Developments in Microsoft Office System 2003, due to be
launched next month, could lead to the creation of the first
.net-based worm, it emerged this week.
Word macro viruses have plagued users of Microsoft Office since the
Melissa worm first appeared in April 1999, costing businesses
millions of pounds in repair work and downtime.
But the release of Office System 2003 will provide a far more
powerful mechanism for embedding potentially malicious code in
Word, Excel and Powerpoint, based on Microsoft's .net
technology.
Ivo Salme, product manager for Visual Studio at Microsoft, said,
"Understandably, people will try to write a .net-based macro
worm."
Microsoft has improved security in Office using what Salme
described as a policy engine. This allows IT departments to set
security policies that determine whether users have the right to
run .net code coming into the company as an Office e-mail
attachment.
Jan Sundgrem, industry analyst at Forrester Research, warned that
although blocking .net -based Office attachments may provide
security against a .net worm, in practice it may not be feasible
without disruption to the business because such e-mail attachments
are extremely popular.