|
|
|
|
|
|
Securing the Microsoft Office Software Platform against Non-Macro Virus Attacks: Threats Vectors, Consequences and Countermeasures The pervasiveness of the Office suite, its incorporation of the VBA macro language and the relative ease with which its applications could be automated, makes end-user's tasks more convenient, but provides incentive for spawning macro-borne viruses. The advent of macro viruses have made it desirable that software developers introduce macro security features in their products, in order to fortify their applications and end-user's data from being maliciously used and compromised. In responding to these challenges, Microsoft introduced into its Office suite, a range of security features designed to provide reliable protection, without sacrificing communication and collaboration among information workers. As a result, these features will help the end-user to apply the optimal level of security, thereby putting the user in complete control of the Office environment. Non- Macro Virus While these defenses aid in fortifying end-user's Office applications against malicious attacks spawned by macro viruses long written in VBA, it is deficient in securing these applications against being maliciously compromised by non-macro virus programs such as binary executables or scripts. The ability of programs to interact directly with one another in the Windows environment poses a more security threat. An external application could automate an Office application, and manipulate virtually all of its software components, including its macro environment. Macro security restrictions need not pose a barrier to this form of exploitation, since Microsoft Office provides alternatives to adjusting macro security settings in the Windows registry. Once a crack has been obtained, an external (non-macro) malware could actively inject hostile macros into the application's macro environment, and trigger the macro's execution
accordingly. The next line of action will be to create/add a new Office document in the application session, and possibly add a new Visual Basic Project, in cases where there are not set by default (e.g. PowerPoint and Access). This will ensure that the malware actively manipulates the VBA coding environment.
Macrocode execution could either be by employing a VBA programmatic method that directly executes macros by parsing the macro name as a parameter to the VBA method (i.e. Run() function). Alternatively, macros could be executed by triggering an event related to an injected macro. This could be a menu item selection, key press event, or a general event such as closing an open document. In some Office applications like Word and Excel, macros could be executed like a time bomb, based on a specified system clock condition (i.e. every 10 p.m). Finally, the malicious program could close the created document without saving it,
in order to clear up all tracks and then the automated Office application session will then be terminated. Besides, VBA is one very powerful language that can be used to perform anything on the computer, considering its support of ActiveX, Windows API and native Visual Basic commands. The consequences these attacks could have on the computing community could be
devastating. Unauthorized disclosure of information, disruption of program activities, denial of services, unusual system takeovers, impaired consumer confidence, abuse of user's confidentiality and privacy are amongst the consequences these attacks could have on cyberspace. Consequently, it becomes necessary to implement security policies that will mitigate against these threat forms and assure the Office user the desired level of protection against malicious invasions. Security Policies Anti-Virus software designers should embrace and encourage proactive (before-the-fact) methods of virus detection rather than reactive (after-the-fact) methods, since the latter might not just be right on time to stop a widespread infection. This will guarantee the user a reasonable containment of a potential widespread infection. Implementing an effective protection mechanism as a direct part of the Operating System (OS), will ensure that users become completely aware of potential malicious activities before they even execute on a target machine. Improving macro security in macro-based software platforms will prevent these features from being bypassed or defeated. Instead of implementing Office macro security in the Windows registry, restricting it to the individual Office application via dialog-based security will help prevent an attacker from performing a registry crack. However, careful placement of the dialog and implementing effective countermeasures to secure such dialog provisions, will ensure that these dialogs are not manipulated by an attacker to fufill the nefarious intents of the attacker. An effective "Object Model Guard" protection in each individual Office application will prevent an attacker from repositioning a so-called "safe" object for malicious code execution. This way, users are completely aware each time an external application attempts to make use of an "unsafe" object, method, property or function hosted by an Office application. The "Trust access to Visual Basic Project" setting should be improved in such as way that it not only disables programmatic access to VB Project when turned off, but it is able to identify the application or program that attempts the access, as well as notify the user. Furthermore, users should endeavor to adopt healthy and safe computing habits in order to
guarantee their systems adequate protection against malicious exploitations in general. BY Ojeabulu Esele George
What Do you Have to Say? Post Your Comments about this article Here COMMENTS for "Securing the Microsoft Office Software Platform against Non-Macro Virus Attacks":
Link to this Content/Resource We appreciate you notifying other webmasters about our Content and
Resources. You can even link directly to this content article! <a href="http://www.jidaw.com/security/security2006/nonmacro.html">Securing the Microsoft Office Software Platform against Non-Macro Virus
Attacks
Join the African Information Security Association (AISA)
More Information Security Resources
Attend the FREE IT Career and Certification Seminar and Get More Tips and
Insights: http://www.jidaw.com/netseminar.html For more coverage and
information related to this topic, head to the IT Career Resource
Center: http://www.jidaw.com/itcareer.html Your
Guide to taking the Right IT Career Decisions
|
|
