Sophos identifies security risk in Office 2000

Sophos identifies security risk in Office 2000

Resellers and end users have been warned to update virus and security protection as they roll out Microsoft Office 2000 after enterprise security and anti-virus company, Sophos, identified a "security loophole".

Having investigated Office 2000, the UK security specialist expressed concerns about users ignoring new virus and security threats as they absorb "the hype" that is being generated about the software suite's digital signatures features.

Digital signatures are supposed to authenticate the source of a document.

"It is perfectly possible for a document to arrive with a valid digital signature from a trusted source and still contain macro viruses," Sophos Australia's director Richard Baldry said.

"For example, if you regularly receive e-mails with macros from someone you know well and they happen to get infected by a macro virus, the document will be modified by the virus, but will also have a valid digital signature.

"This means that e-mail viruses can get through despite the use of Office 2000's digital signature system."

Baldry said that Sophos has identified that Office 2000 can provide enhanced protection against viruses, if treated correctly. "There are three security levels, which enable or disable macros based on the presence or absence of a valid digital signature," he said.

Baldry said it was always a good time to revisit security and anti-virus solutions when introducing new desktop applications.

"In Office 2000, the format of files have changed somewhat and we have already seen viruses that exploited the new features in the suite.

"People should make sure they are getting up-to-date signatures and that any new applications they install are covered.

"It is something to be aware of. Lots of organisations pay for updates and don't ever implement them. It is important that they take that step with new products."

For a full copy of the white paper on possible security loopholes in Office 2000, which was published by Sophos, point your browser to:

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


Show Comments