Understanding Content Security

In response to growing threats from viruses and worms, Microsoft launched a security initiative in early 2002, called Trustworthy Computing, to focus on making all its products safer to use. In an e-mail sent to employees, Bill Gates summed up the seriousness of the initiative:

“In the past, we’ve made our software and services more compelling for users by adding new features and functionality, and by making our platform richly extensible. We’ve done a terrific job at that, but all those great features won’t matter unless customers trust our software. So now, when we face a choice between adding features and resolving security issues, we need to choose security. Our products should emphasize security right out of the box, and we must constantly refine and improve that security as threats evolve.”

Prior to Microsoft Access 2003, it was quite possible for a malicious person to send you a database file that contained code that could damage your system. As soon as you opened the database, the harmful code would run-perhaps even without your knowledge. Or the programmer could embed dangerous code in a query, form, or report, and your computer would be damaged as soon as you opened that object. In version 11 (Access 2003), you were presented with a series of confusing dialog boxes when you opened an unsigned database file if you had left your macro security level set to medium or high. After wading through the various dialog boxes, you could still be left with a database you were unable to open.

Access 2007 improves upon the security model by adding a new component to the Access interface called the Trust Center. This new security interface is far less confusing and intrusive than the Access 2003 macro security feature. With a security level set to high in Access 2003, you would not be able to open any database files because all Access databases could have some type of macros, VBA code, or calls to unsafe functions embedded in their structure. Any database with queries is considered unsafe by Access 2007 because those queries could contain expressions calling unsafe functions. In Access 2007, each database file opens without presenting you with a series of dialog boxes like in Access 2003. Depending on where your file is located on the local computer drive or network share, Access silently disables any malicious macros or VBA code without any intrusive dialog box messages.

Temporarily Enabling a Database That Is Not Trusted

When you open an existing database or template, you might see a Security Warning message displayed in the Message Bar, just below the Quick Access Toolbar and Ribbon as shown in Figure 2–15. This message notifies you that Access has disabled certain features of the application because the file is not digitally signed or is located in a folder that has not been designated as trusted.

Figure 2–15: The Message Bar alerts you if Access has disabled certain content.

In order to ensure that any restricted code and macros function in this database, you must manually tell Access to enable this content by clicking the Options button on the Message Bar. This opens a dialog box, called Microsoft Office Security Options, as shown in Figure 2–16. This dialog box warns you that this file’s content cannot be verified because a digital certificate was not found.

Figure 2–16: You can enable blocked content from the Microsoft Office Security Options dialog box.

You can choose to have Access 2007 continue to block any harmful content by leaving the default option set to Help Protect Me From Unknown Content (Recommended). By having Access block any harmful content, you can be assured that no malicious code or macros can execute from this database. However, you also have to realize that because Access blocks all Visual Basic code and any macros containing a potentially harmful command, it is quite possible that this application will not run correctly if you continue to let Access disable potentially harmful functions and code. In order to have Access discontinue blocking potentially harmful content, you must select the Enable This Content option. After you select that option and click OK, Access closes the database and then reopens the file to enable all content. Access does not display the Message Bar after it reopens the file, and all functions, code, and macros are now allowed to run in this specific database.

Understanding the Trust Center

You might have noticed in the lower-left corner of the Microsoft Office Security Options dialog box a link to the Trust Center. You can also open the Trust Center from the Access Options dialog box, which you can open by clicking the Microsoft Office Button discussed earlier. We will discuss the Access Options dialog box later in this chapter; see “Modifying Global Settings via the Access Options Dialog Box” on page 87.

Click Open The Trust Center in the Microsoft Office Security Options dialog box to view the advanced security settings. If the Message Bar is not currently available, click the Microsoft Office Button in the upper-left corner and then click Access Options. In the Access Options dialog box, click the Trust Center category on the left and then click the Trust Center Settings button. In the Trust Center dialog box, shown in Figure 2–17, you see six categories of security settings.

Figure 2–17: The Trust Center dialog box displays various categories in which you can select trust and privacy options.

Briefly, the categories are as follows:

• Trusted Publishers.   Use to view and remove publishers you have designated as being trustworthy. When applications are digitally signed by one of these trusted publishers, Access does not disable any content within the database and the Message Bar does not display any warning. By default, digitally signed applications from Microsoft are trusted. You might see one or more additional trusted publishers if you have ever tried to download and run a signed application and have indicated to Windows that you trust the publisher and want to save the publisher’s certificate. See Chapter 25, “Distributing Your Application,” for information about digitally signing your own applications.

