Newsletters Welcome, Guest Log In | Register
Blogs:

Kachina Shaw

Microsoft News and Notes

Observations about Microsoft, the world’s largest software vendor

About this Blogger RSS

< Previous | Next >

Subscribe

Sign up now and get the best business technology insights direct to your inbox.

  • Daily Edge
  • CTO Edge Update
  • Business Tools & Templates
  • Aligning IT & Business Goals
  • Maximizing IT Investments

1

Microsoft Office 2010, Gazelle Projects Try to Balance Security, Performance

Posted by Kachina Shaw Jul 24, 2009 3:25:16 PM

Microsoft Office, a target of a steady stream of vulnerability exploits, will get a set of new defenses in the 2010 release. Brad Albrecht, Senior Security Project Manager for Office 2010, writes on the Office 2010 Engineering blog that, "... any file that reaches your machine will get inspected for the file format being blocked, tested for validity, and maybe shown in a read-only protected state." The 2010 team is developing what it calls a more proactive approach in an attempt to "stay ahead of hackers," which is an optimistic take on what is usually termed a neck-and-neck situation, at best.

 

The File Block feature introduced in Office 2007 will get an update; the Office File Validation feature, based on the Validation feature in Publisher 2007, will validate (or not) file formats; and the Protected View will put the document into a sandbox, for a read-only view that denies access to other files and allows minimal access to the system.

 

Sandboxing has been getting extra attention lately, because of its placement in Google's new Chrome browser to deal with untrusted programs, and word that it may be heavily relied upon in the Google Chrome OS. Meanwhile, though it hasn't gotten quite as much attention yet, Microsoft is developing Gazelle, its OS-browser hybrid, which is said to employ sandboxing as a key security feature, while marrying resource management, access management and policy enforcement.

 

Performance is a key concern. Ars Technica's Ryan Paul writes that a research paper from the Microsoft Gazelle team says the prototype, which takes the isolation concept much further by separating processes for page elements, is exhibiting performance hits, but that the researchers expect to be able to improve them. As yet, no timeline for Gazelle has been made public.

 

Albrecht says the Office 2010 team is focused on creating a user experience that is not slowed by the security process, or complicated by more dialog boxes or "information that is not actionable." The "new security workflow" is built into the File Open process. Gartner Security Analyst John Pescatore says in this Computerworld piece that he likes the approach, but warns that sandboxing could indeed affect performance, and that switching out of the read-only format in order to make document changes may create a new annoyance for users.

Related Content

Add a comment Leave a comment on this blog post.
Jul 24, 2009 5:58 PM Guest Carly  says:

Office 2010 sounds interesting, but why wait for it to come out when you can use a product like eXpresso which already exists. I use eXpresso for business and personal needs and I LOVE IT! eXpresso provides real-time collaboration and editing control for shared Microsoft Office files in the cloud. Check it out at www.expressocorp.com
Reply

Related Content

Browse

Topic: Application Security

Protect company data with industry best practices and effective security tools

Blog: IT Needs to Get Control over IPhone Security

Article: Beta Doesn't Always Mean Bad

White Paper: What Every Executive Needs to Know about Application Security

Related Topics

Microsoft, Microsoft Office, Productivity Software

Featured White Papers

Browse

Software Forum: Information On Demand Virtual Experience

This interactive virtual forum presents leading IT experts providing the insights you need to turn your information into a strategic driver for innovation, business optimization and competitive differentiation.

Performance Under Pressure: The State of Enterprise Web Application Quality and Availability

This research study finds that Web application issues are an all-too-common problem and examines these Web-based enterprise application issues from two perspectives: that of an online customer and that of a site manager.

Resource Centers

Browse

Information Management

Tools, tips and solutions to help you manage your data more efficiently to tackle today's challenging economic environment.

Featured Whitepapers

From Business Intelligence to Business Optimization

Security Information and Event Management

Best practices, strategies and technologies to help you use security information and event log management efficiently and effectively in order to get business value in terms of increased security, reduced risk, regulatory compliance and increased business agility.

Featured Whitepapers

The Top Ten Insider Threats and How to Prevent Them

Data Deduplication

Data manipulation strategies that make data stores more manageable and reduce the need for storage capacity and its associated costs.

Featured Whitepapers

Minimizing the Impact of Economic Difficulties by Migrating from DAS to Networked Storage

Responding to Change

The technology tips and tools to enhance your ability to respond to business change with ease and success.

Featured Whitepapers

Driving Business Agility Through SOA Connectivity and Integration

Premium Tools

Browse

Six Sigma Framework for IT

This collection of tutorials, calculators, and templates will show you how to apply six sigma thinking to IT service management.

Learn more >

All About Reducing Your IT Costs

Looking to cut costs? Use this research-driven Excel tool to pinpoint which IT cost reduction measures best fit your needs.

Learn more >