You are here: ZDNet.co.uk > Reviews > Software > Productivity

Office applications Toolkit

Protect yourself against hackers

Gregg Keizer ZDNet US

Published: 08 Jul 2002

Is Office XP safe to use?

"It seems as though every day I read about Microsoft security holes big enough to drive a bus through. And every time I turn around, someone releases a new worm that's transmitted by Outlook. Am I crazy to trust my secrets to Office XP? What can I do?"

Analysis

Office XP -- and Outlook (Office’s email client) in particular -- are big targets for PC invaders. No surprise, really. The suite is the most popular on the planet, so malicious coders can hit lots of unsuspecting targets with a single hack or bug. Even worse, Microsoft's software has gained a reputation for security problems, making it an even more attractive target.

Your only option, other than abandoning Office XP for another suite such as StarOffice 6.0, is to make the software as bulletproof as possible. Here's how.

Advice

The greatest danger to Office XP comes from macroviruses loaded into documents -- Word and Excel documents are the most frequent targets. Therefore, you must first engage Office XP's built-in defence against macros. From any Office XP application, select Tools > Macros > Security > Security Level. Office gives you three setting choices: High, Medium, and Low. High, which disables all macros without digital signatures, is the most protective and restrictive, but it's also the best choice for most people because a macrovirus cannot catch you off guard. Select Medium if you already use a lot of macros from people you know and trust. Avoid the Low setting unless you also have a solid virus scanner installed and activated -- and make sure you update it frequently.

The High security setting for Office XP macros disables all macros without digital signatures.

Germ warfare

Microsoft has instituted some harsh -- some would say unreasonable -- security measures to defend Outlook 2002. Now, when Outlook 2002 receives an attachment, it peeks at the file extension and refuses to open anything it thinks poses a high risk -- in particular, executable files (EXE), Visual Basic Scripts (VBS) and other file types that virus and worm writers prefer. For a complete list of the forbidden file types, open Outlook 2002's help, search for attachments virus, and click ‘Attachment file types blocked by Outlook’. If you're confident that your virus-scanning software will catch everything, you can disable this security feature -- just download the free Outlook 2002 Attachment Security Tool 1.1. Our advice, though, is to leave this security precaution in place.

Office XP integrates well with most third-party virus-scanning programs, including Symantec’s Norton AntiVirus and McAfee’s VirusScan. And if you have one of these applications on your system, they automatically check for viruses in every Word, Excel, and PowerPoint document you open. Not all virus-scanning programs support Office XP this way, so to verify that yours does, choose Tools > Macro > Security from any of these three applications. If it says Virus Scanner(s) Installed at the bottom of the dialog, you're all set.

Avoid unlawful entry

Just in case your PC is hacked or someone else gets physical access to it, you can use Office XP to protect your documents. Here's how to password-protect and encrypt Word, Excel, PowerPoint and Access documents on a document-by-document basis -- meaning, you do this for each one, not as a global setting.

Select Tools > Options > Security. Enter a password in the topmost box. Office XP offers three types of built-in encryption: Weak Encryption, Office 97/2000 Compatible, and several forms of the RC4 encryption method. For more information on XP encryption, visit the Microsoft support site. To encrypt a file with something stronger than the default Office 97/2000 scheme, click the Advanced button, choose one of the powerful RC4 encryption algorithms, and select a number in the ‘Choose a key length’ box. The higher the number, the more secure your document. The maximum is 128-bit encryption. For even stronger encryption, you might want to download and use the free GnuPG 1.0.7 program.

You can encrypt Office XP files with something stronger than the default Office 97/2000 scheme if required.

Holes in one

Recently, users have complained about other Office XP security problems. For one, Office Web Components, which lets you publish spreadsheets, charts and databases on the Web, may be susceptible to Web site- or email-based attacks. Microsoft has even pulled Office Web Components from its download page. If you don't publish interactive spreadsheets, charts or databases to the Web, you can uninstall Office Web Components, just to be safe. Go to Start > Settings > Control Panel > Add/Remove Programs, highlight Microsoft Office, click ‘Add or remove features’ > Next. Under Office Shared Features, locate ‘Office XP Web components’ (and ‘Office 2000 Web components’ if it's there), click the small arrow next to each one and choose Not Available. Click the Update button to uninstall these components.

Even security provisions like these aren't enough, however. Recently, Bulgarian security guru Georgi Guninski discovered two new holes in Office XP, only one of which has been plugged by Microsoft. That's why you should regularly visit the Office Product Updates page and check for security updates and service packs. So far, SP1 is the only such pack currently issued. It contains numerous security enhancements and patches, so download it ASAP. If you want to stay on top of the ‘official’ security situation from Microsoft, bookmark its HotFix & Security Bulletin Service Web page and visit it regularly.

Did you find this article useful?
29 out of 55 people found this useful

New Products

Google Chrome (beta)

Google has launched Chrome, an open-source browser that sends a clear challenge to Microsoft in the way it lets users work with applications.

Internet Explorer 8 beta 2: a first look

IE8 (beta 2) should satisfy Microsoft's loyal browser base, but it's unlikely to lure committed Firefox users back to the fold.

Windows Small Business Server 2008: a first look

Microsoft's 2008 bundle of server OS, applications and services for small businesses will ship on 12 November. Here are our impressions of the public preview release, which shows some big changes from the previous version.

Acrobat 9 Pro Extended: a first look

Adobe's Acrobat 9 document-creation software is adding dynamic features such as animation integration, dynamic maps, 256-bit encryption and improved forms.

View all Previews

Featured Talkback

Why do so many (virtually all) software packages think that they are so important that they have to be started automatically every time the computer boots? What is the largest number of "speed access", "update check", "camera download" and whatever other background programs you have ever seen running? Of those, how many did you really need?