In a move that is only slightly less amazing than the possibility of there being an announcement of discovery of other excellent browsers in the marketplace, Microsoft has announced that it will, sometime in the next year, begin to bring the code used to protect Office files in Office 2010 to the Office 2003 and Office 2007 versions.
This is the only time I can remember anything of this nature being done by this company. The usual company line is that, to get the latest and best protection, one must have the latest and best version. It must be the final acknowledgement that Microsoft is slipping, at least in the minds of the buying public, insofar as adding features worthwhile of major upgrade.
Of course, the updating will be looked upon as one of those preemptive security moves, protecting the entire Office community, and so that will allow Microsoft to dismiss my posit above.
Microsoft said on Tuesday that it would backport an Office 2010 security feature to the older and more widely used Office 2003 and Office 2007 early next year.
Dubbed Office File Validation (OVE), the technology validates older, pre-XML file formats for Word, Excel, PowerPoint and Publisher, then opens those that don’t conform to the documented format — rigged files containing an exploit, for example — in a special "sandbox" within Office 2010 called Protected View.
The working of the system will not be quite as sweeping as one might think, as the sandbox will not be part of the porting. Instead, a simple validation will take place before the opening of a file and the user will be given a warning that there may be a problem with the file.
Useful? Yes. Revolutionary, or totally amazing? Not quite.
The users of Office XP will be left out of the updates, and Microsoft warns that those users are more vulnerable to the sort of malformed file attacks that they are hoping to mitigate with this.
The additions will also allow the issuance of signatures, similar to antivirus signature files, which will further allow the whitelisting of acceptable files, and pop up the expected warning on files of less than perfect form. The availability of these signatures will not come when the first changes, the warning code, is made available. The Microsoft spokesperson could not be pinned down on an exact time schedule, but only that the changes would come “next year”.