|
 |
And lo on Fri, 07 Dec 2007 09:58:06 -0000, Invisible <voi### [at] dev null> did
spake, saying:
> I basically agree with everything you two have said.
>
> How about you ask the user before letting a macro perform a potentially
> risky action? (Unless it's signed of course.)
I believe that's called Vista ;-)
> OTOH, some idiots will click anything put in front of them, so... how
> about just turn off all potentially unsafe functionallity unless the
> macro is signed, and say "hey, get the macro author to sign this if you
> really want it to work"? (But provide no way to actually enable the
> macro just by clicking the window.)
Then you'd just get the 'unsafe' macros being signed, unless you want to
force everyone to buy a certificate?
> The vast majority of macros are for auto-generating document content. If
> you turn off the ability to access other files / documents and disable
> changing the user's settings, it's pretty much impossible for a
> malicious macro to do anything except screw up the document it's already
> infected. Dude, how hard is that?
Except where you want a macro to be able to access other documents and
files and change settings. For example IIRC in one version of Word to
print out a document to a non-default printer via VBA requires you to
change the default printer to the one you want to print to then change it
back again.
> But hey, why do that when you can just completely disable all macro
> functionallity?
Because it's easier
> (Question: Has anybody ever actually *seen* a macro virus? I'm told they
> exist, but I've never ever come across one...)
In the early days when they were new, sure. Not so much nowadays.
--
Phil Cook
--
I once tried to be apathetic, but I just couldn't be bothered
http://flipc.blogspot.com
Post a reply to this message
|
|
