D'Arcy from Winnipeg
Solution Architecture, Business & Entrepreneurship, Microsoft, and Adoption

Word 2010 – Heightened Security Not Just for Airports

Sunday, January 10, 2010 10:37 PM

It would appear that one of the biggest threats to our digital security has been exploits in Word documents. Or at least, from the extensive security features built into Word 2010, one would come to that conclusion.

I came across an odd issue tonight while testing a Silverlight application. I had a Word document (a .doc file, not .docx) on a webserver, but when I tried to access it I got this:

image

To which I said “Yes”, but when Word 2010 opened up, I got this message:

image

I thought maybe there was an issue with the file itself, but no: I could download it and open it locally without a problem. However, I did notice something when I did that…

image
Word 2010 was able to determine that the file came from the internet and warned me that it “might be unsafe”. Notice the “Protected View” verbage in the heading. I wanted more info, so I clicked. I was brought to a screen where it explained in a bit more detail:

image

Now going to Protected View Settings brings up a security console that would make Norton squirm. And, remember; this is WORD!

image

This is the Trust Center: a place where you can set all sorts of security settings for your Word documents and how Word 2010 acts when opening a document. This is the Protected View area which gives us the ability to enable the feature for various scenarios. Unchecking the middle two boxes got rid of the message on my .doc file when opening in Word 2010 locally. However, I tried all sort of combinations and still couldn’t get Word to open the file from my webserver.

So unfortunately I have no solution. It is, after all, still in beta. But I’m not sure what I’m more concerned about: not being able to open a doc from an internet location, or knowing I’m going to have to read a manual on security features just to use the next version of Word productively.




Feedback

No comments posted yet.


Post a comment