Microsoft's latest Office 2003 beta version is set to cause problems for anti-virus (AV) companies because the XML-based format it supports will bog down scanning software, experts told ZDNet Australia.

The dilemma revolves around macros embedded in Office 2003 documents. When saved as an XML file, the macros can more or less wind up anywhere. This means that scanners must look at the entire contents of a file rather than just parts where macros are normally positioned.

Although a simple solution has been put forward by the AV community, the software giant has yet to address the issue.

This change is fairly straightforward. The AV companies want a header placed into the file which tells the scanning engine where the macros are exactly located. In order to ensure that viruses don't slip through the cracks, Office applications should only run macros that are pointed to from the header.

Jan Hruska, founder and joint CEO of anti-virus firm Sophos, said that while Microsoft has come a long way in terms of security over the years, the XML issue isn't making life easy.

"Traditionally, when Microsoft had a choice between functionality and security, it has gone for functionality every time," he told ZDNet Australia.

So whilst a more open format such as XML can be very useful, it doesn't make it easier for AV companies to deal with, Hruska said.

"The looser the format, the harder it is to parse," he added.

Because an entire file needs to be scanned, the scanning agent will require more resources, and in the case of mail gateway filtering, may even become susceptible to denial of service attacks if bombarded with a great number of (large) XML files.

Computer Associates manager of virus research, Jakub Kaminski, agreed with Hruska. Although he didn't want to "get into the politics of it all", he said the technical challenges to the AV industry that the issue presents could be huge.

Kaminski also pointed out that once the format has been released, all future office products will support it, thus AV software will have to support it as well.

"Microsoft is certainly willing to co-operate with the antivirus industry," Kaminski said, but noted that "there's a huge argument going on right now...people you talk to...have knowledge but don't have the authority".

Kaminski said the problem stems from the header of the file not containing enough information about macros.

"You can identify by a couple of hundred bytes that it's a word document...however, the problem is to identify that the document contains macros," he said.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.