|
|
I basically agree with everything you two have said.
How about you ask the user before letting a macro perform a potentially
risky action? (Unless it's signed of course.)
OTOH, some idiots will click anything put in front of them, so... how
about just turn off all potentially unsafe functionallity unless the
macro is signed, and say "hey, get the macro author to sign this if you
really want it to work"? (But provide no way to actually enable the
macro just by clicking the window.)
The vast majority of macros are for auto-generating document content. If
you turn off the ability to access other files / documents and disable
changing the user's settings, it's pretty much impossible for a
malicious macro to do anything except screw up the document it's already
infected. Dude, how hard is that?
But hey, why do that when you can just completely disable all macro
functionallity?
(Question: Has anybody ever actually *seen* a macro virus? I'm told they
exist, but I've never ever come across one...)
Post a reply to this message
|
|