Word 2001:mac, any way to disable all macros?

[Bob Harris]

Howdy,

Have just purchased Office 2001 and am using Word for school. Since I have
no need for macros, and since macros seem to be a continual vector for
viruses, I'd like to disable macros on all the parts of office (Word, Excel,
etc.).

Word doesn't seem to allow this, though. Am I correct? If I'm wrong, how
can I do it? If I'm right, what is the justification for NOT giving this
capability?

Thanks,
Bob H

 

[Beth Rosengard]

Hi Bob,

From the Word 2001 Help:

~~~~~~~~~~~~~~~
Microsoft Word doesn't scan your floppy disk, hard disk, or network drive to
find and remove macro viruses. If you want this kind of protection, you need
to purchase and install antivirus software. However, Word can display a
warning message whenever you open a document that contains macros. You can
then decide whether to open the document with the macros enabled, or to
disable the macros so that you can only view and edit them. A macro virus
can only be harmful if it is allowed to run, so disabling the macros allows
you to open the document safely.
~~~~~~~~~~~~~~~

To enable Word's macro virus protection, go to Preferences> General and be
sure that option is checked. This should certainly be sufficient
protection, especially considering how difficult (though not impossible) it
is for the aware and cautious Mac user to catch a virus. (You do have a
virus protection program installed and you update the virus definitions
regularly, right? And I'm sure you know not to open attachments
carelessly.)

--
Beth Rosengard
Mac MVP

Mac Word FAQ: <http://word.mvps.org/FAQs/WordMac/index.htm>
Entourage Help Page: <http://www.entourage.mvps.org/toc.html>

 

[Bob Harris]

Howdy,

Well, the language has me a little confused. "Word can display a warning
message whenever you open a document that contains macros" would be
adequate. The problem is, what the checkbox in preferences:general says is
"macro virus protection". The connotation I would normally assign to the
phrase "macro virus protection" is that when I open a document with a macro,
the software checks the macro for viruses and if it doesn't think it has
one, it allows the macro to run. Not very effective. Apparently that's not
the meaning that microsoft intends for that phrase. If it indeed means that
it will let me choose for *every* macro that is attempted, then I'm ok.

However, I did see in the security notes for the 9.0.4 update that there was
a fix for a problem whereby a virus could get around the "macro virus
protection" in the earlier version. While it sounds comforting that they've
fixed that problem, what confidence can I have that there isn't some other
macro-related problem that they didn't fix. I have zero need for macros.
It would seem like a better solution would be to just allow me to choose to
disable all macros right up front.

I do run a virus scanner and I update the definitions monthly. And I am
careful about what I open. But that won't make me immune, for two reasons.
(1) virus scanners don't detect newer viruses until the virus is discovered.
(2) microsoft puts a lot of 'helper' things into their apps, so that things
get automatically launched without my being asked. I am concerned that I
will click on a link on a web page, which is a disguised link to a .doc
file, IE will automatically load and open the .doc file, and the macros will
run. I didn't have to worry about this sort of thing until I purchased
office 2001 because I didn't *have* word. And the problem is that they
often make the default for things like this be such that the helper is on,
and so without knowing it I've got a wide security breach.

Thanks,
Bob H

 

[Bob Harris]

Beth Rosengard

From the Word 2001 Help:

~~~~~~~~~~~~~~~
Microsoft Word doesn't scan your floppy disk, hard disk, or network drive to
find and remove macro viruses. If you want this kind of protection, you need
to purchase and install antivirus software. However, Word can display a
warning message whenever you open a document that contains macros. You can
then decide whether to open the document with the macros enabled, or to
disable the macros so that you can only view and edit them. A macro virus
can only be harmful if it is allowed to run, so disabling the macros allows
you to open the document safely.
~~~~~~~~~~~~~~~

One other thing... I *did* try to find this info in Word 2001 Help prior to
posting. I did a search for "how do I disable macros". The text above is
not one of the hits for this query. The closest thing I got to that was
something about how to "stop checking documents for macro viruses", language
that only strengthened by belief that it was doing a virus check, rather
than letting me choose whether I want to run each macro or not.

Thanks for your help. Am not really trying to belabor the point, but I
think they could do a lot better job with their description of things.

Bob H

 

[Dayo Mitchell]

Thanks for your help. Am not really trying to belabor the point, but I

think they could do a lot better job with their description of things.

No one's gonna argue with you on that one!

 

[Dayo Mitchell]

Hi Bob,

While I really think you will be fine, mainly because viruses aren't written
to attack Macs, your concerns make sense. Word doesn't appear to be the
vehicle of choice for major virus-writers, either. But I've been using
Office for years, am only moderately careful, and have never had a virus.

However, you can send feedback directly to the unit that develops the
MacOffice at this link:
http://www.microsoft.com/mac/feedback/suggestion.asp
They are unlikely to respond to you, but they will read it. Since one can
disable macros per-document, it might be realistic to hope for a way of
disabling macros across the board.

In your internet control panel, you can can set which web browser will
automatically load when you click on a link, if you feel like you have more
control with a different program.

Dayo

 

[Bob Harris]

While I really think you will be fine, mainly because viruses aren't written
to attack Macs, your concerns make sense. Word doesn't appear to be the
vehicle of choice for major virus-writers, either. But I've been using
Office for years, am only moderately careful, and have never had a virus.

