Best Practices
The best defense against e-mail viruses and Web viruses is to educate users about how to safely use the Internet. You should teach users how to answer common prompts relating to ActiveX controls and macros.
By keeping antivirus software up to date you will be protected from nearly all known attacks on Office applications and documents.
Always apply the latest security updates to any application that you use on your network, including Internet Explorer and Office.
Use the IEAK and the CIW to install security default settings for Internet Explorer and Office XP.
Import the Administrative Templates included with the Microsoft Office XP Resource Kit (Microsoft Press, 2001) into Group Policy and configure the security settings for Office applications that users work with on your network.
Do not install applications on computers if they will not used. For example, if a user will be using only Microsoft Word and Outlook, do not install Microsoft PowerPoint and Microsoft Excel on his computer. This will increase the potential attack surface of the computer.