Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Security and Privacy for Microsoft Office 2010 Users", Mitch Tulloch

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Han
    BKSCPRO2.RVW 20121122 Security and Privacy for Microsoft Office 2010 Users , Mitch Tulloch, 2012, 0735668833, U$9.99 %A Mitch Tulloch info@mtit.com
    Message 1 of 1 , May 13, 2013
    • 0 Attachment
      BKSCPRO2.RVW 20121122

      "Security and Privacy for Microsoft Office 2010 Users", Mitch Tulloch,
      2012, 0735668833, U$9.99
      %A Mitch Tulloch info@... www.mtit.com
      %C 1 Microsoft Way, Redmond, WA 98052-6399
      %D 2012
      %G 0735668833
      %I Microsoft Press
      %O U$9.99 800-MSPRESS fax: 206-936-7329 mspinput@...
      %O http://www.amazon.com/exec/obidos/ASIN/0735668833/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/0735668833/robsladesinte-21
      %O http://www.amazon.ca/exec/obidos/ASIN/0735668833/robsladesin03-20
      %O Audience n- Tech 1 Writing 1 (see revfaq.htm for explanation)
      %P 100 p.
      %T "Security and Privacy for Microsoft Office 2010 Users"

      Reducing the complex jargon in the introduction to its simplest terms,
      this book is intended to allow anyone who uses the Microsoft Office
      2010 suite, or the online Office 365, to effectively employ the
      security functions built into the software. Chapter one purports to
      present the "why" of security, but does a very poor job of it.
      Company policy is presented as a kind of threat to the employee, and
      this does nothing to ameliorate the all-too-common perception that
      security is there simply to make life easier for the IT department,
      while it makes work harder for everyone else.

      Chapter two examines the first security function, called "Protected
      View." The text addresses issues of whether or not you can trust a
      document created by someone else, and mentions trusted locations.
      (Trusted locations seem simply to be defined as a specified directory
      on your hard drive, and the text does not discuss whether merely
      moving an unknown document into this directory will magically render
      it trustworthy. Also, the reader is told how to set a trusted
      location, but not an area for designating untrusted files.)
      Supposedly "Protected View" will automatically restrict access to, and
      danger from, documents you receive from unknown sources.
      Unfortunately, having used Microsoft Office 2010 for a couple of
      years, and having received, in that time, hundreds of documents via
      email and from Web sources, I've never yet seen "Protected View," so
      I'm not sure how far I can trust what the author is telling me. (In
      addition, Tulloch's discussion of viruses had numerous errors: Concept
      came along five years before Melissa, and some of the functions he
      attributes to Melissa are, in fact, from the CHRISTMA exec over a
      decade earlier.)

      Preparation of policy is promised in chapter three, but this isn't
      what most managers or security professionals would think of as policy:
      it is just the provision of a function for change detection or digital
      signatures. It also becomes obvious, at this point, that Microsoft
      Office 2010 and Office 365 can have significantly different
      operations. The material is quite confusing with references to a
      great many programs which are not part of the two (2010 and 365) MS
      Office suites.

      Chapter four notes the possibility of encryption with a password, but
      the discussion of rights is unclear, and a number of steps are
      missing.

      An appendix lists pointers to a number of references at Microsoft's
      Website.

      The utility of this work is compromised by the fact that it provides
      instructions for functions, but doesn't really explain how, and in
      what situations, the functions can assist and protect the user. Any
      employee using Microsoft Office will be able to access the operations,
      but without understanding the concepts they won't be able to take
      advantage of what protection they offer.

      copyright, Robert M. Slade 2012 BKSCPRO2.RVW 20121122


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      The only thing necessary for the triumph of evil is for good men
      to do nothing. - Edmund Burke
      victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
      http://blogs.securiteam.com/index.php/archives/author/p1/
      http://twitter.com/rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.