In this section

• Home
• Press office
• News archive
• Articles
• 1999
• 06

• Journalists' guide
• News archive

Talk to our experts

• Press contacts

Resources

• Sophos Podcasts
• SophosLabs blog
• Graham Cluley's blog
• Image gallery
• Customer case studies
• Free anti-virus
• White papers
• Awards and reviews
• Industry affiliations

Info feeds

• Security news
• Company news

• Security news
• Company news

What are info feeds?

3 June 1999

Digital signatures - a new coat of paint for the Trojan horse

Sophos identifies security loophole in Office 2000

Following a security analysis of the latest beta version of Office 2000, Sophos has issued a technical paper to help users maximise security. The document includes an explanation of the different security levels Office 2000 offers, and highlights possible pitfalls.

The UK security specialist is concerned that the hype surrounding the introduction of digital signatures to the package will make users drop their guard and let viruses in.

"It is perfectly possible for a document to arrive with a valid digital signature, from a trusted source, and still have a macro virus," said Paul Ducklin, Head of Research at Sophos. "For example, if you regularly receive emails with macros in from someone you know well, and they happen to get infected by a macro virus, the document will be modified by the virus, but will also have a valid digital signature. This means that email viruses can get through despite the use of Office 2000 digital signature system."

"Office 2000 can provide enhanced protection against viruses - if you know how to use it," he added. "It offers three security levels, which enable or disable macros based on the presence or absence of a valid digital signature. While this will do a great deal to prevent macro viruses, it is not absolute. The information contained in this paper will empower people to make informed decisions about their IT security."

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com