Microsoft Office 2003 Systems Problematic For Antivirus Software

Published by

The latest test version of Microsoft Office 2003 could cause problems for antivirus companies because the XML-based format it supports will bog down scanning software, according to security experts.
The problem centers on macros embedded in documents in the Office 2003 beta, or test, version. When saved as an XML (Extensible Markup Language) file, the macros can more or less wind up anywhere. This means that scanners must search the entire contents of a file, rather than examine the part of the file where macros are always positioned. Although a simple solution has been put forward by the antivirus industry, Microsoft has not yet introduced any changes. A Microsoft spokesperson said the problem is an issue for XML documents in general and not specific to Office 2003. This change is fairly straightforward. The antivirus companies want a header placed into the file that tells the scanning engine where to look for the macros. In addition, in order to ensure that viruses don't slip through the cracks, the applications in the Office productivity suite should run only macros that are identified by the header, the companies say. Because an entire file needs to be scanned, the scanning agent will require more resources. In the case of mail gateway filtering, systems may even become susceptible to denial of service attacks if bombarded with a great number of (large) XML files. A Microsoft spokesperson acknowledged the issue, but said it affects all XML-based data formats and is not specific to Office. "The challenge of stopping viruses in XML documents is (an) industry-wide (issue), and not (limited to) Microsoft Office 2003," the representative said. "In fact, Office 2003 it is not any more prone to macro viruses than any previous version." The software giant's representative stressed that Office 2003 is compliant with the World Wide Web Consortium (W3C) standards, but added the company is willing to work with antivirus software makers on the problem. Full story at CNet News.