Advertisement
Promo

Security threats Toolkit

Office 2003 may pose antivirus dilemma

Patrick Gray ZDNet Australia

Published: 21 Mar 2003 15:24 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Microsoft's latest Office 2003 beta version is set to cause problems for antivirus companies because the XML-based format it supports will bog down scanning software, according to security experts.

The dilemma revolves around macros embedded in Office 2003 documents. When saved as an XML file, the macros can more or less wind up anywhere. This means that scanners must search the entire contents of a file rather than examining a part of the file where macros are always positioned.

Although a simple solution has been put forward by the antivirus industry, the software giant has yet to address the issue.

This change is fairly straightforward. The antivirus companies want a header placed into the file which tells the scanning engine where to look for the macros. In order to ensure that viruses don't slip through the cracks, Office applications should only run macros that are identified by the header.

Jan Hruska, founder and joint chief executive of antivirus firm Sophos, said that while Microsoft has come a long way in terms of security over the years, the XML issue isn't making life easy.

"Traditionally, when Microsoft had a choice between functionality and security, it has gone for functionality every time," he told ZDNet Australia.

So whilst a more open format such as XML can be very useful, it doesn't make it easier for AV companies to deal with, Hruska said. "The looser the format, the harder it is to parse," he added.

Because an entire file needs to be scanned, the scanning agent will require more resources, and in the case of mail gateway filtering, may even become susceptible to denial of service attacks if bombarded with a great number of (large) XML files.

Computer Associates manager of virus research Jakub Kaminski agreed with Hruska. Although he didn't want to "get into the politics of it all", he said the technical challenges to the antivirus industry that the issue presents could be huge.

Kaminski also pointed out that once the format has been released, all future office products will support it, thus antivirus software will have to support it as well.

"Microsoft is certainly willing to cooperate with the antivirus industry," Kaminski said, but noted, "there's a huge argument going on right now... people you talk to have knowledge but don't have the authority."

Kaminski said the problem stems from the header of the file not containing enough information about macros. "You can identify by a couple of hundred bytes that it's a Word document... however, the problem is to identify that the document contains macros," he said.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Let the editors know what you think in the Mailroom.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
55 out of 71 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:






Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters