Windows - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Windows


Microsoft Makes Office 2007 More Secure



 By: Peter Galli
2007-11-13
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Windows story.


Rate This Article:
Poor Best
The 2007 Office Security Guide provides prescriptive Group Policy setting and security configuration recommendations.

BARCELONA—Microsoft is releasing the 2007 Office Security Guide, which gives IT administrators guidance for configuring the settings in Microsoft Office 2007 so that it can be deployed and managed more securely.

The guide, which Microsoft says provides prescriptive Group Policy setting and security configuration recommendations to strengthen the security of computers running the 2007 Microsoft Office release on Windows Vista or Windows XP in domain-based environments, can be found here.

It is the result of a years worth of work with customers, partners and government agencies, and follows a public beta release this summer, Josh Edwards, technical product manager for Microsoft Office, told eWEEK in an interview here at the TechEd IT Forum conference.

The guide essentially consists of three parts. The first is an introduction to security, the architecture and how it is implemented, while the second gives an extensive look at the 300 chosen administrative controls and settings, including what they are, how they get configured, and the threats they mitigate. It also provides a large spreadsheet of all these security settings and what is configured on and out of the box, as well as for every other scenario.

Resource Library:
Some reviewers have found Office 2007 off-putting. Click here to read more.

The third component is the GPO Accelerator tool, a script that creates Group Policy Objects to deploy security settings for the 2007 Microsoft Office release on Windows Vista and Windows XP in Active Directory environments.

Customers can use the tool to roll out the two baseline configurations—enterprise client and specialized security with limited functionality—as is or use it to customize them.

"Either way they are starting out from a point where most of the work is already done, and they are tweaking things unique to their environment. This is the tool that allows customers to configure all of that," Edwards said.

He said that customers and partners "told us they wanted additional administrator controls, and so we tested and documented the 300 that are most focused on security."

Read more here about the tool Microsoft released to help protect Office 2003 from malware attacks.

This was also in response to the evolution in the security environment away from attacks focused on the operating system to those directed at the application layer, he said, adding that the guide was designed to show administrators all of the security features Microsoft had built into Office 2007, and give users a means of dynamically adjusting those.

The idea is that if, going forward, the threat landscape changes, customers will be able to immediately configure and change those settings to mitigate that particular type of threat, Edwards said.

He said one of the things that had been closely examined was the impact that these settings and configurations could have on productivity.

"The enterprise client scenario was designed to balance security and usability needs, so there certainly could be an impact there. But all of these settings have been extensively tested and documented and we were able to find out, during the course of that testing process, which add-ins were no longer functional under that configuration," he said.

All of that information was provided in the guide, which gives administrators advance notice of the potential problems that could arise with the applications they ran under those configurations, he said, noting that there would be some applications that did not conform to any of the scenarios that had been tested.

"I certainly cant say that it is completely comprehensive and that we have covered every scenario," he said. "But we have ensured that if users do configure their settings and use Office in these ways, they have the ability to control the security around that and take action without having to break productivity if those particular features are important to them."

To read more about why Microsoft Office was under siege, click here.

The specialized-security, limited-functionality scenario was geared towards government intelligence, defense and other high-security environments where customers were optimizing for security and willing to sacrifice a degree of productivity and/or functionality, he said.

While the guidance could be useful "at a high level" to customers who have not yet deployed Office 2007, the problem was that many of the settings that were being used to configure this latest guidance did not exist in previous versions, Edwards said.

Check out eWEEK.coms for Microsoft and Windows news, views and analysis.



