What is the point of having a macro language (VBA in Word) when

[code_wrong]

What is the point of having a macro language in Word et al when
the majority of users will have their macros capability turned off
for fear of macro viruses i.e Melissa?

When would one use such a capability?

If you allow the user to turn on the macro capability the risk is huge
What if a user is not security conscious?

regards
cw

 

[Jonathan West]

Hi cw

What is the point of having a macro language in Word et al when
the majority of users will have their macros capability turned off
for fear of macro viruses i.e Melissa?

There are ways of distributing templates with code that will run even when
security is set to high. The general principle is that you need to have a
digital signature with which the template can be signed. When the template
it installed on the user machine, the user has the option of accepting or
not accepting the signature. Accepting it enables the code to run even
though security is still set to High.

I had my doubts about whether the system was workable when it was first
introduced to VBA in Office 2000, but it seems to have worked pretty well
overall.

When would one use such a capability?

Whenever you want to distribute applications into a high-security
environment.

If you allow the user to turn on the macro capability the risk is huge
What if a user is not security conscious?

If the code is signed then the security provisions remain in place for all
unsigned code. All the user is doing by accepting your certificate is
allowing *your* code to run.

 

[Graham Mayor]

You cannot turn off the macro language in Word. What you turn off is the
ability to run macros in templates or documents that you have not produced
yourself. Macros extend the usefulness of Word to produce a wide range of
custom tasks, and the usual plan is to set the security level to medium so
that macros in a 'foreign' document will produce an alert message.

In any case you should not rely on Word to provide security from virus
attack and you should never open any file the pedigree of which you are
uncertain of. Any user who is not security conscious should not be allowed
near a PC

--
<>>< ><<> ><<> <>>< ><<> <>>< <>>< ><<>
Graham Mayor - Word MVP
E-mail (e-mail address removed)
Web site www.gmayor.com
Word MVP web site www.mvps.org/word
<>>< ><<> ><<> <>>< ><<> <>>< <>>< ><<>

 

[Thomas Winter]

You cannot turn off the macro language in Word. What you turn off is the
ability to run macros in templates or documents that you have not produced
yourself. Macros extend the usefulness of Word to produce a wide range of
custom tasks, and the usual plan is to set the security level to medium so
that macros in a 'foreign' document will produce an alert message.

In any case you should not rely on Word to provide security from virus
attack and you should never open any file the pedigree of which you are
uncertain of. Any user who is not security conscious should not be allowed
near a PC

--
<>>< ><<> ><<> <>>< ><<> <>>< <>>< ><<>
Graham Mayor - Word MVP
E-mail (e-mail address removed)
Web site www.gmayor.com
Word MVP web site www.mvps.org/word
<>>< ><<> ><<> <>>< ><<> <>>< <>>< ><<>

Actually, starting with Office XP (I believe) you CAN choose to NOT install
VBA at all. There are articles in the Microsoft Knowledge Base about this
and the consequences.

I agree totally with Graham. Protecting from viruses should be done with
anti-virus software.

-Tom

 

[code_wrong]

Hi cw




There are ways of distributing templates with code that will run even when
security is set to high. The general principle is that you need to have a
digital signature with which the template can be signed. When the template
it installed on the user machine, the user has the option of accepting or
not accepting the signature. Accepting it enables the code to run even
though security is still set to High.

I had my doubts about whether the system was workable when it was first
introduced to VBA in Office 2000, but it seems to have worked pretty well
overall.


Whenever you want to distribute applications into a high-security
environment.


If the code is signed then the security provisions remain in place for all
unsigned code. All the user is doing by accepting your certificate is
allowing *your* code to run.

Thanks Jonathan,
I can see how it can work now.
cw