Sophos identifies security loophole in Office 2000
Following a security analysis of the latest beta version of
Office 2000, Sophos has issued a technical paper to help users
maximise security. The document includes an explanation of the
different security levels Office 2000 offers, and highlights
possible pitfalls.
The UK security specialist is concerned that the hype
surrounding the introduction of digital signatures to the package
will make users drop their guard and let viruses in.
"It is perfectly possible for a document to arrive with a valid
digital signature, from a trusted source, and still have a macro
virus," said Paul Ducklin, Head of Research at Sophos. "For
example, if you regularly receive emails with macros in from
someone you know well, and they happen to get infected by a macro
virus, the document will be modified by the virus, but will also
have a valid digital signature. This means that email viruses can
get through despite the use of Office 2000 digital signature
system."
"Office 2000 can provide enhanced protection against viruses -
if you know how to use it," he added. "It offers three security
levels, which enable or disable macros based on the presence or
absence of a valid digital signature. While this will do a great
deal to prevent macro viruses, it is not absolute. The information
contained in this paper will empower people to make informed
decisions about their IT security."
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.