Office SP3: Are new formats more secure?
Blocking old file formats in the Office 2003 Service Pack 3 (SP3) release was meant to bolster security for Microsoft customers, but whether the new formats are any more secure than older ones is debatable.
Few within IT feel compelled to side with Microsoft when debates over file formats, backward compatibility and security emerge, yet the Redmond software giant's decision to block a swathe of old formats such as pre-97 PowerPoint, Excel, Word and Corel Draw formats has been met with sympathy from analysts.
Microsoft said it was attempting to address security concerns by blocking the older file formats. "By default, these file types are blocked because the parsing code that Office 2003 uses to open and save the file types is less secure. Therefore, opening and saving these file types may pose a risk to you," it said in its advisory.
Want to know more?
-
For all the latest news, analysis and opinion on Windows, click here
So was Microsoft wrong to block the older file formats for security reasons -- and will businesses find themselves unable to access documents saved to meet regulatory obligations? According to Hydrasight managing director and analyst John Brand, the question over accessing legacy Office file formats is a moot point.
"There are still issues about data being locked up in specific formats but Microsoft isn't often used as a final-file-format for archiving, so that tends to be a misnomer anyway. People using [Microsoft] file formats in their organisations are generally using live files," Brand told ZDNet Australia.
In any case, Brand said Microsoft's support of legacy formats has been strong over the years, but this has led to another problem for the company.
"Every time they create a new one, they increase the complexity of the translation layer. And that is going to continue to be a problem for them while they support so many legacy formats," said Brand.
The real problem with Microsoft's decision to block older file formats is that newer formats are no more secure than its older ones, casting doubt over whether its decision to block those formats will have a positive impact on end-user security, Brand believes.
"None of the new formats are more secure than old formats either -- they just offer greater levels of functionality and flexibility," he said.
While backwards compatibility may prove difficult for consumers to deal with if Microsoft blocks legacy files -- and makes workarounds complicated -- IT administrators shouldn't be vexed by the decision, according to IBRS security analyst James Turner.
"File compatibility is a crucial issue, but no half-decent IT manager is going to find themselves in that situation anyway. The majority of desktop operating systems are already Windows. And the majority of Excel files and older, historical files they may need to access are easily retrievable. You just install an old version of the operating system to access the file," he told ZDNet Australia.
In fact, for many businesses, the reverse will be true. The length of Microsoft's support for older file formats actually causes a burden for tech-savvy businesses that prefer to use the latest versions of software.
Online trading business Swapace.com's CEO, Joseph Renzi, said his business often faces the challenge of dealing with clients that use old software, which has forced Swapace.com's staff to automatically save files in older formats.
"Sometimes others struggle because we're using new technology, so we need to make sure we have software set to the most backward compatible format," said Renzi.
"And if we're sending the file by e-mail, we tend to use PDF these days, because you can't guarantee what a Word document will look like on the receiver's end, where as with PDF you have a lot more control. So, PDF has become important from that point of view."