microsoft ® office training security i: how the 2007 office system helps you to stay safer...

Microsoft® Office Training

Security I: How the 2007 Office

system helps you to stay safer

presents:

Security I: How the 2007 Office system helps you to stay safer

Course contents

• Overview: Gain security awareness

• Lesson 1: First things first: Take care of your computer

• Lesson 2: Security in Office

One lesson includes a list of suggested tasks, and each lesson includes a set of test questions.


Overview: Gain security awareness

Worried about computer security? Does the mere mention of viruses or spyware scare you?

Here you’ll learn how new 2007 Office system file formats can help keep your files safer. You’ll also find out about default program settings that can make it easier for you to deal with security.

Taking some simple, basic steps in Office can go a long way toward helping you protect your computer.


Course goals

• Gain awareness of some of the security risks to your computer and the importance of using antivirus software.

• Define what a macro and a digital signature are and know when they’re in a document.

• Use options on the Message Bar to decide whether to enable macros and other potential security risks.

Lesson 1

First things first: Take care of your computer


First things first: Take care of your computer

You may not know it, but your computer is being targeted.

It’s nothing personal—all computers are targets.

There are people out there trying to bring down your computer or gain access to data on it. It’s up to you to learn about the dangers and find out how you can help protect your computer and be more secure.

This lesson helps you know your enemy by introducing the ways your computer could be at risk and providing advice about how to help avoid those risks.


Security threats

You’re probably familiar with some of these terms from the news media: viruses, worms, Trojan horses, phishing, and spyware.

To take steps that make your computer more secure, you need some basic information about what the dangers are.


Security threats

Most of the security threats mentioned involve a piece of malicious software (or code) that is intended to run on your computer without you knowing about it.

Malicious software may be hidden inside another file or program, or run silently in the background. Most malicious software is designed to replicate itself and infect other files or computers.

But what exactly the malicious code does to your computer depends on what it is and how destructive it is.


Security threats

• Virus: Software (or code) written with the express intention of replicating itself. A virus attempts to spread from computer to computer by attaching itself to another file or program.

• Worm: Software that replicates independently by sending itself to other systems through network connections.

• Trojan horse: Software that appears to be useful or harmless but that contains hidden code designed to exploit or damage the system on which it is run.

Here are a few definitions, so that you know what you’re dealing with:


Security threats

• Spyware: Software that can display advertisements (such as pop-up ads), collect information about you, or change settings on your computer, generally without appropriately obtaining your consent. You usually download spyware without knowing it by visiting untrustworthy Web sites.

Here are a few definitions, so that you know what you’re dealing with:

• Phishing: A way of extracting personal information from you such as bank or credit card details, normally done via e-mail. There are also some phishing schemes designed to put spyware on your computer. The good news is that Microsoft Office Outlook® 2007 has new anti-phishing features.


Sources of infection

Whether virus, worm, Trojan horse, or spyware, most malicious code is trying to get onto your computer by hiding itself somewhere that looks innocent.

For example, it could be in an e-mail attachment you receive, software you download from the Internet, a Web site you visit, a shared file or network, a floppy disk you share, or even a Microsoft Office document.

Basically, any information that comes from another computer could pose a risk.


Sources of infection

If you kept your computer in a sealed room, never linked it to a network or the Internet, and never inserted a CD or floppy disk, you would remain safe.

But that would make your computer practically useless. So practice safeguards instead.

As well as being wary of information coming into your computer, be careful when visiting Web sites that request information from you. Also ensure that you’re on a genuine site before entering any personal data.


Microsoft Update: an essential security precaution

The most basic security step is to make sure your computer software is up to date.

Microsoft releases regular updates—you may hear them called “patches” in the news media—to combat new threats as they appear.

It’s wise to check for and install updates regularly. Updates for the Microsoft Windows® operating system and for Office are found on the Microsoft Update site.

http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us


Antivirus software

Your most important and essential defense against viruses is antivirus software.

Install it, use it, and keep it up to date.

Antivirus software is designed to detect known viruses. Because new viruses are always being written, it’s essential to keep your antivirus software up to date.

When a new virus hits the world, the antivirus software manufacturers typically have an update available for download on their Web sites within hours.


