Office 2010 Application Security
Hello, my name is Brad and I work on the Office security team; we focus on a couple of key areas: building security features that improve the Office product line and driving the security engineering process across the division as part of the Security Development Lifecycle (SDL).
I would like to start with a high-level introduction of several of the new security features in Office 2010, what our goals are, and how we think about them. Because shipping Office isn’t about how we think about it, but instead how you think about it, feel free to ‘send a smile’ with the Technical Preview and let me know if we hit the mark.
Staying ahead of hackers
To start things off, ‘Why?’ is always a good question. Why did we spend time doing anything in this space, and to what end? Well, as the security landscape has been changing, Office has had the misfortune of becoming one of the next big targets for hackers to attack. They have been going after many of our file-format parsers and how we read Office files. They’re looking for ways to exploit bugs and to get their code running on your machine. We have done a lot of work to find and fix bugs, but we can’t find everything. We have to take a more proactive approach and build Office to be more resilient to attack.
To do that, we have designed what we have been referring to as a new security workflow, a layered defense that Office documents have to go through as part of the File Open process. We strive to make this process as invisible as possible. This means no noticeable delay in open times, as well as no dialogs asking you how you feel about security.
File Block improved
The security workflow we designed has several key features that we believe achieves the goals. First, we have improved our File Block feature that was introduced in Office 2007. We now have a way to configure it in the application and have a finer level of granularity to manage how Word, Excel, and PowerPoint open their file types.
Office File Validation: integral and non-intrusive
Another feature is our new binary file-validation system, which call Office File Validation. Since the vast majority of the exploits have focused on our older file formats, pre-dating our XML versions, we built a system that can validate those files to make sure they conform to the documented format, before they are opened by Word, Excel, or PowerPoint. This is something we did in Publisher 2007, which worked out pretty well. Office File Validation is an integral part of Office that on most days, you would never know exists.
The next question is ‘What do you do with those blocked or invalid files?’. Well, if we just blocked a file and said it was invalid, you would probably be pretty curious why it was invalid, or if maybe we made a mistake. Or, you may be sure you know what it is, and still need to read it. Denying you access to these files doesn’t really meet our goals, so we also built another system we call the Protected View.
Protected View: more security, less annoyance
Protected View is a way for us to show Word, Excel, and PowerPoint files to you, but without all of the worry about those files being dangerous. We build up a read-only view of the document in an isolated sandbox, which has minimal access to the system, and no access to your other files and information. Even if the file is malicious, it can’t get out of the sandbox and do harm to your computer or data.
By tying all of these features together into a layered defense, any file that reaches your machine will get inspected for the file format being blocked, tested for validity, and maybe shown in a read-only protected state. All this happens in real time, with an indistinguishable performance impact on your load time, and you can open these Office files without worry.
The other goal to make these features and workflow successful is that they don’t get in the way and instead have a positive impact on your experience. That means fewer dialog boxes and less information that is not actionable. We need to make security smart enough to get out of the way when its job is done. To do that, we have made files that open in Protected View remember when you chose to trust them, so you don’t have to re-trust them next time. You are not less secure; you’re just less annoyed (hopefully!).
In future posts, my team and I will be digging into these and other features to explain how they work and give some insight into how to get the most out of them for system administrators. Stay tuned, and give feedback if you want to hear more about a specific security feature. We hope you enjoy using Office 2010, as much as we have enjoyed working with you toward its creation.
Thanks,
Brad Albrecht
Senior Security PM
Office Trustworthy Computing
Comments
Anonymous
January 01, 2003
The Office IT blog is continuing to provide great insight into the development process that occurs behind what has been a leaded curtain for so long. For developers who are able to read between the lines, there are some gems in there for us to extrapolate and start using in our own works. http://theycallmemrjames.blogspot.com/2009/07/more-on-office-2010.htmlAnonymous
January 01, 2003
The comment has been removedAnonymous
January 01, 2003
I've got a Word 2003 template I'm trying to open and OFV repeatedly tells me there's a problem with it. I'm told it can't be opened and seems to say it's because there are macros in it that could be malicious. That that doesn't seem to be the reason -- I'm able to open other 2003 templates with macros. So I assume it's corrupt in some way. But this error message is quite insufficient to instruct me on how to proceed.Anonymous
January 01, 2003
The comment has been removedAnonymous
January 01, 2003
Wow! Really seems like you've got it all right. I'm always worried about my family opening documents without first asking themselves if it is "safe". I really like where I see Office 2010 heading and really excited to see the final product.Anonymous
October 24, 2009
Will Office 2010 (Word & Excel)be HIPAA compliant via cloud computing?Anonymous
November 02, 2009
This feature will cause major problems for my company as currently implemented! I'm getting the following error message when attempting to create a new document from a Word template (.dot): "Office File Validation detected a problem while trying to open this file. This file could potentially contain harmful content and has been blocked from opening." These templates contain code (macros) we developed and work on other systems. Details:
- VBA code signed using a 3-year certificate from GoDaddy, expiration in 2012.
- Word 2007+: Trusted Locations include a directory 1 level above that containing the template, with sub-folders Allowed. The error dialog has a 'Help' button, but (surprise, surprise, surprise) does not provide any relevant or useful help. What do we need to do to satisfy MS Weird 2010?