  Reader Comments: Microsoft Makes Office 2007 More Secure
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Windows Articles          >>> More By Peter Galli
 


x}ks㶲*Q3Co{)ْ:-K3dwKEĘ"uHʏO/Oon|AK~L{ScKh4Fw?H9uur56%SEo]"I{C(`RϩIzNڶ? }~mksu;z>;|9|ALTadB$kwtL|ϨTS_Fܨ[`&`1ZlR!j 9i?i='@IRb(Ѻ}(Dߵ-m: \'| *C7ܩx8ս/DeOXIQIMbBq45Fk ;z~;L 18`TKg~Ok\MmWVekV6^@^c\ȁYLi_L*6 L4H UHIp+z:tm3k N\^ ZStt=Sz3]gԏ` 1l{~0[ QK.lZJP['C;)E[G*ֶg5]q=ܹcglE-b6JmO |lMݟPI unGG/˺79hmya_hjTӪrP5X;pދWnoocm9; 2w7k޾ީRV5MQjgE? n0uh;\CR YyS//.;6鷏N/;cdo̲1<JEӀ Zvb!?XW5Uս%i?u=d#t: +?;VV'_ZUlxiuHz>5401\]Z-$5VM&usDr,_do_Ng;Be}#7ReQ o̱n>@|ˤdx6M2Tch^ԩ#е7ǯ@Bjm҄& 9B:%uS7>hr Ce)#8?݃IhJq䰉k޳ذ 1"%hJqOe $}ВEtBAͨ0 .)J!"xF3t BD4?CzC7=aL+i,h."WMCjYY6'*taeIUi[Eށ:qxnEOg^ S35ލpX.B2i%!8WG5MGRŦcWJPX=(‹JMU~ _p-~~b2B cgLt `: 0hvz?>RӚOCqOCGs>H2AG66^zK tcb>'a xV8; nuCuӹga {>0kJY=D5h-D&q}@9qHhP0<sz0X[Sσ5[JCˋF0P6=xBe^~>axs݀ܧPr`@YS9ݲeǀxԜлuKw2J}cn ȣI.B$(ZȻB!Alq [$p XV0(VFZzGBjK%6Os@PGҩ;vjtW*τbZ z)0ٜʬ$5M X*ȉ#m"0%X ,'Z Xk5Ʋ fhZ\O4MhFa{i]ym&,`b HK%\Ew,[t 3Asoq=7߄s 7ܣala}& /| `pO& ]7m(9X0N,cB"+H5LLhH,iob Y}6-jrǸ&q9oan5ډ<\y϶<.У|8$4<3_N#kۖs7Mw߄T 9uC \D r}͚X 4ؐ|&B77Cn^ʚtɕU.F(iJS18 FLoyC)'wJFJV zh'>eg HlYWo%,~kыpz1(KúJj'/Hoh m_EڠueLGiK-# IPצ(΅ò=2P}62&C 7 Py\1k=0¿UM.RwӟLYsX)Z%R{5>k暭l0!.(2n( _L T`b\0aN#wAsmf~k:0Tϣ(a!c( >Aװ DؚZU{gm1Jqm?XĞ9pJ.]~:tgqq?]Z®tޔүhMvp"D~`iNR} Ȳ^ogWKHLZ`!?RP՘Iҏ5 &^PGe d^s`M`R#׶l :lF֝{4g3i%rf9HzH_GckHB(T2`LHG7S] eQaʣu~Scǰ%wpH} [Lݡ \wlSIB>O RNm'Xk5F>=c"}IVt@F ;Ez . ZC3ЏBrAaj H"T `mR@;kRUԓtr m_ä?IL!2Bsݧ==1g匬  hVBS{ZYUKZTp~W`sϏ8LgԀ>x_p&WXfiY8AK>sn.,|: '012&z@j9Abv6<|0֔R)IdӀL9GVAELˣFppkՃ u;uav9Aخ kqAmY1qW;GPVL` }ѺIPɑ1[D`[ nUESUGKk+^W< OQ#zCxحLHuҜnHIZX9bRkEBZG ϭùšQ Cԃ3Sb_@URTžwZu^,ߜmhD1(dyD4@/-qbk lBk}ӁZFB-š89k*[X qLzORB7PUL ōfπiNdž mԚVNMVi VZ[{؇v 9{~jZ9p驔rgHWtČer,×~a,0r&`.q,sqIY>2I*"EdB8NY HXL*r_X ւ 4DB.(}=ݤ1p J.u<1H}ǪBTuARTbPQKJBЫ'QCλFqimEB%3q\-ܛ`@O|MZ]k27I$yF0ŗ!%K'O@lXC=B3ܒ(tם6f1secnÒf$S, .IG:-ef;F*ݔkYժ5UNJZZ$t`]1۳<%Q{q2NP Yo =$Ԅ׿wLaV*7o~.RȓC$>DiF\12fV(Yŵ?hhqLL ]|ﴪ 1@ E D@;nߵ?% ?S-l8)F:w~J]wWVd4O}=Kͳ}n48T6MFzV5C2ܝa3 vH[!Br_%g ^|%\I\5g0 `m7kΊG V`!w1d|PR (ʁHR ~tDӻ8m~dun/2 m  ,Щ cAHFrI'zRG>egQəπ/PIQ):(9Q{_aKѷo9Aߐ>1K7xEp[(kh,VbsZ;D{dNlp jvz`iSrF4/3/pQZin} zO&iR'DZ3pu*h hw<)~[ħ{, /䎑()td ecxFMzuS意G 95'y V7gN{m,b20}_?H+IcqO n<sWtRTsd;I6ӱ$BUUk ۻʾ\EVe.tޓNt;>riɸ@7Ye (f~X;pOҠcc}d<ݸw[f1vfwo}|]& {~ ]ݣPIݣ7뻻~=Ғ(r]&ZD܎pw5Q {qI9.xy?,J`\Ty^Af6vo"YN ئ73ӧ{cef7X#ŸA!{ Rf';曜Αi l&s{$;grЇ )$T0hl?|;t71%pRx256y(1h4R7o7lf4W ; N ױV٧e/&qFL>>bsSxŽ\6 %:-)6H.,=4awε1 ^}g\M ! u6=pHvow/og֎+b{b [4D`;Ub%ޗ,xDdId+Y$.e%Ɛ^Amr &qm\,jq&sQ/8_VҴkYME* +WzvnXgCFK_m 7?sqBie…ALvDêkEA($?\67 ďm̺6#.>ۊxő$;ZRԒ{07o9' 7}f+wi?*]iK] = n!A" =ฦFS2O"DHت5‡wop3^RUIM')Bf o|5uZ >a#MS*]7HB*܆f0äW ^Z!McܒIm̤3 F"Z Pҽ{9I E.j#BNL@ 0z>8=WcRŗRk?!}G#\0%a4\nO(R@sh Iܟ-F84ju(ي mjojZiSV+= 傑( Ԣ7vg(2;,I%]IѾ8A @cV;3}0 &6#3A]ra^^B!q6&BcӚl5I+lm3} 2 7qogȤ+Lrч-QQUu'f@l s'.g i?hK끧ШP,oV^@ЍF bTlĨ{'ڮu+]nA%ۨۍ?ʫ&GS>\^;~q7W7W7W7W˺rjU->ݕ릗芿XgRǤTQV S%#bVX~|%O;#f*:\#7ӾZ2_P݊ a| <_/|2µ-"kbf*췱gyNmV)jhk>*Ҳn|6^M`0W/%4C2CbM$t86?DSXD)2J65̎h` n<+/'?