Some words about “Macro Security” in office applications

StarOffice and OpenOffice.org have a macro engine for good reasons.

You can create very useful solutions based on an office suite, or you can easily automate some tasks.
With macros, you can do almost the same things like with a stand alone native or Java application.

Macros have full access to system resources!

If a user runs a macro, he should be aware that it's the same like running any (downloaded) program.

When loading a document, StarOffice and OpenOffice.org check if there are macros included.

The user can choose between different security levels for macro execution in "Tools / Options / Security / Macro Security":

  • Low (not recommended): Macros are executed without confirmation request.

  • Medium (default): Confirmation required when executing macros from untrusted sources.

  • High: Only signed macros from trusted sources are allowed to run.

  • Very high: Only macros from trusted file locations are allowed to run.

Trusted sources means that the macros are signed by certain people or that the documents are stored in certain locations.

To completely disable document macros, simply set security level to "Very high" and don't configure any trusted source.

My recommendation: Never run any macros if you are unsure whether it's safe.
Same like how you would treat downloaded program files, I hope...

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

Malte Timmermann

Search

Archives
« September 2015
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today