The folks working on Office 2010 are doing some pretty cool things and, I believe, starting to take better cues from the developers outside of the Microsoft behemoth that is Office.
The new ‘Protected View’ for Office is a clever security mechanism that follows the pattern of IE and .Net, using a sandbox to isolate the user’s computer when opening suspect files. They’ve improved the file validation, which hopefully means the end to the annoying (but useful – in a security context) pop-ups asking us what to do with a file because it has a macro in it. According to a blog post on the Office IT blog, it’s such an “integral part of Office that on most days, you would never know exists.”
One of the things that I hope it is able to do is recognize when the programmatic elements (the script/macros in the document) change, perhaps by computing a hash, and to be aware if it accesses the system in any way.
For example, there are Excel documents that I access on the intranet all the time that have macros, for which I get warnings every time I open them. The first time I accept this, it would be nice if Excel was aware that I trusted that version of the macro, but that I want to know if it changes. It’s certainly more complex than that, but for most documents I’m accessing it’s simply computing cross-page totals from multiple worksheets, or even reading data in from other sources.
If that same script all-of-a-sudden now wants to start connecting to a web site or writing to c:\Windows\ I would certainly want to know about it, but otherwise I will trust that document going forward.
Again, the Office IT blog is continuing to provide great insight into the development process that occurs behind what has been a leaded curtain for so long. For developers who are able to read between the lines, there are some gems in there for us to extrapolate and start using in our own works.
The keys are in providing UI that is in-context for the user, ensuring that user requirements for compatibility don’t trump the need for security, and maintaining or improving performance and experience where ever possible. I think these are things that they are achieving…
…now if I could only get my hands on a preview…
I wonder, how to find out who else can see what I have in my laptop and how to provide this...
ReplyDeleteIs it really possible?