The Internet is a place where users can find a wealth of information to make them more productive. It's also the place where they may unwittingly fall victim to computer viruses that put the entire network at risk. In an environment like this, security and performance always pose a difficult trade-off. Applications in the Microsoft® Office System are designed with features that help make users' computers more secure, and the default settings take into account both security-related and performance considerations.

Of course, no two organizations have exactly the same needs. Several strategies will help you get the most out of Office and still help maintain the level of security that makes the most sense in your organization.

Apply product updates

As new threats and new opportunities for improving Office applications appear, Microsoft releases security patches and other product updates on the Office Online and Office Resource Kit Web sites. As a first line of defense, make sure that your users apply the most recent security patches.

New functionality for Office 2003 Editions makes it easier to keep users up-to-date. When you install Office from a compressed CD image on the network, Setup creates a local installation source on users' computers. With a local source always available, users can apply client updates even when they do not have access to the original source on the network. You can distribute the smaller binary patches yourself, or you can give users direct access to Office Online. For more information about patching strategies, see Distributing Office 2003 Product Updates.

Enforce security settings

When you install Office 2003 with default settings, the security-related settings are set to the highest level possible that still allows the applications to function at their optimum level. For example, macro security level are set to High, which disables all macros that do not come from a trusted source (such as Microsoft), and warns users before an application initiates ActiveX controls that might be unsafe. You can raise or lower default security settings in a transform. The Change User Settings and Specify Office Security Settings pages in the Custom Installation Wizard allow you to reset many security settings.

Remember, though, that users can always modify default settings and compromise the security measures that you put in place in a transform. To ensure that your security settings are enforced, you must set them by policy. For more information about setting security policies, see Managing Users' Configurations by Policy and Office Security-Related Policies.

Manage Web access

By design, Microsoft Office 2003 applications have many Internet access points. In Microsoft Office Word 2003, for example, users can use the Research pane to find the information they need on the Web without leaving their documents. The Office Online Web site provides updated and expanded Help, new templates, and online training. Office Online also provides users with the latest product updates and security patches. Giving users access to resources like these can help make them more productive — and more secure.

If your organization's security needs override these advantages, you can shut and lock the gates entirely. Policies allow you to block Web access points in the applications. You can take even stronger measures at the server level to prevent all Internet access. Alternatively, you can give users' limited Web access to only the sites you choose. If you have a firewall or proxy server in place, set it to allow access only to URLs on *.microsoft.com.

Assess operating system security

Besides installing and updating virus-checking software on your network, make sure to investigate security-related settings in the Microsoft Windows® operating system. These settings do not affect the way aspects of security are handled in Office applications; however, they can help protect critical areas of the network, operating system, and user interface from potentially destructive attacks. You can enforce many of these settings by policy, too. For more information, see Operating System Policies.