Microsoft Office converter to disinfect virus files

Microsoft programmers are working on a file conversion program that will disable infected Office 2003 files by converting them into the new, XML-based Office 2007 formats, AccountingWEB's John Stokdyk reports.

Called the Microsoft Office Isolated Conversion Environment (MOICE), the converter will be available in a few weeks time and was previewed by Microsoft security technologist David LeBlanc.

Malformed Office document files are becoming an increasingly popular means for gaining control of remote PCs - for example to build so-called spam "botnets". Last week's monthly security bulletin from Microsoft, for example, included news of seven critical updates, three of which addressed malformed file threats affecting Office itself, Word and Excel.

Trojan horses, worms and keyboard logging viruses can be propagated via Office documents sent as email attachments, or via "drive-by" downloads from malicious websites. VBA macros can also be constructed to let hackers take control of remote computers. According to a recent study (9-page PDF) conducted by Google, 10 percent of 4.5 million sites surveyed successfully launched such attacks (not all of them via Office documents - but some will use this route).

The new Office file formats were designed to eliminate security problems, LeBlanc explained and to make the documents more transparent. To achieve this, Microsoft stripped out a lot of the internal code that is often vulnerable to attack. What MOICE does is direct a suspect attachment to a quarantine area where it can't affect the network and then convert it into the XML-based Office 2007 format and then back into an Office 2003 .doc, .xls or .ppt file. Some of the tools used in this process are based on the Office 2007 file converters supplied by Microsoft to let users of older versions open and edit the new formats.

LeBlanc acknowledged that there will be some downsides to the new MOICE tool. "Converting a file twice before you can open it adds a performance penalty," he wrote. "Whether it's something you'll notice depends on the size of the files - if you use it to pre-process resumes, you may not notice, but larger documents could take a noticeable amount of time. We're also stripping out things like macros and VBA projects - sure, it's a big app-compat hit, but this is a security feature."

You may like these other stories...

How are you planning? What tools do you use (or fail to use) for forecasting? PlanGuru is a business budgeting, forecasting, and performance review software company based in White Plains, N.Y. AccountingWEB recently spoke...
Event Date: October 30, 2014, 2 pm ETMany Excel users have a love-hate relationship with workbook links. For the uninitiated, workbook links allow you to connect one Microsoft Excel spreadsheet to other spreadsheets, Word...
Event Date: September 9, 2014, 2:00 pm ETIn this session we'll discuss the types of technologies and their uses in a small accounting firm office. Included will be:The networked office: connecting everything together for...

Already a member? log in here.

Upcoming CPE Webinars

Aug 21
Meet budgets and client expectations using project management skills geared toward the unique challenges faced by CPAs. Kristen Rampe will share how knowing the keys to structuring and executing a successful project can make the difference between success and repeated failures.
Aug 26
This webcast will include discussions of recently issued, commonly-applicable Accounting Standards Updates for non-public, non-governmental entities.
Aug 28
Excel spreadsheets are often akin to the American Wild West, where users can input anything they want into any worksheet cell. Excel's Data Validation feature allows you to restrict user inputs to selected choices, but there are many nuances to the feature that often trip users up.
Sep 9
In this session we'll discuss the types of technologies and their uses in a small accounting firm office.