With each coming year, office documents are required or expected to contain richer media content and more diverse methods of displaying data. The advantage is that it is substantially easier to produce professional-looking documents from the desktop.
These richly formatted, unstructured data files make it substantially easier to pass malicious code as well. Interpreters such as Microsoft Word or Ghostview open these files and may inadvertently execute malicious scripts, macros, etc. contained within the seemingly innocuous office file.
Deterring the malicious content is a challenge. The simplest solution for eliminating the risk of passing this kind of content is to simply prohibit the transfer of files that can contain malicious code. This leaves simple ASCII text files and images, among others, that can be transferred, making these content-oriented files less useful.
The key to safely emailing office documents is recognizing and prohibiting any code that could cause an interpreting application to do anything other than render the intended document. However, the list of known problems, vulnerabilities, and exploits is continually evolving. Since email exploit shields usually operate by specifying what a “bad” file or “bad” content, is, they cannot combat vulnerabilities newer than the last definition of “bad” files. This is an inherent design flaw of all signature-based solutions.
U.S. Pat. No. 5,940,591, entitled “APPARATUS AND METHOD FOR PROVIDING NETWORK SECURITY,” discloses a method of performing security functions on a non-secure network. The method uses a multi-level secure network architecture to support services to many domains from one, offering communications services (video, audio, others) over a trusted security protocol, which exists at the security perimeter created by the secure network interface units. The guard is a session manager to an external set of networks. This method requires the selection of portions that do not require the same level of trust. Although the system checks access control, individual files are not verified for malicious code. The present invention is not limited in this regard. U.S. Pat. No. 5,940,591 is hereby incorporated by reference into the specification of the present invention.
U.S. Pat. No. 6,584,508, entitled “ADVANCED DATA GUARD HAVING INDEPENDENTLY WRAPPED COMPONENTS,” discloses a method of increasing the security of a data guard. The data guard is configurable, for items such as HTTP traffic, SMTP traffic, etc. A set of proxy servers sits between an “internal” network and an “external” network and examines traffic. The first proxy server communicates with the internal computer network, and the second proxy server communicates with the external network. Protocol specific operations are converted to protocol independent data. Administrators define security policies that affect the information going between the proxy servers, deciding which information to pass. The system uses two-way communications that provide an adversary with information regarding the security protocols used. The present invention is not limited in this regard. U.S. Pat. No. 6,584,508 is hereby incorporated by reference into the specification of the present invention.
U.S. Pat. No. 6,826,694, entitled “HIGH RESOLUTION ACCESS CONTROL,” discloses a method for performing security functions at a firewall. After a packet is received at a firewall, the header is checked. A rule specific to the header information is applied to analyze the content of the packet at the firewall. Changing the packet header to a benign file type is relatively simple. Malicious code may then pass through the firewall. The present invention is not limited in this regard. U.S. Pat. No. 6,826,694 is hereby incorporated by reference into the specification of the present invention.