Protect yourself against hackers
Published: 08 Jul 2002
Is Office XP safe to use?
"It seems as though every day I read about Microsoft security holes big enough to drive a bus through. And every time I turn around, someone releases a new worm that's transmitted by Outlook. Am I crazy to trust my secrets to Office XP? What can I do?"
Analysis
Office XP -- and Outlook (Office’s email client) in particular -- are big targets for PC invaders. No surprise, really. The suite is the most popular on the planet, so malicious coders can hit lots of unsuspecting targets with a single hack or bug. Even worse, Microsoft's software has gained a reputation for security problems, making it an even more attractive target.
Your only option, other than abandoning Office XP for another suite such as StarOffice 6.0, is to make the software as bulletproof as possible. Here's how.
Advice
The greatest danger to Office XP comes from macroviruses loaded into documents -- Word and Excel documents are the most frequent targets. Therefore, you must first engage Office XP's built-in defence against macros. From any Office XP application, select Tools > Macros > Security > Security Level. Office gives you three setting choices: High, Medium, and Low. High, which disables all macros without digital signatures, is the most protective and restrictive, but it's also the best choice for most people because a macrovirus cannot catch you off guard. Select Medium if you already use a lot of macros from people you know and trust. Avoid the Low setting unless you also have a solid virus scanner installed and activated -- and make sure you update it frequently.

Germ warfare
Microsoft has instituted some harsh -- some would say unreasonable -- security measures to defend Outlook 2002. Now, when Outlook 2002 receives an attachment, it peeks at the file extension and refuses to open anything it thinks poses a high risk -- in particular, executable files (EXE), Visual Basic Scripts (VBS) and other file types that virus and worm writers prefer. For a complete list of the forbidden file types, open Outlook 2002's help, search for attachments virus, and click ‘Attachment file types blocked by Outlook’. If you're confident that your virus-scanning software will catch everything, you can disable this security feature -- just download the free Outlook 2002 Attachment Security Tool 1.1. Our advice, though, is to leave this security precaution in place.
Office XP integrates well with most third-party virus-scanning programs, including Symantec’s Norton AntiVirus and McAfee’s VirusScan. And if you have one of these applications on your system, they automatically check for viruses in every Word, Excel, and PowerPoint document you open. Not all virus-scanning programs support Office XP this way, so to verify that yours does, choose Tools > Macro > Security from any of these three applications. If it says Virus Scanner(s) Installed at the bottom of the dialog, you're all set.
Avoid unlawful entry
Just in case your PC is hacked or someone else gets physical access to it, you can use Office XP to protect your documents. Here's how to password-protect and encrypt Word, Excel, PowerPoint and Access documents on a document-by-document basis -- meaning, you do this for each one, not as a global setting.
Select Tools > Options > Security. Enter a password in the topmost box. Office XP offers three types of built-in encryption: Weak Encryption, Office 97/2000 Compatible, and several forms of the RC4 encryption method. For more information on XP encryption, visit the Microsoft support site. To encrypt a file with something stronger than the default Office 97/2000 scheme, click the Advanced button, choose one of the powerful RC4 encryption algorithms, and select a number in the ‘Choose a key length’ box. The higher the number, the more secure your document. The maximum is 128-bit encryption. For even stronger encryption, you might want to download and use the free GnuPG 1.0.7 program.

Holes in one
Recently, users have complained about other Office XP security problems. For one, Office Web Components, which lets you publish spreadsheets, charts and databases on the Web, may be susceptible to Web site- or email-based attacks. Microsoft has even pulled Office Web Components from its download page. If you don't publish interactive spreadsheets, charts or databases to the Web, you can uninstall Office Web Components, just to be safe. Go to Start > Settings > Control Panel > Add/Remove Programs, highlight Microsoft Office, click ‘Add or remove features’ > Next. Under Office Shared Features, locate ‘Office XP Web components’ (and ‘Office 2000 Web components’ if it's there), click the small arrow next to each one and choose Not Available. Click the Update button to uninstall these components.
Even security provisions like these aren't enough, however. Recently, Bulgarian security guru Georgi Guninski discovered two new holes in Office XP, only one of which has been plugged by Microsoft. That's why you should regularly visit the Office Product Updates page and check for security updates and service packs. So far, SP1 is the only such pack currently issued. It contains numerous security enhancements and patches, so download it ASAP. If you want to stay on top of the ‘official’ security situation from Microsoft, bookmark its HotFix & Security Bulletin Service Web page and visit it regularly.
New Products
Google Chrome (beta)
Google has launched Chrome, an open-source browser that sends a clear challenge to Microsoft in the way it lets users work with applications.
