Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Of MOICE and Microsoft: Securing Office 2003



 By: Brian Prince
2007-05-10
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Microsoft says it plans to release a tool called Microsoft Office Isolated Conversion Environment to help protect users of Office 2003 from exploits.

Microsoft officials say plans are on the way for a weapon that can help protect Office 2003 from attacks, though users of even older versions of Office may find themselves left out in the cold.

The company is developing a tool called MOICE (Microsoft Office Isolated Conversion Environment), which converts files from Office 2003 to the new Office 2007 Open XML format in a bid to strip exploits out of the file. Once a file has been cleansed of exploits, it can be opened as normal in Office 2003.

"One of the things we noticed is that when we converted an exploit document to the new Office 2007 Metro format, it would either fail the conversion [or] emit a nonexploitable file, or the converter itself would crash," Microsoft Senior Software Development Engineer David LeBlanc wrote in a recent blog post.

"Thus," he continued later in the post, "if we could pre-process documents coming from untrusted sources from the older format to the new format, and then get an older version of Office to use its converter to read in the new file format, the customer is going to end up safer."

Resource Library:
Click here to read more about security threats to Microsoft Office.

Microsoft officials gave no specific date for when MOICE would be ready, but said the Redmond, Wash., company is working to make it available as soon as possible. The tool is specifically aimed at Office 2003. However, people using older versions such as Office 2000 or Office XP can use a compatibility pack that enables users to open, edit and save files in the Office 2007 format.

"The tool is a good thing for Office 2003 users from a security perspective, but it is a very kludgy approach," said John Pescatore, a Gartner analyst.

The problem, he said, is attackers will be able to see what the converter does and potentially come up with ways to bypass it.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

"MOICE is not an end-all to the malicious [or] malformed Office .doc problem," Pescatore said. "But for enterprises that want to stay on Office 2003 for a few more years and have not invested in the desktop security products from folks like McAfee, Symantec and others that have behavior-based malware protections, MOICE will give a good increase in security."

Josh Edwards, technical product manager for Microsoft Office, said the conversions take place in an isolated sandbox environment so they can be done securely. The tool was designed with enterprises in mind, he said, explaining that attacks involving MS Office are typically targeted attacks and not simply sent to the everyday user.

The additional security comes with a potential drawback, though: It will take longer to open files, particularly large ones, Edwards said. Just how long can depend on many factors, such as whether or not the document includes graphics, he said.

"The user will notice," Edwards said. However, he said, "Is it something where youll get up and get a coffee? No."

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.



  Reader Comments: Of MOICE and Microsoft: Securing Office 2003
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