However, you can send feedback directly to the unit that develops the
MacOffice at this link:
http://www.microsoft.com/mac/feedback/suggestion.asp
They are unlikely to respond to you, but they will read it. Since one can
disable macros per-document, it might be realistic to hope for a way of
disabling macros across the board.

Thanks for that. I might drop them a note, although surely you would expect
that it would have occurred to them previously that an easy way to prevent
macro viruses is to prevent macros. It would seem that, for whatever
reason, they feel like macros are far too valuable to let customers disable
them outright.

Thanks for your thoughts, and for the info,
Bob H

 

[Phillip M. Jones, C.E.T.]

The only exception to that rule is that Word Macro virues are just as dangerous
and can cause an equal amount of damage on PC or Mac. The problem comes from
that Macro language used is 100% identical on the Mac or PC version of Office.

Even Symantec recommends that you avoid using Macros if at all possible, and to
never, ever accept a Office Document that uses Macros.

Hi Bob,

While I really think you will be fine, mainly because viruses aren't written
to attack Macs, your concerns make sense. Word doesn't appear to be the
vehicle of choice for major virus-writers, either. But I've been using
Office for years, am only moderately careful, and have never had a virus.

However, you can send feedback directly to the unit that develops the
MacOffice at this link:
http://www.microsoft.com/mac/feedback/suggestion.asp
They are unlikely to respond to you, but they will read it. Since one can
disable macros per-document, it might be realistic to hope for a way of
disabling macros across the board.

In your internet control panel, you can can set which web browser will
automatically load when you click on a link, if you feel like you have more
control with a different program.

Dayo

--
---------------------------------------------------------------------------
Phillip M. Jones, CET |MEMBER:VPEA (LIFE) ETA-I, NESDA,ISCET, Sterling
616 Liberty Street |Who's Who. PHONE:276-632-5045, FAX:276-632-0868
Martinsville Va 24112-1809 |[email protected], ICQ11269732, AIM pjonescet
---------------------------------------------------------------------------

If it's "fixed", don't "break it"!

mailto[email protected]

<http://www.kimbanet.com/~pjones/default.htm>
<http://home.kimbanet.com/~pjones/birthday/index.htm>
<http://vpea.exis.net>

 

[Dayo Mitchell]

Thanks, Phillip, for the correction. I was (illogically) focusing on the
several .pif, .zip etc files that I am getting every day.
Dayo

 

[John McGhie [MVP - Word]]

Hi Bob:

I think you can take comfort from the following thoughts:

1) The macro virus protection will warn you if a document has ANY kind of
active content in it. If you do not trust the document or its source, you
simply say "Disable Macros" when prompted and you are utterly safe.

2) If you wish to disable all macros, do not install Visual Basic for
Applications. That's it: they're gone: the run-time engine is no longer on
your computer.

Personally, I wouldn't do that, because various things such as the Clip
Gallery which are part of Office depend on VBA for their functioning: some
of the Word user interface is done in VBA, some commands are also.

3) To cause any damage, a macro has to find out that it is on a Mac, find
out where the stuff that could be damaged is, then call Apple system
commands to do its nasty work. The techniques involved are not simple and
they're not at all common. It requires a level of technical expertise well
above the abilities of your average virus writer: most of the viruses out
there (despite what the media might have us believe...) are fairly
simplistic and rather badly programmed by people who usually do not have any
great skill at programming.

The likelihood that someone with the necessary skills to defeat the security
provisions of both Microsoft and Apple might spend the time it would take
with practically zero chance of success is small. To spread, a virus needs
to find a critical mass of computers it is compatible with in the network
population. Given that that probably means something like 25 per cent of
the network population, there's no chance of finding that many Macs out
there (a virus that does damage on Mac will not do so on Windows or
vice-versa...).

4) Microsoft is removing VBA, from all of its products. The reason is that
by its very design, it cannot be made sufficiently secure for a
massively-networked world such as we are now living in. It was designed to
be convenient and powerful when computers were stand-along (or networked
only within the company).

VBA has been replaced by something called The Common Language Runtime, which
is designed from the ground up to be secure. The most common example of it
is dot-Net, which is designed from a clean sheet of paper to survive in the
white-heat flames of the Internet

In the meantime, the flavour of VBA contained in Mac Word is very severely
cut back. Security wasn't the reason they did that: lack of time and money
was. But the effect is that a lot of the powerful system calls you need to
write a damaging virus are simply not available in the Mac Word flavour of
VBA (either Word X or Word 2004).

So if I were you, I would leave VBA in place (it is on my computer...) run
an AntiVirus (I use Norton...) and a firewall (I use BrickHouse...). Then
relax. Not enough of VBA works on the Mac to give you a serious likelihood
of getting a problem.

Hope this helps

This responds to article

Thanks for that. I might drop them a note, although surely you would expect
that it would have occurred to them previously that an easy way to prevent
macro viruses is to prevent macros. It would seem that, for whatever
reason, they feel like macros are far too valuable to let customers disable
them outright.

Thanks for your thoughts, and for the info,
Bob H

--

Please respond only to the newsgroup to preserve the thread.

John McGhie, Consultant Technical Writer,
McGhie Information Engineering Pty Ltd
Sydney, Australia. GMT + 10 Hrs
+61 4 1209 1410, mailto:[email protected]