ESecurityGuy
USER: Visitor
PRINT PAGE
Home > Free Security Articles > Tips > Microsoft Word Security FAQ August 1, 2010


Free Newsletter
Free Security Articles
Free Security Software
Free Security Tools

Security News

Feedback Form

Site Map


Username

Password

Click here to register.

Microsoft Word Security FAQ

Running on 92 percent of all desktop computers, Microsoft Word is the dominant force in word processors. As a popular target for the computer bad guys, it has had a reputation for having numerous security problems.

What to Do

  1. Upgrade, upgrade, upgrade -- if you can. Microsoft has released numerous security upgrades and fixes for its Word product. Fixes should be applied when they are made available, however it isn't always possible to perform an upgrade without high costs.

    Newer versions of Word require newer versions of Microsoft Windows, which in turn require newer hardware to run. A security update could mean a whole new computer, a whole new version of Word, and a whole lot of expense.

  2. Always run anti-virus software. The eSecurityGuy's article on configuring your new computer contains great information and links.

  3. Don't allow macros to run. Macros are small programs embedded into the Word document itself, and are intended to make the word processing experience easier. The bad guys, however, use macros to make life much more difficult.

    Whenever Word asks if you should trust a macro contained in a document from another person you should tell it to not trust the macro. In fact, you should configure Word to not run macros by selecting High for the macro security level in the Macro Security dialog.

  4. ActiveX is a security nightmare. In addition to Macros, Word has the ability to run what Microsoft calls ActiveX controls. These controls are actually full programs that can cause major havoc with your computer. ActiveX security settings should be set to either not run ActiveX, or to prompt the user before a control is run.

  5. Signed Macros and ActiveX Controls should be carefully scrutinized. Microsoft has recently included signature technology into Word so that Macros and Controls can be digitally signed in an attempt to authenticate these potentially malicious programs. These signatures are created through the use of Public Keys so that Word can display a screen saying that the particular Macro was signed by Microsoft, or some other entity.

    It is important to note that Microsoft, and most other entities, do not verify precisely what a signed programs does. They only certify that they have seen it, which doesn't do much for the security of your computer.

  6. Password Encryption Provides Minimal Security. The encryption performed by Word, when enabled, provides very little real security. Numerous programs, such as Word Password are guaranteed to be able to crack the password used on any Word document. Consult a security expert if you need strong encryption.

See Also

View Responses (0) Post Response


Free Computer Security Newsletter
Your email address:

Your name:

Listen to Craig on ClearChannel radio every Saturday from 6 to 9am on WGIR, WGIP and WGIN. Visit WGIR

© Copyright 2003- 2007 DGKL, Inc. PRINT PAGE