Anonymous
November 04, 2009
To Scott Holmes - the File Validation feature is still getting dialed in and has a higher false positive rate in the Tech Preview than it will when we ship. One thing you can do to help us dial it in is to send in the file that is failing validation. You should be getting asked to submit the file when you exit Word. If you'd rather, you can simply email me the file at bencan_at_microsoft_dot_com and we can see if the file is still failing validation and why.Anonymous
November 19, 2009
Espero que seja facil e bom de trabalhar,tambem gostei do programa de 2007. O meu muito obrigado pelo vosso esfoço.Anonymous
November 21, 2009
I too am getting "Office File Validation detected a problem while trying to open this file. This file could potentially contain harmful content and has been blocked from opening." after I have saved the file as a trusted template. I'm not willing to send you the file, it has proprietary company info. The file works fine in Word 2007. If I am trusting it you should not be blocking it!!Anonymous
November 22, 2009
The comment has been removedAnonymous
November 23, 2009
Will Excell 2010 have improved VBA Security? While I can currenlty lock an Excel file so that it is almost unbreakable, we have very weak protection on the password to protect viewing of VBA code. Will this be improved with strong encryption in 2010?Anonymous
November 27, 2009
The comment has been removedAnonymous
December 04, 2009
Getting a Office File Validation error on a excel file that was opening fine through the beta 2010 version yesterday and for weeks prior. I can still open the same file on a different computer with office 2007 on it, so I don't know what the problem is or what to do to fix it.Anonymous
December 06, 2009
The comment has been removedAnonymous
December 06, 2009
The comment has been removedAnonymous
January 06, 2010
word 2010 crashes every time if I select the file option. But other applications work fine with out any problemAnonymous
January 21, 2010
aAnonymous
January 23, 2010
Same problem here, Excel simply refuses to open a file claiming there is "a problem" with it; I don't even get an option re protected view. And even worse, attempting to add a location to Trusted Locations results in a curt rebuke along the lines of "Microsoft arent going to allow you to do that on your machine for security reasons"?? How much control does Microsoft want to exercise over people? 2010 is being uninstalled right now.Anonymous
January 30, 2010
When I open my file, one Notice appears : "The Office File Validation feature has blocked this file from opening as it may contain harmful content." I don't know what the problem is. How can I solve it? Thank for your help!Anonymous
February 08, 2010
I resolved the problems I was having (excell not allowing a file to open) by adding the file location to "trusted locations" in the trust center. Might give it a try........Anonymous
February 27, 2010
Im also having troubles with word beta crashing all the time few seconds after openingAnonymous
March 07, 2010
word 97 autotext files will not open File validation errorAnonymous
March 08, 2010
Ditto what James Hutchens said. I added the location as a trusted location and now it works.Anonymous
March 15, 2010
This is about the only place it seems we can feedback problems to you illustrious and glorious MS development team on the subject of Office 2010. The questions is why(unlike previous Beta versions of Office)does perfectly good VBA code developed and tested in Office Suite 2007 and 2003 no longer work properly in 2010? The second question is why is the standard of Help on this product so pathetic?Anonymous
April 05, 2010
I'm getting the following error message progressively in all my PPTs: "Office File Validation detected a problem while trying to open this file. This file could potentially contain harmful content and has been blocked from opening." The message should say what to do to fix the issue. Blocking with no way out is unacceptable. Unless I receive a workaround I will be forced to abandon MS Office 2010. Many messages above mention the same issue. Is MS taking care? After the Vista scandal MS should take problems seriously.Anonymous
April 15, 2010
The comment has been removedAnonymous
April 20, 2010
EVERY file attachment I attempt to open from Outlook gives that warning and will not open. Example: Word do attached to e-mail. I click to open. I get the error "Office has detected a problem with this file... cannot be opened" message. It doesn't give me an option do use protected view. I click OK to the error message, go back to the e-mail and double-click the attachment and it opens fine. What a pain. I have gone into the Trust Center and unchecked all the options. Still same problem. EVERY attachment I try to open behaves the same.Anonymous
April 22, 2010
The comment has been removedAnonymous
April 25, 2010
I don't have 2010 yet. However, if the first poster is correct, I must echo his statement. Sheet level security is critical to me. I've developed an 'application' within an excel file with all the intellectual property aspects hidden and 'protected'. Our intent is to resell this template. Yes, an Excel expert could eventually build a workbook that mimicks what we have built - but they should have to work as hard for it as we did, rather than be able to steal it. It is also a valid point that we could have built it using C# and distributed it as an executable, but that's extra work and customer support.Anonymous
May 11, 2010
The comment has been removedAnonymous
May 13, 2010
Hi development Team, I am facing problem in opening the excel file through IE6.0 SP3. When i open the files, IE(may be)creates index inside content.IE5. when i open it from IE and this local temp temp directory. It results in : .xls file locked for editing by 'userName'. I googled but didn't find any working solution. This problem is only with excel file and IE6 SP3.Anonymous
June 24, 2010
Nice post.Keep it up!Anonymous
August 05, 2010
Will Excell 2010 have improved VBA Security? While I can currenlty lock an Excel file so that it is almost unbreakable, we have very weak protection on the password to protect viewing of VBA code. Will this be improved with strong encryption in 2010?<a href="www.isisandosiris.in/">Seeking Women</a>Anonymous
September 06, 2010
We've have been looking for some insight as to how to continue to deliver PowerPoint files which contain VBA code that is inserted by our flag ship product ActivePresentation Designer. Prior to Office 2010, we invested in digital certificates from VeriSign to give users the ability to trust us a publisher, a one time operation that meant no further security alerts were displayed. With the advent of Protected View, this benefit for our company seems to have vanished which means the products we have developed no longer work as we are unable to deliver any of these types of products from our web site without users having to understand this new MSO feature and hence we loose them almost instantly or they create additional support costs for us. Is there a commercial grade solution to this issue that disabled Protected View when a publisher is know to be legitimate?