Internet Explorer 8 beta 2: a first look
IE8 (beta 2) should satisfy Microsoft's loyal browser base, but it's unlikely to lure committed Firefox users back to the fold.
Windows Small Business Server 2008: a first look
Microsoft's 2008 bundle of server OS, applications and services for small businesses will ship on 12 November. Here are our impressions of the public preview release, which shows some big changes from the previous version.
Acrobat 9 Pro Extended: a first look
Adobe's Acrobat 9 document-creation software is adding dynamic features such as animation integration, dynamic maps, 256-bit encryption and improved forms.
Featured Talkback
Why do so many (virtually all) software packages think that they are so important that they have to be started automatically every time the computer boots? What is the largest number of "speed access", "update check", "camera download" and whatever other background programs you have ever seen running? Of those, how many did you really need?
By: J.A. Watson
Read full story:
Annoying software: a rogues' gallery
Discussions
Official MS Windows 7 Bloggers
Check this out: http://blogs.msdn.com/e7...spx Its an official blog "Engineering Windows 7" Nothing. That's what is revealed. Until there is real... More
Microsoft's Mojave just a desert vista
It didn't seem fair to wade into Microsoft's “Mojave Experiment” advert quite so soon after the flat earth incident. But The Economist has no such qualms: in this week's issue, it wonders... More
... But Still a Few Things Amiss (with...
It's not all roses with Vista, of course. I had my first BSOD over the weekend, when I was turning the laptop back on after suspending it. They typical long blurb about "If this is... More
Skip Sub Navigation Links to CNET Brand Links
- Security threats
- Mobile devices
- Application development
- Network management
- Desktop platforms
- Security management
- Databases
- Processors
- Server platforms
- Storage
- Mobile working
- Office applications
- After hours
- Mail & messaging
- Training
- Disaster recovery
- Enterprise applications
- VoIP
- Emerging tech
- Green IT
- Outsourcing
- Virtualisation
- SME
- Enterprise open source
- Industry watch
- Online business
- Accessibility
- Management
- Intellectual property
- Compliance
Home
- Site Map
- RSS Feeds
- Content Archive
- ZDNet.co.uk Mobile
- Search Library
Membership
- Log in
- Register
- Forgotten Password
- Membership benefits
- Newsletters
About Us
- Contact Us
- Find Us
- Privacy Policy
- Permissions and Reprints
- International
- Advertise
News
- Hardware News
- Software News
- Communications News
- Internet News
- Security News
- IT Management News
- Emerging Technology News
- Leaders
Blogs
Group Blogs
- News blog
- Reviews blog
- Not Safe For Work blog
- Rupert's Diary blog
- Sentry Posts blog
- Vista Upgrade blog
- On The Road blog
- Homebrew blog
- Post Room blog
- Uptime blog
ZDNet UK Staff Blogs
- Rupert Goodwins
- Charles McLellan
- David Meyer
- Tom Espiner
- Colin Barker
- Karen Friar
Core Techs Expert Blogs
- Adrian Bridgwater
- Peter Judge
- Christian Harris
Tech Community
- Top 100 ZDNet UK Members
- My ZDNet Tour
- Forums
- Competitions
- Community FAQs
Benchmarks
- Business Value benchmark
- Server Value benchmark
- Desktop Management benchmark
- Mobile Security benchmark
White Papers
- Most Popular white papers
Free Software Downloads
- Windows downloads
- Mac downloads
- Mobile downloads
- iPhone Apps downloads
Reviews
Hardware reviews
- Accessory reviews
- Audio reviews
- Component reviews
- Desktop reviews
- Handheld reviews
- Imaging reviews
- Input Device reviews
- Mobile Phone reviews
- Monitor reviews
- Netbook reviews
- Networking reviews
- Notebook reviews
- Printer reviews
- Projector reviews
- Server reviews
- Storage reviews
Software reviews
- Content Creation reviews
- Developer Tool reviews
- Enterprise Application reviews
- Operating System reviews
- Productivity software reviews
- Security reviews
- Utility reviews
- Editor's Choice reviews
- Buyer's Guides
- Tech Guides
Tech Resources
- Company Pages
- Technology Events
- Research Panel
- IT Jobs
Articles
- Case Studies
- Comment
- FAQs Articles
- Features
- Image Galleries
- Tutorials
- Video stories
- Research
Compare Prices
- Laptop prices
- Cheap Laptops
- Desktop prices
- Mac laptop prices
- Mac desktop prices
- Tablet PCs prices
- PDA prices
- Printer prices
- Printer cartridges prices
- Scanner prices
- Monitor prices
- Windows oftware prices
- Server prices
Special Features
- Broadband Speed Test
- CIO Vision Series
- Dialogue Box
Advertising Features
- Intel Make the Case
















