Saturday, September 26, 2009

Office 2010 protects documents from untrusted sources like the internet

Typically, when you open something through MSWord, Excel through direct download, all components within that document such as internet links, scripts or procedures may be enabled (depending on your security levels).

One feature i really like in Office 2010 is the fact that the software “knows” and treat whatever office documents downloaded via the internet and mark them as “public/unsafe”

Documents opened in Protected View (as its called) prevents malicious codes from being executed through sandboxing the application or isolating its process.

When launching a document in this mode, the task manager shows 2 processes of winword.exe (Microsoft word executable binary). Assuming that one of it is the original application running in normal mode but the one with the smaller memory footprint is probably the one being sandboxed (reduced functionality).

image

Once you’ve accepted to edit, see the ENABLE EDITING button on top right, it will execute the process in normal view and the so called sandboxed version is no longer in memory.

image

Protected view prevents application attacks that attempt to inject and run code by enabling features such as ASLR, DEP and /GH.

I like this. Helps users be automatically protected, view the content first (incase curiosity gets the better of you) and then decide to “enable” the document in normal view.

Good stuff!

Have a wonderful weekend.

Post a Comment