Microsoft Office, a target of a steady stream of vulnerability exploits, will get a set of new defenses in the 2010 release. Brad Albrecht, Senior Security Project Manager for Office 2010, writes on the Office 2010 Engineering blog that, "... any file that reaches your machine will get inspected for the file format being blocked, tested for validity, and maybe shown in a read-only protected state." The 2010 team is developing what it calls a more proactive approach in an attempt to "stay ahead of hackers," which is an optimistic take on what is usually termed a neck-and-neck situation, at best.
The File Block feature introduced in Office 2007 will get an update; the Office File Validation feature, based on the Validation feature in Publisher 2007, will validate (or not) file formats; and the Protected View will put the document into a sandbox, for a read-only view that denies access to other files and allows minimal access to the system.
Sandboxing has been getting extra attention lately, because of its placement in Google's new Chrome browser to deal with untrusted programs, and word that it may be heavily relied upon in the Google Chrome OS. Meanwhile, though it hasn't gotten quite as much attention yet, Microsoft is developing Gazelle, its OS-browser hybrid, which is said to employ sandboxing as a key security feature, while marrying resource management, access management and policy enforcement.
Performance is a key concern. Ars Technica's Ryan Paul writes that a research paper from the Microsoft Gazelle team says the prototype, which takes the isolation concept much further by separating processes for page elements, is exhibiting performance hits, but that the researchers expect to be able to improve them. As yet, no timeline for Gazelle has been made public.
Albrecht says the Office 2010 team is focused on creating a user experience that is not slowed by the security process, or complicated by more dialog boxes or "information that is not actionable." The "new security workflow" is built into the File Open process. Gartner Security Analyst John Pescatore says in this Computerworld piece that he likes the approach, but warns that sandboxing could indeed affect performance, and that switching out of the read-only format in order to make document changes may create a new annoyance for users.