=kҽ>u]L§2(P'>k~egK/kE_A-ʴjgϡ:Z?3{>ק!;PuطzЈL^XPAgXt<"&KX=M᝞).b ?Dy u&MG~RJ~~'`¤Zt'O|cdQހBx8n 1{b=woZdW'|]0bsʉmOѥfxPE#vYo .T5|5ѱ  >d l7,ZG?PM=яwK>*V8E *96i[>-4>(C^PB^’M=1Iγ9ꊚbMm@#~OZ} O]c)~c) +hxB,U6 KfRtK]1m.95͂E t 1^UZrOQ/ .h^,aVd1ޥtW L i"r\IoA$ΨPl5Z UP+$4h9ި@Qͧ58sM<؜>7-iM13X50~f׵av̈́|W@O[jkwhDPUܻ֝UȩPc2,:b'^@1W{xLCZK`miX9z>H'ܪzFIfӐjRrz0[?3|US*Z <\/YQ0EEkѽv=/=wy rmݳItgx$ kHу%O:}ҷ<-LkG J&_K~M1}' `- fl9c}_ w5x tP^! /zex^KjL6"ΨNZth&vUZtTJurӔT[B}FscyGX\snz.z{ͰOIiͬ{[RJBYIva|DuvWH Xp,Px74 ?R)!_6~m9\{6ވjζ=*F&#ZIikZxB< E`gc p#S C7R,6$AeЃ5T?0ԽG )ﴪ 5 /6U@Ĩ8AnKge4|6 |H`߄ׅ>zC.o ^j$p ?<}A6ژyiF$Rx&Gd.$qr5D0'_A1BL˿IKt(.( oIYPXPϏB5OSJn67p>9›xaJ AuA"\2,Gwe~tHM 2k;Λ]-AG,G71=` ?ET&nK yb$P!%h$`x=9`6C2߰Mz(O.!jbTũ4M?z eӲp:Пxq3/K_9r Χ65A^^ZI 'M&7bQ>mIk&5+<v<(((GMfFyʻ-AQ~Gˏ>G(kt֗wZFQu2CL<ds/Q?/?ake,g, >,g@ A2ygg2zOP)O2(?r=9ϐs  _.?.2޿x2z^F{^F 忬/1>Arߧ}}ʠ_e^eU%:Iʘ!g \8=Rfr ~)A_d_y*%qFy 3YY ~veX^dй\52Я!ew2~62A\u[u CFWT=k ϼdmOu^k8VҮnq_l Σ_xi +I%'xEW4<< X1rnmVDVOq&R2#s"qǾJ5faOd_ǔUQǒGЬg.Ñp_؃ Ҿd%Q( q9fOW>&\ŠMCao/aKZö`ZG;o=2dI?Mqkq%B4PoЏm=ƾw<A_,#x u1^!ad+Hm7c@ԯJ`Xkt JV7BePnD823o{^N]kW"nrG;7Yy=y F Oa'Vbg94IأCDO֢5s`^#,t{FY`_GFb#+&* U\&a8Y0:tChp+bAoN[a>$VSPsXOmʮv.Hϵ98wyläd{«U/=ׇ"2cX [ԟ1P E]M)^Ղ]#rF31F#qyU p6+vOEo0^RlsmqSun{Dj;c<}"lE a'_C XD=$~1|o,C巧cc%^Πo'b_w,-YݨoˊLsӃG3RVV&ХŤ_*K7"i½oPm BO0wM{ , CS@I`P&1|j;;1TeK,s(ŬBSd=)O?5/G[nI\k<>aiЄΧYp멎m,U|A>cx GL65Tc*i|? e Lt8n90kn>WQ$ L{yݟ 9@/7A{~ r@b],QO&\f\jӟL.ѮB@vbbqY;g&'lB pCQ*Ԯ^x9Na^|ۺ+AўXm|h[d% ^FH‡%!Ҷ\)Vb%pCV{f:ePEXl+a W5`/=2H]c(|9N]]PjãōXƸk[) qy6`;Щ0D\Nս˶)E=b농 ѨpSTVD'^-3qݼQa[_f}qx:Y:}#s!? Lnl^^kti( aaɗvXYD5R7LP9Γ a0*=c-ߖ]KۉkÐ{yy0Ǖ2DM1F(ͧ,1fw3L*@n= փ W1`#hxb <nRh1)Lb'kIG'R la, r3 EV z.t3R/4Nxq{Ϣa0SSQ2ī$Y4E&l)vsml-6C-;-^*