En effet, le format employé par MS (basé sur le XML) pourrait fortement ralentir les antivirus et dans le cas des serveurs de messagerie serait même succeptible de provoquer des dénis de service en cas de mailbombing.
Le problème provient des macros qui sont incluses et dispersées dans le document, obligeant l'antivirus a scanner le contenu entier du fichier.
Les éditeurs souhaiteraient que l'en-tête du fichier contienne l'emplacement des macros, afin d'en faciliter la détection.
petit mot de Jan Hruska, fondateur de Sophos Antivirus, qui illustre bien la situation:
Traditionnellement, quand Microsoft a eu le choix entre fonctionnalité et sécurité, il a choisi fonctionnalité à chaque fois. Source : MSNBC News
Office 2003 may pose virus
problem
Antivirus programs will face slowdowns in
scanning
By Patrick Gray
March 21
The latest
test version of Microsoft Office 2003 could cause problems for antivirus
companies because the XML-based format it supports will bog down scanning
software, according to security experts.
The problem centers on macros embedded in documents in the Office 2003 beta, or test, version. When saved as an XML (Extensible Markup Language) file, the macros can more or less wind up anywhere. This means that scanners must search the entire contents of a file, rather than examine the part of the file where macros are always positioned.
Although a simple solution has been put forward by the antivirus industry, Microsoft has not yet introduced any changes. Microsoft could not immediately respond to a request for comment on the issue.
(MSNBC is a Microsoft - NBC joint venture.)This change is fairly straightforward. The antivirus companies want a header placed into the file that tells the scanning engine where to look for the macros. In addition, in order to ensure that viruses don?t slip through the cracks, the applications in the Office productivity suite should run only macros that are identified by the header, the companies say.
Jan Hruska,
founder and co-CEO of antivirus software maker Sophos, said that while
Microsoft has come a long way in terms of security over the years, the XML
issue isn?t making life easy.
?Traditionally, when
Microsoft had a choice between functionality and security, it has gone for
functionality every time,? he told ZDNet Australia.
So
while a more open format such as XML can be very useful, it doesn?t make it
easier for antivirus companies to deal with, Hruska said. ?The looser the
format, the harder it is to parse,? he added.
Because an entire file needs to be scanned, the scanning agent will require more resources. In the case of mail gateway filtering, systems may even become susceptible to denial of service attacks if bombarded with a great number of (large) XML files.
Jakub Kaminski, manager of virus research at Computer
Associates, said the technical challenges to the antivirus industry that the
issue presents could be huge. He pointed out that once the format has been
released, all future Office products will support it?thus antivirus software
will have to support it as well.
?Microsoft is certainly willing to
cooperate with the antivirus industry,? Kaminski said. Nevertheless, he
noted, ?There?s a huge argument going on right now. People you talk to have
knowledge, but don?t have the authority.?
Kaminski said the problem stems from the header of the file not containing enough information about macros. ?You can identify by a couple of hundred bytes that it?s a Word document. However, the problem is to identify that the document contains macros,? he said.
ZDNet Australia ?s Patrick Gray reported from Sydney.
Copyright © 1995-2003 CNET Networks, Inc. All rights reserved
Derniers commentaires