x}r۸j9kmH)ْcؖ+SDH"Hʗ3?_v8x -bKh4Fw?I9utô'1%3tD;;?.ЇP|kSo92tE4f™EU2a}oOy}yqI}trxi#|g)̠V*PFfЊ%+Q:n]=]s\u[ݫ9^VsCV=BgCj`BmiumUo~vO^EnXCyCa#U#3\4.>vHN‘,-)0o-YnH.)M|T|Y|ěy#0ri4(M8Zujtm?+Pko43@_x0Nu{nsG@kFPYT`6R\ 9lb)6B̄H )&7R&,)|YB* brݠPP3>̧KdoF" eF"ȅQ.%  g|8JKu=b}૦yp!Dwެ,U*մމ-~ӢKsIlH{⧳vІ)WF8 ,heݴS榣V)b1x+%YE*@8ʍ??5m!S[ö@ .Ss+{~>#ZG>/=3jY}vi(|I8hƋMori>I7B4A+GݺzLnXŞ+ Q߭Fm|@T؎(??6  G`pn&xky0]ѡ4}a qjQ]*3<9d} o  Μ覥M L<ģ|D s ]x9-WR;C/0tK@H~Ot"AђF *4 gsCX"C"'Aw;.VKŤ\*y"JM':N3PKRx&,S,BV-KᗄPf%i2m<V-&D7r"e.G wKቖ&ZlY,*V+WMz92a s=@.ϼs2H`0HCb;N-: x9o@CysJz0aEiŬ9g߃)9 i=Mr=""ǰ@7n>`(^HIRЙj!@9z٧l)3-$֒eRu-z_No6ҞviXZ @-ei -a-׾0^Ԣ(-Q|u$"!tùbXGJBb&^fdhQ{jaaC+UVj#SV-iV^Ϛf+ L 4 o`*7`b\0aN#y9|FzZ{jl.n9 8{y4%2N?APSt @IU5}끆 _ǂK ޽ȁUrqX3atia;n/ ySJ_8Ǘ6i+DӜh2F ñiHuߴӮWKHLZ`!?RP՘IO5 &^PGe d^s`M[`R9cDzl lF{4]}Zj<89Ro> < ıLBYaT88l]x}uVV0\?@R)Ö13ghi'ǙXT'łx_ℯp˻SU?? L4,QjzEW>sn,|rqZEL[vO`cV av5 1;>VkJC2By^YhwrR" QppkՃ)u;ufv9A#]#@$2]rA XQj0qs;M?bL%Jt( ֹB\U4Ue`wm* :@{uWta5)X]QiSiQ9SӲ+SLjH@A5u8|X\.``!>ߏz0f&Ш)lTgm/RU *~a;:{oR64F@2<"C8bS>tV}P@K&nΚ62I*"EdB8NY HXL*r_ kRU 4DB.(}r'nPzQrZ%:j}$cPU]|T&#UX)TԒP?ITnCEZ`ЯxLl59AKl!/`._S(c/ZfDMR/)3nQ/ ~egm S?PGF&7 u5Yx\[$v ˽'jD@KYJ7ѵj՚*\U%P-HjItn:0ȄOXD[8tpL\'eM=J皽6Dy<#ɟ?9?pw@7|R'9w>EM+v@l+J9ww|L4 #uL)wjiwZU}{"}QLXޟUv٩G:w~J]WVd4O}=Kͳ}6z? i^;7* Í7F jE%p>ASB9kթ-0iCly0;Ɩsb")&bz&$-0m2결nIl?cRL锐']'C؏ z>RB'T5˓$/IYO)Eqjhd꒐~~(i&'ءXҡԛ]47'8 $O krisq/XkI-jշΫ؉Gs`#]+U@<@{.ۥ{H?vV5BĬhg2h덫{lϳsL:>dO>^j[}x92> AC؞qnbLd<J;ooFp7N Of %FJMc-ی!aк õcV:# p$|#؈'GG?[7{cE|3̔ u\ KM_U_r _?P??\@Ӟ Ma_Ͻz2.mE.zQvc%F}7^S˗t8q27 ~x+lF)Y9ӨR Lt/r=#V,] (K6b:K*5_&:x&@"Ji>6s-g uӗ:1y>E-KՔR#5 8%f(:x8`G,참wc6Ⳑh&SOd.Zgx#}tzTY22o"92|B9Zi>tvv6Bz4GZS'M5DR|F i;˻ZDNI31x}}ˆm`'a@nc+9;-6zɄ\Hd(΀, SORS:/Rm (aJ`=4q ]]60|J}gjB{3@- rF[D6|p4ub"Rl kގeFscnk[ZP1bh~d^BnjoKG08 ~Hۚ|FD YE{)V _! tzN^hz‡AcT*jJ! -[ @8-H -Rz-Sx(r⳹u?.b#}.MxwR%3^5k~1 /1ŧ$  O8|FO3ZԘoė/Ghg!>W9vT-:\͉t4md0^WXv|$KĻLm߰uQ C,ªܗAu VZ^3Q)}rvOl zm-Hc ܜh}&DܔzSs {\Ps}&z ֥9^9=8/X^7M€(L4a{軄GJॉj<ĆYy9КG: ]x΍i~`4[JjZNCmj>5 Q6JFh45%!;+S[/Me/3yOHOywwww+򟪕rQ{u&H)H/}q`.9sː0>3M e%[{sFc8<~k? o쇠\Kd )H4{\O1WD;Cc9*LDO /$ "{ǻ$}eu=_p0$C`jxie֮H ~}, WE7Ae x#'믆uzبڷvRFN<˽{JEE. u/r\; )pИGl-|#"ol\[{ EAk9.fOΝ2!