Microsoft KB Archive/822924

= Description of Office features that are intended to enable collaboration and that are not intended to increase security =

Article ID: 822924

Article Last Modified on 10/10/2007

-

APPLIES TO


 * Microsoft Office XP Standard Edition
 * Microsoft Office 2000 Standard Edition
 * Microsoft Office 97 Standard Edition
 * Microsoft Office Access 2003
 * Microsoft Access 2002 Standard Edition
 * Microsoft Access 2000 Standard Edition
 * Microsoft Access 97 Standard Edition
 * Microsoft Office Excel 2003
 * Microsoft Excel 2002 Standard Edition
 * Microsoft Excel 2000 Standard Edition
 * Microsoft Excel 97 Standard Edition
 * Microsoft Office FrontPage 2003
 * Microsoft FrontPage 2002 Standard Edition
 * Microsoft FrontPage 2000 Standard Edition
 * Microsoft FrontPage 97 Standard Edition
 * Microsoft Office Outlook 2003
 * Microsoft Outlook 2002 Standard Edition
 * Microsoft Outlook 2000 Standard Edition
 * Microsoft Outlook 97 Standard Edition
 * Microsoft Office PowerPoint 2003
 * Microsoft PowerPoint 2002 Standard Edition
 * Microsoft PowerPoint 2000 Standard Edition
 * Microsoft PowerPoint 97 Standard Edition
 * Microsoft Office Word 2003
 * Microsoft Word 2002 Standard Edition
 * Microsoft Word 2000 Standard Edition
 * Microsoft Word 97 Standard Edition
 * Microsoft Office Publisher 2003
 * Microsoft Office Professional Edition 2003
 * Microsoft Office Standard Edition 2003
 * Microsoft Office Student and Teacher Edition 2003
 * Microsoft Office Small Business Edition 2003
 * Microsoft Office Basic Edition 2003

-



SUMMARY
Microsoft Office products include features that enable specific collaboration scenarios and features that are designed to help make your documents and files more secure. Features that enable collaboration scenarios function correctly in collaboration environments that do not include users who have malicious intent.

When you use a feature that is designed to enable a collaboration scenario but is not designed to help make your document or file more secure, for example you use the Password to Modify feature, the feature is functioning as intended even when a user with malicious intent bypasses the feature. This behavior occurs because the feature was never designed to help protect your document or file from a user with malicious intent.

The Security tab of the Options dialog box in Office applications contains both types of features. Not all features that are found on the Security tab are designed to help make your documents and files more secure.

The following are examples of Office features that enable specific collaboration scenarios:
 * Password to Modify

When you do not want others to modify the formatting of your Microsoft Word document, Microsoft Excel document, or Microsoft PowerPoint presentation, you may choose to use the Password to Modify feature.

Note When you use the Password to Modify feature, you only set a guideline for others to follow. When you are using the Password to Modify feature, someone else may be able to obtain your password.
 * Hidden Cells and Locked Cells

When you have a cell that you do not want others to see or to modify, you can hide or lock the cell. You can use hidden or locked cells in Excel to present data more clearly. You may choose to hide a cell that contains a formula when you think it will confuse others, or you may choose to lock a cell when you do not want others to modify the cell.

Note When you hide or lock a cell, you only set a guideline for others to follow. Hidden cells and locked cells are not designed to allow your files to be more secure. Hidden cells can be unhidden by other users.

The following are examples of Office features that are designed to help make your documents and files more secure:  Password to Open (Using RC4 Level Advanced Encryption )

You can use a strong password with the Password to Open feature in conjunction with RC4 level advanced encryption to require a user to enter a password to open an Office file.

Note The Password to Open feature uses advanced encryption. Encryption is a standard method of securing the content of a file. There are several encryption methods that are available for use with Word files, Excel files, or PowerPoint presentations. Microsoft Office Outlook 2003 allows for encryption also, but also implements it by using different methods.

For more information about encryption, visit the following Microsoft Web site:

http://www.microsoft.com/office/ork/2003/seven/ch23/SecA06.htm#sub_7

For more information about strong passwords, see the “Information About Strong Passwords” section of this article. Digitally Signed VBA Macro Projects

You can use digitally signed Microsoft Office Visual Basic for Applications (VBA) macro projects. When you add a digital signature to a VBA macro project, you are supplying a verifiable signature that can vouch for the authenticity and the integrity of the VBA macro project.

For more information about digitally signed macros, visit the following Microsoft Web site:

http://msdn2.microsoft.com/en-us/library/aa163622(office.10).aspx



The “More Information” section contains additional information about Office features that are intended to enable specific collaboration scenarios.



MORE INFORMATION
The following table contains a description of Office features that are intended to enable specific collaboration scenarios but are not intended to help make your documents and files more secure:

Information About Strong Passwords
To reduce the chances of someone guessing your password, use only strong passwords.

For a password to be a strong password, it should meet all the following criteria:
 * Be at least seven characters long. Longer passwords are more secure.
 * Include both upper and lowercase letters, numbers, and a symbol character between the second and sixth position.
 * Look similar to random collection of characters.
 * Have no repeated characters.
 * Have no characters that are consecutive, for example, 1234, abcd, or qwerty.
 * Do not use numbers or symbols instead of similar letters--for example, $ for S, or 1 for l.
 * Do not use any part of your user name for logging on to the Internet or a network.
 * Not be a common word, a common name, or a word that a person might guess like your own name. When a malicious user tries to bypass a password, they may use a tool that tries a number of common words to try and guess your password.

Use a strong password that you can remember so that you do not have to write it down. If you must write down a password to remember it, store the password in a secure place.