Other security measures

There are a whole raft of other security steps you should be aware of.

Here’s a brief summary.

• Install antispyware software.

• Always use strong passwords.

• For even greater security, use a firewall.

• Regularly make backup copies of your important documents.


E-mail security

One of the more hazardous areas for picking up viruses and other nasties is e-mail.

Sometimes just opening the message can trigger a virus.

Even when you have antivirus software, a new virus could have been released since the software was last updated. So always be very wary of attachments.

Be especially suspicious if the message is from someone you don’t know (or aren’t expecting to hear from) or if the subject line or attachment name is strange.


E-mail security

After you’ve decided you want to open or save an attached file, you can do so by right-clicking its icon in the Outlook Reading Pane.

If you’re still concerned that the message is infected with a virus or contains other malicious code, and if the sender is a friend or colleague, you can always ask for confirmation before opening it.

If the message does turn out to be viral, delete it without opening it. And then delete it from your Deleted Items folder.


Test 1, question 1

How can viruses get into your computer? (Pick one answer.)

1. Through infected floppy disks.

2. By opening infected e-mail attachments.

3. By sharing an infected document across a network.

4. All of the above.


Test 1, question 1: Answer

All of the above.

Your computer could get a virus through any of those means.


Test 1, question 2

What’s your most important defense against computer viruses? (Pick one answer.)

1. Use antivirus software.

2. Take your cold medicine.

3. Never let other people use your computer.

4. Use Microsoft Update.



Use antivirus software.

There’s no substitute for up-to-date antivirus software.


Test 1, question 3

What is a security update (or “patch”)? (Pick one answer.)

1. An adhesive patch you can stick on the computer to ward off viruses.

2. A software update to protect against the latest known security threats.

3. An area of a Web site where you go to get security updates.

4. A very small security blanket.



A software update to protect against the latest known security threats.

You should regularly install the latest patches for both Microsoft Office and Microsoft Windows.

Lesson 2

Security in Office


Security in Office

You've learned that some malicious software can hide in Office documents.

Fortunately, the 2007 Office system has new features to help keep documents safer.

This lesson will tell you more about the potential risks, especially macros, and what Microsoft Office does to protect you.

In a nutshell, the 2007 Office system helps to protect your computer from anything malicious by automatically disabling any potential security risks.


The Message Bar

Imagine that you’ve opened a document sent to you by a colleague.

She’s told you that it’s got information in it that you need to review, and that it performs a set of actions that may help you with your work.

But right now you can’t get the document to work as described by your colleague. What’s going on? Is it broken?


The Message Bar

Imagine that you’ve opened a document sent to you by a colleague.

No, it’s not broken. Although macros can be very useful, they can sometimes contain malicious code.

Any potential security risks that can be identified are automatically disabled in most Office files.


The Message Bar

As shown in the picture, you’ll know when something has been disabled because a helpful message appears in the Message Bar to tell you.

You’ll know it’s related to a security issue by the shield icon that appears on the left, and you can read the text in the bar to find out more.

The best way to stay safer is to do nothing. Yes, as with suspicious e-mail attachments, the best thing to do is not to touch macros.


The Message Bar

Warning

But as long as you don’t change the behind-the-scenes security settings, the Message Bar will always appear when Office has disabled something in a file that is potentially destructive.

If you change any of the default security settings, potential security risks might not be automatically disabled.


Macros and other good things

So what are macros, and how do they affect you?

A macro is small program written to automate and carry out a sequence of steps. Instead of going through a series of commands manually, you can automate them by running a macro.

Macros are fantastic time-savers, and very useful things.



Why does all this matter?

Of all the security risks you may encounter in Microsoft Office documents, macros are by far the most likely.

Therefore, it’s great news that the 2007 Office release detects macros and disables them.

Because macros are little pieces of code, and therefore they could potentially contain a virus.



ActiveX controls and add-in programs

Like macros, these are usually useful but can be used for malicious purposes.

As potential security risks, ActiveX controls and add-in programs will trigger the security warning in the Message Bar and will be disabled, and you’ll have the chance to enable them if you want to.

Another way that viruses can get into your Office documents is through Microsoft ActiveX® controls and add-in programs.


