Is Microsoft Office Isolated Conversion Environment(MOICE) mocha on ice?

Is Microsoft Office Isolated Conversion Environment(MOICE) mocha on ice?

  • Comments 4

From Eugene Siu's blog: http://blogs.msdn.com/esiu/archive/2007/10/19/is-microsoft-office-isolated-conversion-environment-moice-mocha-on-ice.aspx

MOICE may sound like mocha on ice, but it is really a strong dark espresso shot offered by Office TWC team to jolt up security.  Microsoft Office Isolated Conversion Environment (MOICE) is a new security tool that helps protect Office users from malicious documents. Office team strives to enhance their security, and MOICE is another evidence that they are committed to security. 

MOICE converts Office 2003 documents of supported types to Office 2007 XML formats (Metro) in an isolated environment.  Granted that the same conversion engine is used in the Microsoft Office Compatibility Pack, how does running in an isolated environment enhance security?

Think of wearing pads and helmets while playing American football.  It is the nature of American football that players will get hit hard.  Wearing pads and helmets does not change the nature of American football, but it does lessen the chance of inflicting serious injuries on players

The same principle applies to MOICE.  MOICE does not alter the fact that malicious documents are out there to exploit vulnerable machines.  MOICE is like a pad and a helmet to reduce the chance of Office softwares being being exploited.  Exploitation may still happen, but isolated environment provided by MOICE reduces possible damages inflicted by the malicious documents.

In addition, applying MOICE is as simple as putting on a pad and a helmet.  MOICE can be installed as a recommended update via Microsoft Update, and execution of ASSOC replaces regular rendering with MOICE.  For more information, please visit http://support.microsoft.com/kb/935865.

Last but not least, MOICE is not a replacement of properly patching your machines.  Now, go patch your machines, enjoy a cup of MOICE and most importantly, don't click on suspicious Office documents via emails.

Page 1 of 1 (4 items)