REVIEW: "Security and Privacy for Microsoft Office 2010 Users", Mitch Tulloch
- BKSCPRO2.RVW 20121122
"Security and Privacy for Microsoft Office 2010 Users", Mitch Tulloch,
2012, 0735668833, U$9.99
%A Mitch Tulloch info@... www.mtit.com
%C 1 Microsoft Way, Redmond, WA 98052-6399
%I Microsoft Press
%O U$9.99 800-MSPRESS fax: 206-936-7329 mspinput@...
%O Audience n- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P 100 p.
%T "Security and Privacy for Microsoft Office 2010 Users"
Reducing the complex jargon in the introduction to its simplest terms,
this book is intended to allow anyone who uses the Microsoft Office
2010 suite, or the online Office 365, to effectively employ the
security functions built into the software. Chapter one purports to
present the "why" of security, but does a very poor job of it.
Company policy is presented as a kind of threat to the employee, and
this does nothing to ameliorate the all-too-common perception that
security is there simply to make life easier for the IT department,
while it makes work harder for everyone else.
Chapter two examines the first security function, called "Protected
View." The text addresses issues of whether or not you can trust a
document created by someone else, and mentions trusted locations.
(Trusted locations seem simply to be defined as a specified directory
on your hard drive, and the text does not discuss whether merely
moving an unknown document into this directory will magically render
it trustworthy. Also, the reader is told how to set a trusted
location, but not an area for designating untrusted files.)
Supposedly "Protected View" will automatically restrict access to, and
danger from, documents you receive from unknown sources.
Unfortunately, having used Microsoft Office 2010 for a couple of
years, and having received, in that time, hundreds of documents via
email and from Web sources, I've never yet seen "Protected View," so
I'm not sure how far I can trust what the author is telling me. (In
addition, Tulloch's discussion of viruses had numerous errors: Concept
came along five years before Melissa, and some of the functions he
attributes to Melissa are, in fact, from the CHRISTMA exec over a
Preparation of policy is promised in chapter three, but this isn't
what most managers or security professionals would think of as policy:
it is just the provision of a function for change detection or digital
signatures. It also becomes obvious, at this point, that Microsoft
Office 2010 and Office 365 can have significantly different
operations. The material is quite confusing with references to a
great many programs which are not part of the two (2010 and 365) MS
Chapter four notes the possibility of encryption with a password, but
the discussion of rights is unclear, and a number of steps are
An appendix lists pointers to a number of references at Microsoft's
The utility of this work is compromised by the fact that it provides
instructions for functions, but doesn't really explain how, and in
what situations, the functions can assist and protect the user. Any
employee using Microsoft Office will be able to access the operations,
but without understanding the concepts they won't be able to take
advantage of what protection they offer.
copyright, Robert M. Slade 2012 BKSCPRO2.RVW 20121122
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
The only thing necessary for the triumph of evil is for good men
to do nothing. - Edmund Burke