A macro virus is a type of computer virus (virus: A computer program or macro that "infects" computer files by inserting copies of itself into those files. When the infected file is loaded into memory, the virus can infect other files. Viruses often have harmful side effects.) that is stored in a macro (macro: An action or a set of actions you can use to automate tasks. Macros are recorded in the Visual Basic for Applications programming language.) within a Microsoft Office Visio file, ActiveX control, COM add-in (add-in: A supplemental program that adds custom commands or custom features to Microsoft Office.), or Visio add-on (add-on: A program that extends the Visio application through Automation references to Visio objects, methods, and properties.).
To further help reduce the risk of macro infection in Visio files, set the macro security level to Very High, High, or Medium and use digital signatures (digital signature: An electronic, encryption-based, secure stamp of authentication on a macro or document. This signature confirms that the macro or document originated from the signer and has not been altered.).
Note Because macros can contain viruses, be careful about running them. Among the precautions you take, be sure to run up-to-date antivirus software on your computer, use digital signatures, and maintain a list of trusted publishers of macros. Visio cannot scan a disk, disk drive, or network drive to find and delete macro viruses. If you want this kind of protection, you must purchase and install specialized antivirus software. Visio does, however, display a warning message whenever you open a document that contains macros that might contain a virus.
Security levels for macros
Following are the levels of security to help reduce macro virus infection:
- Very High Only macros installed in trusted locations are allowed to run. All other signed and unsigned macros are disabled. You can disable all macros entirely by setting your security level to Very High and disabling macros installed in trusted locations. To disable macros installed in trusted locations, click Tools, point to Macros, and then click Security. On the Trusted Publisher tab, clear the Trust all installed add-ins and templates check box. This disables all COM add-ins and third-party add-ons, as well as macros.
- High You can run only macros that have been digitally signed and that you confirm are from a trusted source. Before trusting a source, you should confirm that the source is responsible and uses a virus scanner before signing macros. Unsigned macros are automatically disabled, and the file is opened without any warning.
- Medium A warning is displayed whenever a macro is encountered from a source that is not on your list of trusted sources (described below). You can choose whether to enable or disable the macros when you open a file. If the file might contain a virus, you should choose to disable macros.
- Low If you are sure that all the files, add-ins (add-in: A supplemental program that adds custom commands or custom features to Microsoft Office.), and Visio add-ons (add-on: A program that extends the Visio application through Automation references to Visio objects, methods, and properties.) you open are safe, you can select this option— it turns off macro virus protection (however, this setting is not recommended). At this security level, macros are always enabled when you open files.
By default, the security level is set to High. If the security level is set to Medium or High, you can maintain a list of trusted macro sources. When you open a file or load an add-in or Visio add-on that contains macros developed by any of these sources, the macros are automatically enabled.
Digital signatures
A digital signature on a macro is like a wax seal on an envelope— it confirms that the macro originated from the developer who signed it and that the macro has not been altered.
When you open a file or load an add-in or add-on that contains a digitally signed macro, the digital signature appears on your computer as a certificate. The certificate names the macro's source, plus additional information about the identity and integrity of that source. A digital signature does not necessarily guarantee the safety of a macro, so you must decide whether you trust a macro that has been digitally signed. For example, you might trust macros signed by someone you know or by a well-established company. If you are unsure about a file, add-in, or add-on that contains digitally signed macros, carefully examine the certificate before enabling macros or, to be even safer, disable the macros. If you know you can always trust macros from a particular source, you can add that macro developer to the list of trusted sources when you open the file or load the add-in or add-on.
If you are a developer, you can digitally sign macros from within the Visual Basic Editor (Visual Basic Editor: An environment in which you write new and edit existing Visual Basic for Applications code and procedures. The Visual Basic Editor contains a complete debugging toolset for finding syntax, run-time, and logic problems in your code.).
List of trusted publishers
When you open a file that includes signed macros, you are prompted whether you want to trust all macros originating from that publisher. If you select this option, you add the certificate's owner to your list of trusted publishers. Before you decide to do this, you should review the details of the digital certificate— for example, look at the Issued to and Issued by fields to determine whether you trust its publisher, and look at the Valid from field to determine if the certificate is current. The certificate may also include details such as the e-mail name or Web site of the person who obtained the certificate.
Once you add a person (or corporation) to your list of trusted publishers, Visio will enable macros signed by this trusted publisher without showing you a security warning if the security level for macros is set to High or Medium. It is possible, however, to remove entries from the list of trusted publishers.
Note Any certificate trusted in the list of trusted publishers will also be trusted in Microsoft Internet Explorer.
Access to Visual Basic projects
By allowing access to Visual Basic projects, macros in any documents that you open can access the core Visual Basic objects, methods, and properties. In Visio 2003, the Trust access to Visual Basic Project option is turned off by default because it represents a possible security hazard.
To turn on or off the Trust access to Visual Basic Project option:
- On the Tools menu, point to Macros, and then click Security.
- On the Trusted Publishers tab, select or clear the Trust access to Visual Basic Project check box.
United States
Email this link
Printer-Friendly Version
Share
Hide All
