Many of you already know about sandboxing and why it’s useful. For those of you who don’t, a sandbox (wikipedia article) provides an added layer of security on your computer by running unfamiliar code in an isolated space. Security threats change rapidly, and it’s become virtually impossible to stay ahead of the bad guys (or even hot on their heels).
Sandboxing can help level the playing field. Several popular applications make use of a sandbox – Google Chrome, for example – and many programs can offer that kind of protection for your whole system.
Office applications are becoming an increasingly popular target for malware developers. As Microsoft puts it on their Engineering blog, “as the security landscape has been changing, Office has had the misfortune of becoming one of the next big targets for hackers to attack. They have been going after many of our file-format parsers and how we read Office files. They’re looking for ways to exploit bugs and to get their code running on your machine.”
The time to add some updated security kung fu to Office 2010, and Microsoft has decided on sandboxing. “We have done a lot of work to find and fix bugs, but we can’t find everything. We have to take a more proactive approach and build Office to be more resilient to attack.”
Office 2010 will feature a “a layered defense that Office documents have to go through as part of the File Open process.” Even if you were to receive an Excel worksheet with malicious macros, Office 2010 should prevent them from doing anything shady.
It’s certainly encouraging to see companies getting proactive about security. Here’s hoping we’re witnessing the start of a trend.
[via The Register]
Originally posted 2009-07-24 18:19:28.