No more choosing security levels

In previous versions of Microsoft Office, you had to choose a security level, for example, Medium, which would then apply for the whole program.

In addition, security decisions about documents had to be made before you could see their contents.

So many people just clicked straight through the security warnings, accepting any risks without thinking about it, in their eagerness to get into their documents.



In the 2007 Office system, documents automatically open with potential security risks disabled.

This means you can see what the document is about and then decide if you want to enable any macros or other features in it.



In the 2007 Office system, documents automatically open with potential security risks disabled.

A great thing about the file opening with everything disabled is that you can read through the contents of the file first.

In addition, by using the Message Bar, you can choose what to do in any given file every time you open it.


More about the Message Bar

As mentioned earlier, the Message Bar will appear every time a file containing a potential security risk is opened, and the potential security risk will be disabled.

The message in the bar will have the security shield icon and explain what has taken place.

Sometimes you’ll also see the bar appear for non-security messages, such as those regarding workflow process. But in those cases the shield icon will not appear.


More about the Message Bar

The message in the Message Bar will change depending on what has been detected in the file.

The most common message you’re likely to see is about macros having been disabled, but you might also see one about active content.

You can get further information about the potential security risk by clicking the Options button on the Message Bar. More on that coming up.


Before you make a decision

Your file is open, but what information is available to help decide whether to run the macro?

You’re going to need some background information.

People who write macros can get their macros signed to prove they are trustworthy. This is called a digital signature. The signature is created by using a digital certificate.


Before you make a decision

If you use macros a lot, you can create your own list of trusted publishers.

If you add a publisher to your list of trusted publishers, you won’t have to continue making security decisions about files signed by them, and you won’t see the Message Bar for files signed by one of your trusted publishers.

It’s up to you whether to trust anyone at all.


Make a choice about a file

So you’ve read through the text contents of the file, and you think you might need to enable those macros.

Click the Options button on the Message Bar. The Microsoft Office Security Options dialog box opens, where you can choose to enable them.

The exact choices available in this dialog box depend on the type of potential security risk identified.



So you’ve read through the text contents of the file, and you think you might need to enable those macros.

You can to leave the potential security risk disabled, enable the macro (or other code) for this one occasion, or, if it’s signed, trust all code from that publisher.

If you trust all code from that publisher, the publisher is added to your trusted publishers list.



If one file contains multiple macros, your choice will apply to all of the macros—you can’t choose to enable one but not the others.

However, if a file contains macros and some other type of potential security risks, such as links to external data, you will be presented with a choice for each type of potential security risk and be able to, for example, enable one security risk type but not the others.


Suggestions for practice

1. In a sample document, read a macro-related Security Warning message in the Message Bar.

2. Examine the sample document to see the effects of disabling a macro.

3. Experiment with options in the Microsoft Office Security Options dialog box.

Online practice (requires Microsoft Office Word 2007)

http://office.microsoft.com/training/Training.aspx?AssetID=RP101941621033&CTT=6&Origin=RC101941421033


Test 2, question 1

Which of these statements best describes a macro? (Pick one answer.)

1. A sequence of commands written with malicious intent to damage your data.

2. The method by which all computer viruses are delivered.

3. A sequence of commands that can be run automatically to save time and repetition.

4. A security device built in to Microsoft Office programs.



A sequence of commands that can be run automatically to save time and repetition.

Many macros are useful, time-saving devices.


Test 2, question 2

Who or what creates a digital signature? (Pick one answer.)

1. Publishers.

2. Digital certificates.

3. Trusted publishers.

4. You.



Digital certificates.

A certificate is used to add a digital signature to a file that contains a macro or other code.


Test 2, question 3

The default settings in the 2007 Office system help you stay safer. (Pick one answer.)

1. True.

2. False.



True.

The 2007 Office system’s default settings are designed to help your files and data stay safer.


Quick Reference Card

For a summary of the tasks covered in this course, view the Quick Reference Card.

http://office.microsoft.com/training/Training.aspx?AssetID=RP101941641033&CTT=6&Origin=RC101941421033

microsoft ® office training security i: how the 2007 office system helps you to stay safer...

Documents

computer security

security threats security

microsoft office access

microsoft office word

microsoft office visio

microsoft office excel

microsoft office publisher

microsoft office powerpoint