Defense Wall - Trusted versus untrusted...

[pbw3]

I thought I had understood the basic concept of Defense Wall, and have read through the help on the DW site.

However, can someone explain in lay terms the practicalities of what might happen for say typical office type use.. Hence, e-mails arriving with spreadsheet or word docs; these are filed in folders, amended, and then returned or forwarded. At the same time, other confidential documents on the computer are also being accessed by Excel and Word.

If say Outlook is untrusted, and I follow the "children" approach of Defense Wall, does Excel ordinarily become untrusted by association with the Excel files accessed from Outlook (or am I confusing "applications" with "files" when following the "children" approach), and hence are any private and confidential Excel documents then not accessible by Excel, etc..??

Should Office programs, therefore, and hence all files associated, essentially always be untrusted, using DW terminology. I had assumed confidential documents should be trusted, and hence be protected from untrusted applications.

For a machine partially accessing office type documents, is Defense Wall as useful in that context as say a simple application white list approach, such as OA HIPS for example? Or does one simply designate Excel and Word as always trusted (if one can?) - to avoid problems with data files. BTW, macros are never allowed to run in these office docs unless specifically called, ie there should be minimal risk from any such data files.

Apols if wrong forum on here (also looked at DW forum, but one must log in there to search and I am not registered).

Many thanks..
Peter

[Ilya Rabinovich]

If you run an Office document with your e-mail program untrusted, it will runs untrusted. If you save this document at your hard driver, it will runs untrusted also.

[jmonge]

Quote:

Originally Posted by Ilya Rabinovich

If you run an Office document with your e-mail program untrusted, it will runs untrusted. If you save this document at your hard driver, it will runs untrusted also.

as simple as that

[pbw3]

OK, that's absolutely crystal clear..

Is the idea with Defense Wall therefore that:

a) the e-mail program should be run as trusted, as I would always expect all spreadsheet and word documents to be trusted (once the external docs were successfully "checked in" from e-mail); or
b) spreadsheet and word documents are generically expected to be untrusted, along hence with the e-mail program (which I would presumably have a problem with unless I am misunderstanding terminology).

My gut tells me now, from the help on DW, that it's b) and, if so, is DW therefore simply geared more towards uses typically different from that I have included above? In which case, that's fine - I am simply keen to understand much better the kind of approaches that would best fit this particular usage.

Or does a) in fact work, simply with the proviso that DW will not then protect against e-mail based vulnerabilities, but as regards all other external facing applications will work fine?

Many thanks...
Peter

[Ilya Rabinovich]

b) is the right choice because "always expects unexpected".

[pbw3]

OK, I understand, and that's really helpful - many thanks for that...

Peter