This article is about macro security and explains the risks involved in enabling macros and how the Trust Center in the 2007 Microsoft Office system can help to mitigate these risks. In this article, the term "document" can mean any Microsoft Office file that can contain macros. The term "macro" means a macro created by using Visual Basic for Applications (VBA).
The purpose of a macro is to automate frequently used tasks. Although some macros are simply a recording of your keystrokes or mouse clicks, more powerful VBA macros are written by developers who use code that can run many commands on your computer. For this reason, VBA macros pose a potential security risk. A hacker can introduce a malicious macro through a document that, if opened, allows the macro to run and potentially spread a virus on your computer.
Before allowing a macro to be enabled in a document, the Trust Center checks for the following:
If the Trust Center detects a problem with any of these, the macro is disabled by default, and the Message Bar appears to notify you of a potentially unsafe macro.
If you click Options on the Message Bar, a security dialog box opens, giving you the option to enable the macro. See the next section for how to make a secure decision before you click an option.
When a security dialog box appears, you have the option to enable the macro or leave it disabled. You should enable the macro only if you are sure it is from a trustworthy source.
Important If you are sure the document and macro are from a trustworthy source and have a valid signature, and you do not want to be notified about them again, instead of changing the default Trust Center settings to a less safe macro security setting, you can click Trust all documents from this publisher in the security dialog box. This adds the publisher to your Trusted Publishers list in the Trust Center. All software from that publisher is trusted. In the case where the macro doesn't have a valid signature, but you trust it and don't want to be notified again, instead of changing the default Trust Center settings to a less safe macro security setting, it is better to move the document to a trusted location. Documents in trusted locations are allowed to run without being checked by the Trust Center security system.
Depending on the situation, the security dialog box describes the specific problem. The following table lists the possible problems and offers advice on what you should or should not do in each case.
|Macro is not signed Because the macro is not digitally signed, the identity of the macro publisher cannot be verified. Therefore, it is not possible to determine if the macro is safe or not.||Before you enable unsigned macros, make sure the macro is from a trustworthy source. You can still work in your document even though you don't enable the macro.|
|Macro signature is not trusted The macro is potentially unsafe, because the macro has been digitally signed, the signature is valid, and you have not chosen to trust the publisher who signed the macro.||You can explicitly trust the macro publisher by clicking Trust all documents from this publisher in the security dialog box. This option appears only if the signature is valid. Clicking this option adds the publisher to your Trusted Publishers list in the Trust Center.|
|Macro signature is invalid The macro is potentially unsafe, because the macro has been digitally signed and the signature is invalid.||We recommend that you don't enable macros with invalid signatures. One possible reason the signature is invalid is that it has been tampered with. For more information, see How to tell if a digital signature is trustworthy.|
|Macro signature has expired The macro is potentially unsafe, because the macro has been digitally signed and the signature has expired.||Before enabling macros with expired signatures, make sure the macro is from a trustworthy source. If you have used this document in the past without any security issues, there is potentially less risk to enabling the macro.|
Macro security settings are located in the Trust Center. However, if you work in an organization, your system administrator might have changed the default setting and prevented you from changing any settings.
Note When you change your macro settings in the Trust Center, they are changed only for the Office program that you are currently using. The macro settings are not changed for all your Office programs.
Tip In Word, Excel, and PowerPoint, you can open the macro security settings dialog box from the Developer tab in the Ribbon. If the Developer tab is not available, click the Microsoft Office Button icon, and then click Program Name Options, where Program Name is the name of the program you are in, for example, Word Options. Click Popular, and then select the Show Developer tab in the Ribbon check box.