You are here: ZDNet UK > Reviews > Software > Productivity

Office applications Toolkit

Protect yourself against hackers

Gregg Keizer ZDNet US

Published: 08 Jul 2002

Is Office XP safe to use?

"It seems as though every day I read about Microsoft security holes big enough to drive a bus through. And every time I turn around, someone releases a new worm that's transmitted by Outlook. Am I crazy to trust my secrets to Office XP? What can I do?"

Analysis

Office XP -- and Outlook (Office’s email client) in particular -- are big targets for PC invaders. No surprise, really. The suite is the most popular on the planet, so malicious coders can hit lots of unsuspecting targets with a single hack or bug. Even worse, Microsoft's software has gained a reputation for security problems, making it an even more attractive target.

Your only option, other than abandoning Office XP for another suite such as StarOffice 6.0, is to make the software as bulletproof as possible. Here's how.

Advice

The greatest danger to Office XP comes from macroviruses loaded into documents -- Word and Excel documents are the most frequent targets. Therefore, you must first engage Office XP's built-in defence against macros. From any Office XP application, select Tools > Macros > Security > Security Level. Office gives you three setting choices: High, Medium, and Low. High, which disables all macros without digital signatures, is the most protective and restrictive, but it's also the best choice for most people because a macrovirus cannot catch you off guard. Select Medium if you already use a lot of macros from people you know and trust. Avoid the Low setting unless you also have a solid virus scanner installed and activated -- and make sure you update it frequently.

The High security setting for Office XP macros disables all macros without digital signatures.

Germ warfare

Microsoft has instituted some harsh -- some would say unreasonable -- security measures to defend Outlook 2002. Now, when Outlook 2002 receives an attachment, it peeks at the file extension and refuses to open anything it thinks poses a high risk -- in particular, executable files (EXE), Visual Basic Scripts (VBS) and other file types that virus and worm writers prefer. For a complete list of the forbidden file types, open Outlook 2002's help, search for attachments virus, and click ‘Attachment file types blocked by Outlook’. If you're confident that your virus-scanning software will catch everything, you can disable this security feature -- just download the free Outlook 2002 Attachment Security Tool 1.1. Our advice, though, is to leave this security precaution in place.

Office XP integrates well with most third-party virus-scanning programs, including Symantec’s Norton AntiVirus and McAfee’s VirusScan. And if you have one of these applications on your system, they automatically check for viruses in every Word, Excel, and PowerPoint document you open. Not all virus-scanning programs support Office XP this way, so to verify that yours does, choose Tools > Macro > Security from any of these three applications. If it says Virus Scanner(s) Installed at the bottom of the dialog, you're all set.

Avoid unlawful entry

Just in case your PC is hacked or someone else gets physical access to it, you can use Office XP to protect your documents. Here's how to password-protect and encrypt Word, Excel, PowerPoint and Access documents on a document-by-document basis -- meaning, you do this for each one, not as a global setting.

Select Tools > Options > Security. Enter a password in the topmost box. Office XP offers three types of built-in encryption: Weak Encryption, Office 97/2000 Compatible, and several forms of the RC4 encryption method. For more information on XP encryption, visit the Microsoft support site. To encrypt a file with something stronger than the default Office 97/2000 scheme, click the Advanced button, choose one of the powerful RC4 encryption algorithms, and select a number in the ‘Choose a key length’ box. The higher the number, the more secure your document. The maximum is 128-bit encryption. For even stronger encryption, you might want to download and use the free GnuPG 1.0.7 program.

You can encrypt Office XP files with something stronger than the default Office 97/2000 scheme if required.

Holes in one

Recently, users have complained about other Office XP security problems. For one, Office Web Components, which lets you publish spreadsheets, charts and databases on the Web, may be susceptible to Web site- or email-based attacks. Microsoft has even pulled Office Web Components from its download page. If you don't publish interactive spreadsheets, charts or databases to the Web, you can uninstall Office Web Components, just to be safe. Go to Start > Settings > Control Panel > Add/Remove Programs, highlight Microsoft Office, click ‘Add or remove features’ > Next. Under Office Shared Features, locate ‘Office XP Web components’ (and ‘Office 2000 Web components’ if it's there), click the small arrow next to each one and choose Not Available. Click the Update button to uninstall these components.

Even security provisions like these aren't enough, however. Recently, Bulgarian security guru Georgi Guninski discovered two new holes in Office XP, only one of which has been plugged by Microsoft. That's why you should regularly visit the Office Product Updates page and check for security updates and service packs. So far, SP1 is the only such pack currently issued. It contains numerous security enhancements and patches, so download it ASAP. If you want to stay on top of the ‘official’ security situation from Microsoft, bookmark its HotFix & Security Bulletin Service Web page and visit it regularly.

Did you find this article useful?
29 out of 55 people found this useful

Post a comment

Full Talkback thread

1 comment

New Products

System Center Essentials 2010 Beta 1

If you spend more time fighting fires than adding business value through IT, it's time to look at Microsoft's comprehensive management solution for medium-sized businesses.

Chrome OS: a first look

Google has released source code for a preliminary version of its Linux-based operating system. Is it destined to dominate the netbook market? Here are our first impressions.

Office 2010 Beta: a first look

How does the first public beta of Microsoft's next productivity suite differ from the Technical Preview? We have a hands-on evaluation.

Microsoft Security Essentials

Security Essentials is recommended if you want 'set and forget' security. If you need more robust configuration choices, or don't want to contribute to the cloud, then look elsewhere.

View all Previews