Melbourne, I honestly don’t understand your response to my question. Are you saying that if I use Word to open a file, that file might be harmful even if it contains nothing except text and Word-style formatting?
But Microsoft does not open those apps in the sandbox, only MS Office apps.
If you really want to be secure, create a new account with limited privileges and use that unless you actually need administrator rights for something.
Adobe Flash and Acrobat Reader are 3rd party programs. Deciding what Adobe needs to in order to secure them is not Microsoft’s job.
Starting with IE7, Internet Explorer does have a protected mode (enabled by default). It’s just less obvious.
Links:
http://windows.microsoft.com/en-ca/windows-vista/what-does-internet-explorer-protected-mode-do
https://msdn.microsoft.com/en-us/library/bb250462%28v=vs.85%29.aspx
This mode causes IE to prompt you when a website tries to run, download or install a file/program. The options for securing IE are somewhat limited because in the end it needs to download content from the internet in order to function properly whereas in office, the protected mode can be more secure as you have already downloaded the document.
Not sure if you’re being sarcastic. Macros should have always been designed with limited privileges. For instance, they should only be able to read and write to the document containing the macro itself, with office making periodic incremental backups of the document in case the macro destroys data. Access to other documents should require the macro to make an API call to office that will cause some kind of file selection browser gui, provided by office, where users can decide which of their files they want to give the macro access to.
These are common sense, captain obvious things that should have been done.
You’re essentially saying that Office should be something that is a completely different product from what it actually is. VBA is pretty nearly a full application development suite; this is not some sort of accidental design flaw, it’s a set of powerful features.
It’s a series of dangerous features that are a relic of the past. Modern OSes now sandbox everything and prevent them from accessing any information they didn’t create themselves, with a dialogue box to permit read only access to additional information.
Yes. (damaged text and formatting)
This has been a BIG problem with PDFs and Flash, and a problem with IE and Java, and a small problem for Word and Excel and anything else.
If you download a picture, a jpg, from the internet, it has the potential to crash the program you are using to view it, and in crashing run some nasty virus. Of course, all the programs that view jpg pictures have been fixed to make sure that doesn’t happen, which is why you have to keep everything updated, but the potential problem exists all the time for any program, which is why sandboxing has become more common.
Microsoft does not open pdf’s. Acrobat Reader opens pdf’s. Acrobat Reader does not open Word documents, Microsoft Word opens Word documents.
Adobe Acrobat Reader opens pdf’s in a sandbox in version 10 and 11.
Microsoft Office opens office documents in a sandbox in version 2010 and later.
<shrug>I neither agree nor disagree - because you’re saying Office should be something very different from what it already is designed to be. Like if you suggested that the Ford Motor company should make and sell tinned sardines instead of cars - they could - maybe they should, I dunno if it would be better or worse, or how to compare the two.