Can anyone think of any other company that would purposefully design a program to crash because of a â€œsecurityâ€ feature? I sure canâ€™t. Microsoft is confident beyond reproach that Vista will be much harder to attack than its predecessors but the Office 2007 team refuses to set any security goals at all.
Microsoft claims itâ€™s because they donâ€™t have any goals to shoot for because either Office 2007 is already so secure or no vulnerabilities have yet been located but I find that hard to believe. As a matter of fact, one security feature was thought to be a flaw as Office 2007 would crash when documents with improper formatting were kept open. The claim regarding that idea is the document could have harbored rouge code that might try to execute so the application according to Microsoft â€œquitsâ€ but I call it a crash. ComputerWord discusses that in detail.
Office 2007 did not come from scratch, bits and pieces of Office 2003 code were reused in Office 2007. The development team is confident that their new Security Development Lifecycle (SDL) review process has caught and corrected any flaws. New code part of Office 2007 and old code part of Office 2003 were all part of the review process and if you believe them then no stone was left unturned.
Take the SDL review process with a grain of salt; you may remember the ANI cursor flaw that was present in all versions of Windows from 2000 right up to Vista and Vista was put through the SDL process as well. How a seven year old flaw made it into a modern operating system is anybodyâ€™s guess, I just think someone wasnâ€™t doing their job.
A security guide for Office 2007 is forthcoming but you can read a guide for Vista that has been designed for IT staff and system administrators if thatâ€™s your thing.