Last week, Microsoft essentially admitted that its plan to “sandbox” Office documents in Office 2010 is a last ditch defense against unstoppable Microsoft Office formats attacks. As John Pescatore, Gartner’s primary security analyst, told ComputerWorld reporter, Gregg Keizer, “Microsoft is saying, ‘Okay, we can’t find, let alone fix, every vulnerability. So here’s a way to put a sandbox around the vulnerability.’”
There’s no surprise here. Microsoft Office is a set of security holes that masquerades as an office suite, Of course, Microsoft didn’t plan it that way. They just didn’t think it through when they first started developing Office’s proprietary formats.
You see, Office, and Windows for that matter, were designed for single-user, non-networked systems. They were not designed for environments with multiple local or remote users. When Microsoft started dealing with a networked computer universe with Windows for Workgroups in 1991, they didn’t resign the system from the bottom up. No, indeed, instead they simply added network functionality, often at a low level, without considering what this meant for security.
