Safeguarding Against Macro Viruses
3 4
Although the overriding purpose of macros is to streamline common tasks and procedures performed in Word and other applications, the unfortunate fact is that macros can also serve as a breeding ground for computer viruses. A macro virus is a type of computer virus that originates within a file, a template, or an add-in. As a Word user contemplating security issues, you need to be aware of macro viruses and how you can configure Word to assist you in recognizing when a macro might present a risk.
Note
Microsoft devotes a number of areas on its Web site to security issues. For example, if you want to find out more about security, visit http://www.microsoft.com/technet/security and http://www.microsoft.com/security. You can also visit the Office site, at http://www.microsoft.com/office, and search for security using the Search This Site box.
Preventing Viruses in Word Documents
One strategy you can use to combat macro viruses when working in Word is to attach digital signatures to macros to identify their origin. Then, if you trust the origin of the digital signature, you're safe to enable the macro. Keep in mind that digital signatures enable you to identify and run macros from trusted sources; they do not locate and eliminate viruses.
In addition to using digital certificates, which can provide assurance regarding the person from whom a file or macro originated (as discussed in the section "Using Digital Certificates to Digitally Sign Files and Macros."), you can specify how you want Word to react when it encounters documents that contain macros. To do this, you set Word security levels, as described next.
Tip
For the best protection against viruses, you should purchase and install third-party antivirus software to work in conjunction with Word's security settings.
Setting Word Security Levels
When Word encounters a document, it determines whether the document contains macros. If the document doesn't contain any macros, Word opens it without any warnings. If the document contains macros, Word opens it based on the current security settings. In Word, you can choose one of the following three levels of security:
- High. This setting allows only signed and trusted macros to run. When you use this setting, you can run only macros that have been digitally signed and are listed as from a trusted source. Unsigned macros are automatically disabled before the file is opened.
- Medium. When Word is set to medium-level security, you receive prompts asking whether you want to enable or disable macros on a file-by-file basis. Whenever a file containing macros is encountered that's signed by a source that's not listed as a trusted source, Word allows you to choose whether you want to enable or disable the macros when you open the file.
- Low. This setting turns off all macro security warnings and trusts all macros. In other words, all files, including files that contain macros, will always open without a warning when you configure Word with the Low security level. You should consider using this setting only if you have installed the latest version of a virus scanner, if the most current virus signature files for your virus program are installed, and if you're absolutely sure that the documents you're opening can be trusted.
By default, Word's security is set to High, and this is the recommended setting. To display Word's security options, choose Tools, Options, click the Security tab, and then click Macro Security. In the Security dialog box, click the Security Level tab, shown in Figure 34-11. You can specify any security level, but you should consider retaining Word's High security-level setting unless a particular need arises that requires you to lower your security settings.
Figure 34-11. The Security Level tab in the Security dialog box enables you to specify how Word should react when you open a document that contains macros.
Viewing and Removing Trusted Sources
When you open a file that includes signed macros (and the signer isn't included on your trusted sources list, as described in this section), you'll be asked whether you want to trust all macros from the signer. If you click Yes, the signer will be added to your list of trusted sources. Before you add a signer, you should carefully review the source's certificate. You should especially review the certificate's Issued To, Issued By, and Valid From fields. After you add a signer to your trusted sources list, Word will automatically enable macros signed by the source in the future.
If you later decide that you'd like to remove a signer from your trusted sources list, you can do so at any time, as follows:
- Choose Tools, Options, and click the Security tab.
- Click Macro Security to open the Security dialog box.
- Click the Trusted Sources tab, shown in Figure 34-12.
Figure 34-12. If you've added any sources to your trusted sources list, they'll appear on the Trusted Sources tab in the Security dialog box.
- Select the source you want to remove, click Remove, and then click OK.
Microsoft digitally signs all templates, add-ins, and macros shipped with Office XP. After you add Microsoft to your list of trusted sources for one of these installed files, all subsequent interactions with these files will not generate messages.
Tip - Add your Selfcert.exe certificate to trusted sources lists
Office XP applications will allow you to add the owner of an unauthenticated certificate (such as a Selfcert.exe certificate) to the list of trusted sources only when the certificate is used on the same computer on which it was initially created. This means that you can create a certificate using Selfcert.exe and sign your own personal macros, and you can trust that certificate on your computer. But if you attempt to share your file with other users, they won't be able to run your macros if their security is set to High.
EAN: 2147483647
Pages: 337