Microsoft attempts to lock down Office

Microsoft has restructured its approach to security in the latest release of Office

Microsoft is touting a new set of security features designed to lock down Word and Excel. The software giant said it hopes the move will end Office's run as a favourite target of malware authors and remote attackers.

Josh Edwards, technical product manager for Microsoft Office, explained in an interview with vnunet.com that Microsoft completely restructured the way it approaches security in the latest release of Office. 

Edwards said that the new approach began three years ago when the company realised that it had to make security a central priority.

"The idea was how we could integrate security in such a way that it is not a feature, but more of a philosophy," he said.

In order to shift security to centre stage, Microsoft took several steps to ensure that security research was integrated into the development process for Office.

Edwards said that the company brought in outside researchers to find weaknesses, and required its project managers to become proficient in security.

The renewed focus on security for Office is well timed. Increasingly sophisticated attackers have shifted much of their focus from vulnerabilities within Windows to applications such as Excel and Office.  

"Every file type, every application that is broadly used, is facing the same situation right now," said Edwards.

"Office, being a commonly used application, has received a lot of that attention, and has driven a lot of the things we're doing with security."

One these measures is the move to the OpenXML document format. The new format stores different parts of the document separately, keeping formatting and document information away from the actual data itself.

Microsoft hopes that OpenXML will make it easier for security software to isolate the areas where malicious code may be located and remove exploits placed within documents.