• Trusted Locations.   Use to designate specific folders and subfolders as trusted locations. Access considers any database files within this folder as trustworthy, and all content in these folders is enabled. In the Trusted Locations category, each designated trusted folder is listed with the file path, an optional description, and the date the entry was last modified. See “Enabling Content by Defining Trusted Locations” on the next page for details about using the options in this category.

• Add-Ins.   Use to set specific restrictions on Access add-in files by selecting or clearing the three check boxes in this category. An add-in is a separate program or file that extends the capabilities of Access. You can create these separate files or programs by using Visual Basic for Applications (VBA) or another programming language such as C#. You can require that add-in files be signed by a trusted publisher before Access will load and run them. If you select the option to require that add-ins be signed, you can disable notifications for add-ins that are unsigned. For added security, you can disable all application add-in functionality.

• Macro Settings.   Use to configure how Access handles macros in databases that are not in a trusted location. Four options are available with this feature, only one of which can be active at any given time. Table 2–1 discusses the purpose of each option.

  Table 2–1: Macro Settings
  Open table as spreadsheet

  Option	Purpose
  Disable All Macros Without Notification	Access disables all harmful content, but does not notify you through the Message Bar.
  Disable All Macros With Notification	Access disables all harmful content but notifies you through the Message Bar that it has disabled the content. This is the default option for new installations of Access. This is equivalent to the Medium macro security level option available in Access 2003.
  Disable All Macros Except Digitally Signed Macros	Access allows only digitally signed macros (code in digitally signed databases). All other potentially harmful content is disabled. This is equivalent to the High macro security level option available in Access 2003.
  Enable All Macros (not recommended, potentially dangerous code can run)	Access enables any and all potentially harmful content. In addition, Access does not notify you through the Message Bar. This is equivalent to the Low macro security option available in Access 2003.

• Message Bar.   Use to configure Access either to show the Message Bar when content has been disabled or not to display the bar at all.

• Privacy Options.   Use to enable or disable actions within Access regarding computing privacy, troubleshooting system problems, and scanning suspicious Web site links. The first check box under Privacy Options tells Access to scan Microsoft’s online help site when you are connected to the Internet. If you clear this check box, Access scans only your local hard drive when you conduct a search in Help. The second check box, Update Featured Links From Microsoft Office Online, tells Access to display some current Microsoft Office Online featured links on the Getting Started screen. Selecting the third check box instructs Access to download and activate a special file from Microsoft’s site that helps you troubleshoot Access and Office program installation and program errors. The fourth check box allows you to sign up for the Customer Experience Improvement Program. Microsoft uses this program to track statistics of the features you use the most frequently and gather information about your Microsoft Office system configuration. These statistics help determine changes in future program releases. The final check box under Privacy Options allows Access to automatically scan Office documents for possible links to and from suspicious Web sites. This last option is turned on by default to help safeguard your computer against documents containing harmful Web links.

Enabling Content by Defining Trusted Locations

You can permanently enable the content in a database that is not trusted by defining a folder on your hard drive or network that is trusted and then placing the database in that folder. Or, you can define the folder where the database is located as trusted. You define trusted locations in the Trust Center dialog box.

To define a trusted location, click the Microsoft Office Button and then click Access Options. In the Access Options dialog box, click the Trust Center category and then click the Trust Center Settings button. Access displays the Trust Center dialog box. Click the Trusted Locations category to see its options, as shown in Figure 2–18.

Figure 2–18: The Trusted Locations category in the Trust Center dialog box shows you locations that are currently trusted.

Click the Add New Location button. Access now displays the Microsoft Office Trusted Location dialog box shown in Figure 2–19.

Figure 2–19: Creating a new trusted location from the Microsoft Office Trusted Location dialog box.

Click the Browse button and locate the folder you want to designate as trusted. You can optionally designate any subfolders in that directory as trusted without having to designate each individual folder within the hierarchy. Enter an optional description you want for this folder, and click OK to save your changes. The new location you just specified now appears in the list of trusted locations. If you later decide to remove this folder as a trusted location, select that location, as shown in Figure 2–18, and then click the Remove button. Any Access databases in that folder are now treated as unsafe. Figure 2–18 also shows two check boxes at the bottom of the dialog box. The first check box allows you to define network locations as trusted locations. Microsoft recommends you not select this check box because you cannot control what files others might place in a network location. The second check box disables all Trusted Location settings and allows content only from trusted publishers.