D
Deleted member 65228
Thread author
Hello all.
This is a very short tip I wanted to express, it may help many of you stay more secure when handling office documents (e.g. Microsoft Word documents).
Even if you have Microsoft Office, throw it away unless you really need it. If you don't want to throw it away, then make sure macro's are disabled.
A majority of the time you won't need software to handle office documents, you can use web-based alternatives which will be much more secure, such as Google Drive. If you are paranoid about privacy then simply make a backup Google account to use Google Drive with, using non-personally identifiable information, with a Virtual Private Network (VPN) enabled.
Using web-based alternatives will mitigate every attack I know of which surrounds around zero-day exploitation with office documents, as well as macro-based malware attack deployment. When you upload a document to a service like Google Drive, anything malicious which is embedded within like a macro or custom native shell-code which is supposed to be executed via exploitation of an unknown vulnerability will simply be mitigated; it's all handled on the cloud servers owned by Google and such won't be able to occur on their servers in the first place!
Of course you can still find malicious URLs within documents (e.g. phishing or a URL to a malicious download), that's pretty obvious. However attacks through native code execution injected into office documents (via an exploit) or macro attacks and the alike will be mitigated by using an online service to view and edit the documents.
Microsoft Office and many similar software-based solutions have been a high-priority target by attackers for a very long time now. This is due to how many people use such software. A lot of malware is pushed through e-mail spreading, and using office documents as an attack vector for deployment of malicious software, because more people may be convinced it is safe because it's an office document as opposed to an executable.
Use web-based services when applicable instead, remove attack vectors like Microsoft Office if you don't truly need it. Not to mention that web-based services will be cheaper/free for use, and you can take measures to protect your privacy if you're concerned.
This is an opinionated post so take it with a grain of salt, I just wanted to express this opinion because it can help some people who may not have considered doing this before.
Thanks for reading.
This is a very short tip I wanted to express, it may help many of you stay more secure when handling office documents (e.g. Microsoft Word documents).
Even if you have Microsoft Office, throw it away unless you really need it. If you don't want to throw it away, then make sure macro's are disabled.
A majority of the time you won't need software to handle office documents, you can use web-based alternatives which will be much more secure, such as Google Drive. If you are paranoid about privacy then simply make a backup Google account to use Google Drive with, using non-personally identifiable information, with a Virtual Private Network (VPN) enabled.
Using web-based alternatives will mitigate every attack I know of which surrounds around zero-day exploitation with office documents, as well as macro-based malware attack deployment. When you upload a document to a service like Google Drive, anything malicious which is embedded within like a macro or custom native shell-code which is supposed to be executed via exploitation of an unknown vulnerability will simply be mitigated; it's all handled on the cloud servers owned by Google and such won't be able to occur on their servers in the first place!
Of course you can still find malicious URLs within documents (e.g. phishing or a URL to a malicious download), that's pretty obvious. However attacks through native code execution injected into office documents (via an exploit) or macro attacks and the alike will be mitigated by using an online service to view and edit the documents.
Microsoft Office and many similar software-based solutions have been a high-priority target by attackers for a very long time now. This is due to how many people use such software. A lot of malware is pushed through e-mail spreading, and using office documents as an attack vector for deployment of malicious software, because more people may be convinced it is safe because it's an office document as opposed to an executable.
Use web-based services when applicable instead, remove attack vectors like Microsoft Office if you don't truly need it. Not to mention that web-based services will be cheaper/free for use, and you can take measures to protect your privacy if you're concerned.
This is an opinionated post so take it with a grain of salt, I just wanted to express this opinion because it can help some people who may not have considered doing this before.
Thanks for reading.