Digital signatures - a new coat of paint for the Trojan
horse
SYDNEY - Following a security analysis of the latest beta
version of Microsoft Office 2000, Sophos has issued a technical
paper to help users maximise security. The document includes an
explanation of the different security levels Office 2000 offers,
and highlights possible pitfalls.
Sophos, which has just opened an Australian office, is Europe's
leading developer of anti-virus software products.
The UK security specialist engaged to investigate Office 2000 is
concerned that the hype surrounding the introduction of digital
signatures to the package will make users drop their guard and
allow viruses in.
"It is perfectly possible for a document to arrive with a valid
digital signature, from a trusted source, and still contain macro
viruses," Sophos Australian director, Richard Baldry, says.
"For example, if you regularly receive emails with macros in
from someone you know well, and they happen to get infected by a
macro virus, the document will be modified by the virus, but will
also have a valid digital signature. This means that email viruses
can get through despite the use of Office 2000's digital signature
system."
Sophos says Office 2000 can provide enhanced protection against
viruses - if you know how to use it. It offers three security
levels, which enable or disable macros based on the presence or
absence of a valid digital signature, Baldry says.
While this will do a great deal to prevent macro viruses, it is
not absolute. The information contained in this paper will empower
people to make informed decisions about their IT security, Sophos
says.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.