(Mbst$6LrC Bgz ?'P)oucCYڃ;NR_ރx4`TJwZ) |w.[v φ׋b qquSn{M\"ūNRŗ=y4ML3 ks.ozk"Tʚ f y;BSk].ԍml(I#ۀچձևxQW| Ȫhֲƞ=:RfY,eeGbp,J˼٤'c ~P2oO3@84kI/3$$: [IHgc;#}g8ET1̭,odnv\0V*yAG.ޮcb>&8F?_ӷt/= ^FxCqs]˼ MX8/'Ift'ݴX,hILÑ@uSTan vExt~?~|o*01P-G?ڞUTo|֊[N[iΞC!Ǘq9|{ I7!7bþŝMWf c* n'y{@dbZ#mG4 YS\0kL]M|{#o奻?'&Su,,1@NtɜvpNx)O)LI|7No5Dcঀ_޺~*nH Lv/xr7=:?ؐQVVF!֜rc[~t#UQv0}M-V%8IuYW X3CvN rซa=ʱ,~ݠEyD׎i."[ce9L9cWF%5z J 0K~AX^qV2&#6cu\]QS[wZįi[+W#d! `,%o,"xao(quQ%r_FpxAiLʃG'6MEfAȢiw\sI o*JM]-Dr/N+R+Ȉzvj]!1cTA9-Q5݁RU B? x-F5֠)x9Ok6j=!Ƀ`58?ln&R.m'hzBRKo^;G'ܬTM$6 n_rGN݀o»I } Ofrt&7e\S[T8 Pm¼ϴ@B )a}oLðhDLROe\vD CVY aIm{7R[ $y?ZED& IB Sr޾ꝶe=<zLGzSu|1[GB(W9Ĝ#>P޾xySjJ3T";'0枩8W-3Șh MQ VHxDirtvnOKZ&{6@@P0HogRq"n#B s<3DD^ôG͈֜ )#lmK݋cZ|"1^#&3(9;pf&@R(#*@`'*sn `^bJ MF·:s Gh0usXg- .E.kq{o+[!500 0YK7`C'[EY|ob{LgA~R\bӀԐ0(VIB uXRFB(6s k7$G7Zzw{XVBAaP8Z  +z+U'I]U@)9CȮ KƪZJP5oSwe2VqLz%ruW0`A='i92fg4t\K ̑G|LBz،\Sݾk4/.N%iv>.;NOWx Z[8ju+t/G݋/ǝe缟kxSd&E`<ejY)sC9,jO6Wd;̀WN>+ah,.6R6|?}Rf Q~0`b_1oZ^O˦V\k!<@Vʼnt,鿚.9r Χ^i7Q[6]=W܄qP "ڧ>鞷sФo%ucFW(Q~ ˏ͌.w3ʑ[@V;ʏ֗}3OPi}I'8/rN+dyF9c/(_֗ 052 3{A3Y}zxwhF9Ye'yF?C(?(# 2a|3#(^>&c˼$=)>w槤I8j.{%])r-XѧaZ>Ś/JYy8* t=}}Ba(c#h3cHO8ѭj{4qa n>_Q,+/7 lc}k}W;}y<\4?C{>'K*8uߜ:S?,RK|c ,޹Oa4DZ=CPN_ MW镆.` ď;ǙebIP*5VZ*;%mGFDdU*[ZX,.g /(@#غ7M{%}C7<8fȳRLq u+k % P1=:1Rkۨ*iۼx0%!:i@18Lo9Xj,.#vRǎQ!+\ƙ9?mc5:tp) ?`-kD:'霗q8Oi[Ìs,i܀z~l4@4Dʹ)9P3G)b|337rɌB΄[4п}s%(uL1=X E!#jϗ=7G:aKƈ DMKIn_!x'GiGErly޻ lg(X5RǬйCӟ}Q!rE>ix6,0G1i!nӗ:i#xn'r&f\).𰙄iFīFLiU?m oÉF3FЯ"9ţ*aс(Ye7gG4WBMxXU7M&d v"й;6M(/k|ł霰)#,|H𵭦n炱LZԝ:6Zd9\7Y"m,?hЌ;$Rx܂AR(B\MaMY{N5OjӦUMf΢P؅UzJ%L9(ن0U7VA7Jm{X|@ăx!$[Wp|"7ϒezLU"z̴uDaKNvޒ{ƾ( ;Cಁe":}`c h9[T:9Am'{Ǧ#U|3Ә1J1А8ٶ2COA#t Ke[ O"C24`)zc<)znsF}48բƄJu!A]=_vs[>/'R`r:Y )6O- `⎈MeeV9DR*,Dl'f ,~sf69~gs¥@EqD'Pvxml<^|:y-E{Ofuݎ2Jtmk]!Kb !C>`mR>ŔK.)tOAVt3NEǯk,^zXٻ Ps:#vKѪ v7"`aV1n,ـ9&@r=V*.vf9Z7lLTFE¶":u`xmꞁ ۊ|Va=v5!igNb k:*φŀpVs{~kC'>ksx:Y:}#s!? Ln3m^^kti( aavXeS1C'@n0\|H d9[\O^مnuv3\j /YH~> \99.@OI"cXM1}aE|qiORv/c35/=l}ptޒŠ=EKB^i B"Ewl:񲞝?`(m\}!l4;n_1M4V*wV㛼V cQEaeԔbѥ;l' uE^8%܆mJPU&s)# MWj\)M39Q2kEs+&|idLp -ͱeRZ`l/Z6v?753 ,