لطفا منتظر باشید ...
Dealing with Macro Security
Macros are the primary way that data file viruses spread, so it's good to be cautious about them. For example, a Word macro virus was very common several years ago that forced documents to be saved as templates rather than as regular documents.
Setting the Macro Security Level in PowerPoint
Office 2003 offers greatly enhanced security features over earlier versions, especially in the area of macros. You can set four levels of macro security: Very High, High, Medium, or Low. Choose Tools ⇨Macros⇨ Security to set the level you want; the explanations next to each option button in that dialog box will explain the differences between the settings (see Figure 19-7).
Figure 19-7: Set the macro security level in PowerPoint.
The Trusted Publishers tab lists the macro publishers whose macros will be allowed if you use the High setting. You cannot add to this list from within this window, but you can delete from it. There may also be a Prior Trusted Publishers tab, listing trusted sources that were migrated from a previous version of PowerPoint.
Opening a Presentation Containing Macros
When you open a presentation that contains macros that are signed from trusted sources, the presentation simply opens, even if you have High security set.For unsigned macros, or macros not from a trusted source, the behavior depends on the security settings you chose. With High or Very High, the presentation opens with the macros disabled. With Low, it opens with them enabled. With Medium, the dialog box shown in Figure 19-8 appears so you can decide what you want to do.
Figure 19-8: When Medium security is used, you are prompted about macros being enabled or disabled.
Understanding Digital Signatures
If you decide to create and distribute macros professionally, the best way to ensure that the macros you write and use have not been tampered with is to get a digital certificate from a certificate authority such as VeriSign and sign all your macro projects with it. A digital certificate is a code that matches up with a code stored on the certificate authority service, to verify that you are a legitimate certificate holder and that your work has not been changed since it was signed.There are two ways that a digital signature helps in such situations. One is that it identifies the creator of the macro, giving the user a measure of ease in knowing that it has not come from some unknown source. The other is that the certificate authority verifies that it has not been changed.
CREATING YOUR OWN DIGITAL CERTIFICATE
You can create your own digital signature certificates, but you get only partial benefit from them. They do help in telling users who created the macro, but they do not certify that the content of the macro has not been changed. Because they are not connected to any central authority, they do not provide the ironclad verification of a certificate from a trusted source. Macros you create with a self-generated certificate are known as self-signed.
Self-signed macros are not considered secure and will not execute if macro security is set to Very High or High. If security is set to Medium, the Security Warning box appears, as shown in Figure 19-8. The exception is when the macro is being executed on the same PC as it was created or on a computer that has the private key for that certificate.Create your certificates with the SelfCert.exe utility; from Windows, choose Start⇨All Programs⇨Microsoft Office Tools⇨Digital Certificate for VBA Projects. Then, just enter the name for the certificate and click OK. Simple enough!
SIGNING A MACRO DIGITALLY
After creating or acquiring a certificate, here's how to sign a macro with it.Open the macro in the Visual Basic Editor, and in the Project Explorer pane, click the project. Then choose Tools⇨Digital Signature. If you have not previously selected a digital certificate or want to use a different one, click Choose, select the one you want, and click OK. Otherwise, to use the current certificate, just click OK.
| Caution | You should sign a macro only after it is completely finalized, because if you edit the signed macro later, the signature is removed. (However, it will automatically be resigned when saved if you have the proper certificate on your PC.) |
VIEWING THE SECURITY CERTIFICATE
To view the certificate for the active presentation's macros, open the Visual Basic Editor, select the macro project (probably Module 1), and then choose Tools⇨Digital Signature. In the Digital Signature dialog box, click Detail.
ADDING A MACRO PUBLISHER TO THE LIST OF TRUSTED SOURCES
Only macros with digital certificates from valid certificate authorities may be added to your list of trusted sources. Digital certificates created with SelfCert.exe may be added to the trusted source list only on the PC on which the macro was created.In addition, the trusted sources list may be edited only when macro security is set to High or Medium.To add a publisher to the list, when the security warning dialog box pops up to ask you about whether or not to enable the macros, choose Always Trust Macros from This Publisher. This will add that publisher to the list, and you won't be asked again.
To remove the publisher from the list, choose Tools⇨Macro⇨ Security and on the Trusted Publishers tab, select a source and click Remove.
| Note | If you had any trusted publishers set up in an earlier version of Office and you upgraded to Office 2003, there may be a Prior Trusted Publishers tab in the Security dialog box. You can remove any from there that you don't want. To move a publisher from the Prior tab to the regular Trusted Publishers tab, delete them from the Prior tab, then open a presentation that contains their macros, and choose Always Trust Macros from This Publisher, same as with a brand-new publisher source. |
