Day 3 of TechEd also proved to be full of fun, interesting sessions, and one-on-one discussions with Microsoft’s staff. Despite the morning getting off to somewhat of a slow start, there were five sessions I was interested in attending—of course, all of them were scheduled to take place at 3 P.M.
The first one that caught my eye—”Windows 7 at Mach 5″—got moved to a smaller room, and attendees were barely able to see anything … a bummer. So, I ran across the entire convention center to go to another session that focused on one of the most important security features in Office 2010.
Office 2010 Security
Although out of breath, I managed to make it to “OSP281 – Advances in Microsoft Office Client Security”. Brad Albrecht, senior security program manager on the Office team discussed Office File Validation, a sort of “gatekeeper” that analyzes each and every document, Excel spreadsheet, or presentation you open. Office 2010 checks these files and scans for typical patterns that Microsoft evaluated over a six-month timeframe. (Over the course of this period, thousands and thousands of Office files were analyzed.) In terms of performance, it doesn’t make a noticeable difference—the validation feature just needs 100 milliseconds.
Over the past three years, this “gatekeeper” was able to detect 100% of all PowerPoint, 82% of all Excel and 93.8% of all Word exploits and attacks. This, of course, does not mean that you don’t need antivirus software anymore, but it shows how effective this gatekeeper is.
Another Office 2010 feature that was introduced was the “sandbox” feature, wherein a file (Word, Excel or PowerPoint) that you receive via e-mail, or that has been recognized by the “gatekeeper” as a problematic file, gets put into “Protected Mode”. Users have to specifically agree to exit the “sandbox” in order to edit or print the document. From a technical perspective, “sandbox” works like this: when a Word file gets put into the feature, for example, Microsoft Office will launch a second, very restricted instance of Word. The window itself (also called “chrome”) is your regular Word processor. Then there is a “broker” which is a limited Word processor that just displays the dangerous content.
So, which files get put in the “sandbox”, and why? This photo shows the types of files that get flagged as dangerous.
For example, if you download a file from the Internet, every file that gets downloaded with a browser is marked. The same thing happens with files that you receive via Outlook. Imagine that your mom sends you one of these funny PowerPoint slides. Maybe she downloaded it from an untrustworthy source, and it got infected with a virus. If you open the slide in Outlook, the virus will be prevented from running, since it only goes into the “sandbox”.
Check out our next post, which will cover sessions on Windows Embedded and the future of Windows in smaller … and much smaller … devices!