MyDoom and VSTO

  • Article

I've blogged a lot about the VSTO security model, and many customers have been frustrated / confused by the tight security policy we use. Why on earth would we not trust code just because it's on the local machine?

Well, one of our main scenarios for the VSTO model (and one that I demo-ed at TechEd last year) was a ZIP-based attack where a user receives an e-mail with a ZIP file containing a document and a DLL which they extract and then open. Of course at the time the attack was "theoretical" and some people laughed at such an idea...

Of course now the new MyDoom virus proves that users will extract files from a ZIP and then open them. The old Linux virus joke of "please add the following files to your kernel, re-compile it, and then forward this message to all your friends" gets closer to reality with each passing day... <sigh>