 documents, the user needs to save them to a disk. This allows anti-virus software to catch the malicious code.
In order not to always place the burden on the user, administrators who are using Microsoft Exchange Server can add and remove file types for both levels of e-mail security. In Office XP, there is an enriched ability for network administrators to manage the security of individual Outlook programs across a company or on the individual desktop. For example, some departments may require different safeguards than others. So at installation, IT administrators can go to the onscreen security pane to individually fine tune the security settings to meet the needs of each department. After installation, new tools allow administrators to tweak the security settings more easily than in the past.
PressPass: E-mail is not the only source of malicious code. Can’t an attachment or shared file in Word or Excel or other application also present problems?
Sheldon: Yes. In Office XP, the High security setting is the default setting for all applications, including Word and Excel. As a result, Office XP doesn’t allow any macros to run unless they’ve been digitally signed, meaning it contains a bit of code that verifies who the file’s creator is. This gives you substantial security without having to make a decision that’s really impossible for the average user to make. Just because users know and trust the sender doesn’t mean they can safely open a file, particularly if the sender is forwarding a file that originated elsewhere — the sender may not know what macros are embedded in it. The user may not have all the information they need to make an informed choice, but this helps save them from making such an uninformed decision.
By the same token, with Office XP, you can also digitally sign Office documents. This allows people to know it’s truly you sending this document. In addition, if you write a macro for yourself, it’s possible to digitally sign it with what we call Self-Cert. This is another way to maintain a high security level for the Visual Basic for Applications (VBA) computer language used to create Office macros.
We also added advanced document encryption options to Office XP. These options are in addition to encryption already built into Excel and PowerPoint, and allow users to choose whatever scheme is available in a particular operating system. In other words, you can use the best encryption available for your system. Office defaults to lower encryption levels, which allows compatibility with older Office versions as well. The choice depends on the user and the organization.
Another change is the enhanced privacy options. In the past, Office had instructions on how to remove personally identifiable information from documents. Now, that capability is built in, so the machine can automatically remove this information — for example, hidden tracked changes in a document. These are edits and other changes made to documents that are hidden from the screen but accessible through the tool bar. As another example, Word documents no longer carry the default location of your template. This keeps private the structure of your file organization.
PressPass: Most news reports on virus or other attacks seem to center on the server and the network. Why is Microsoft directing security attention to the desktop?
Sheldon: We believe security is critical at all levels of the computing environment. One of the things characteristic of recent attacks is that they’re multi-dimensional, using multiple routes to enter a system. Several of the routes used by the recent NIMDA virus — a virus that infected millions of servers — were through the desktop. NIMDA took advantage of the fact that most desktops are connected to servers. So it opened up print and other servers that allowed it to identify additional ones, then it copied itself into unpatched or already vulnerable Web servers. That enabled it to infect both local files and files on remote network shares. Not all of the methods of attack were related to Office, but many came through the desktop, typically through e-mail.
PressPass: What changes will the everyday user see with the new security enhancements? Will there be more dialog boxes asking users to change or input information?
Sheldon: You should actually see fewer dialog boxes in most situations. If someone sends you a document with a virus, it probably won’t run. You won’t see it. If someone sends you something with a digital signature and you haven’t specified that you recognize the signature, a dialog box asks if you want to approve that signature. You aren’t going to be infected with anything going around hosted in an Office document, so you’ll get less mail from the corporate network administrator telling you not to open e-mail with infected attachments.
Some habit changes are needed because of the added attachment security. For example, if a person sends an Access database to someone else, it could be blocked because of the many macros involved. The smart way to send it is to zip it up in a file or send a hyperlink to the file’s network location. Or if someone sends you fun screensavers or something similar, you won’t receive them. These are so dangerous that Office XP considers them Level 1 and blocks them by default. Personally, I haven’t missed getting them.
PressPass: You said earlier that the enhancements will also benefit the network administrator?
Sheldon: Actually, we’ve made it easier for administrators to customize security levels for different departments by using directory lists. Administrators will find it easier to react to new issues by blocking new types of extensions — they can do that in 10 minutes. They manage the security settings for desktops using a form that can be modified with administrator access but not from the client side.
There has been a lot of testing and work around running Office in restricted user settings. One of the things that can make malicious code particularly dangerous, or machines easier for hackers, is if they can gain access as an administrator on that machine. We needed to make sure Office works well for users in a locked-down setting — that is, it permits user accounts on a particular machine, but not administrator accounts, which are held elsewhere.
PressPass: Will the strengthened Office XP security mean users won’t have to buy anti-virus or firewall programs anymore?
Sheldon: Anti-virus software and firewalls have different functions. The security enhancements in Office XP are designed to work with them as a supplement, not as a replacement. Anti-virus programs are designed to recognize and block existing threats. They have to know what a particular virus looks like in order to block it. It can stop a problem before it starts, but it’s still important to maintain an up-to-date anti-virus program. A firewall, which blocks direct access to your machine, provides privacy protection. It’s all complementary. You want the best firewall, to monitor who’s trying to access your machine. You want the best anti-virus software, to stop known viruses and worms. And you want Office XP, to catch problems the other two wouldn’t recognize.
At Microsoft, behind our own Exchange servers, we also use anti-virus tools that strip known dangerous attachments from e-mail coming into the system. It’s extra protection.
PressPass: Suppose a customer just buys Microsoft Word, or one of the individual Office applications. Will they still have the new security safeguards?
Sheldon: All security enhancements in Office XP are available in the stand-alone applications. For example, Word is included with Microsoft Works. The same enhancements are available there — privacy, macro protection, and so on.
PressPass: How have customers responded to the boost to Office XP security?
Sheldon: I think the Outlook e-mail security update in May 2000 was a watershed. We put added security above the expansion of features. We made choices that ensure the out-of-box experience is secure. Beyond that, users can crank up the security even more, if they need it. It took some planning on the part of our customers to adjust to these enhancements. But we’re seeing some widespread deployments of Office XP among companies that understand the threats that are out there. I’m hearing customers say, “This shows that you get it.”
Additional security performance and security enhancements in the recently released Office XP Service Pack 1 have also come as a direct result of customer response. This service pack combines into one free download all the updates developed since the release of Office XP last May. It includes further enhancements not only for security but also for overall Office XP performance and stability.
PressPass: How has the Office team fit itself to Trustworthy Computing?
Sheldon: The whole company is very much marshaled behind Trustworthy Computing. The Office team, in particular, was actively participating in cross-group planning on this initiative, and understanding and communicating these practices across teams. A lot of the work we’ve been doing has been in concert with other product teams, particularly in areas of encryption and locked down settings that allow access to resources on the computer. It is an absolutely essential priority in the Office team to be a leader within Microsoft with Trustworthy Computing.