microsoft ® office 2007 training security ii: turn off the message bar and run code safely p j...
TRANSCRIPT
Microsoft® Office 2007 Training
Security II: Turn off the Message Bar and run code safely
P J Human Resources Pte Ltdpresents:
Security II: Turn off the Message Bar and run code safely
Course contents
• Overview: When a source is trustworthy
• Lesson: Run macros and other code safely
The lesson includes a list of suggested tasks and a set of test questions.
Security II: Turn off the Message Bar and run code safely
Overview: When a source is trustworthy
Whenever you open a file that contains code such as a macro, ActiveX control, or add-in, Office disables the code, and you have to use the Message Bar to enable the blocked content.
So why turn off the Message Bar? Because you can save yourself and your co-workers a lot of time.
Office provides several ways to turn off the Message Bar and run code safely; this course explains the most secure options.
Security II: Turn off the Message Bar and run code safely
Course goals
• Add a digital certificate to your list of trusted publishers.
• Remove a digital certificate from your list of trusted publishers.
• Create a trusted location.
• Run files that contain unsigned code in a trusted location.
Lesson
Run macros and other code safely
Security II: Turn off the Message Bar and run code safely
Run macros and other code safely
Imagine you’ve created a macro — an automated set of instructions — for one of your Microsoft Office Word documents.
Your co-workers like using the file, but every time they run it they have to use the Message Bar and a security dialog box before the macro can run.
They’d love to just open the file without having to deal with the Message Bar and a security dialog box.
Security II: Turn off the Message Bar and run code safely
Run macros and other code safely
So how can you solve that problem without putting computers and data at risk?
1
2
If the code is signed, meaning it has a digital certificate applied to it, you can “trust” the certificate by adding it to a list of trusted publishers. This is the safest option, and the one you should always try to use.
If the code isn’t signed, but you’re sure you can trust the publisher, you can place the file in a trusted location.
Office gives you several options.
Security II: Turn off the Message Bar and run code safely
Run macros and other code safely
So how can you solve that problem without putting computers and data at risk?
3 If you write code for your own use, you can also create a self certificate, use that to sign your code, and then trust that certificate.
Office gives you several options.
This course explains how to use the first two options and introduces the third.
Security II: Turn off the Message Bar and run code safely
Trust a digital certificate
You “trust” a digital certificate by adding it to your list of trusted publishers.
It’s a straightforward process, but remember you don’t see the commands discussed here unless you open a file that contains signed code.
If a file contains unsigned code, you can enable it, but not trust it permanently, which means you’ll see the message bar every time you open the file.
Security II: Turn off the Message Bar and run code safely
Trust a digital certificate
You “trust” a digital certificate by adding it to your list of trusted publishers.
1
2
When you open a file that contains code, the Message Bar displays a security warning, indicated by the shield on the left.
Click Options. That starts the Security Warning dialog box.
Security II: Turn off the Message Bar and run code safely
Trust a digital certificate
You “trust” a digital certificate by adding it to your list of trusted publishers.
3 If the code is signed, you can click Trust all documents from this publisher, and then click OK.
Security II: Turn off the Message Bar and run code safely
Remove a digital certificate
As a rule, you should check your list of trusted publishers regularly, and remove any invalid certificates.
Certificates that come from large corporations, such as Verisign, are updated automatically and you almost never need to remove them.
However, self certificates do expire. They can also become invalid for a variety of reasons, such as when someone tampers with a macro.
Security II: Turn off the Message Bar and run code safely
Remove a digital certificate
So it’s a good idea to keep your list of trusted publishers up to date.
1
2
Click the Microsoft Office button, and then click the program’s Options button. For example, if you’re working in Word, click Word Options.
Click Trust Center, and then click Trust Center Settings.
Security II: Turn off the Message Bar and run code safely
Remove a digital certificate
So it’s a good idea to keep your list of trusted publishers up to date.
3 Click Trusted Publishers, click the certificate you want to remove, and then click Remove.
Security II: Turn off the Message Bar and run code safely
Create a trusted location
If you receive code that isn’t signed but that you can trust, you can keep the Message Bar from appearing by running that code in a trusted location — a folder you designate as trusted.
1
2
Start the Options dialog box for your program, click Trust Center, and then click Trust Center Settings.
Click Trusted Locations, and then click Add New Location.
Security II: Turn off the Message Bar and run code safely
Create a trusted location
If you receive code that isn’t signed but that you can trust, you can keep the Message Bar from appearing by running that code in a trusted location — a folder you designate as trusted.
3 Use the Microsoft Office Trusted Location dialog box to locate the folder you want to designate as trusted. As a rule, that folder should reside on your local hard drive. When you finish, place any files with unsigned code in the folder. The code will run when you open the file.
Security II: Turn off the Message Bar and run code safely
Another option: sign your own code
You may not always be able to create a trusted location.
For example, your IT department or network administrator may prevent you from creating them at all.
So, if you create and run your own code, how can you keep the Message Bar from appearing?
By creating a self certificate and signing your own code.
Security II: Turn off the Message Bar and run code safely
Another option: sign your own code
The process isn’t complex: You create a certificate for your own use and then use that certificate to sign your code.
After that, you can trust the signature and run your code, but only on your computer.
Self certificates aren’t valid for your co-workers or other users because they haven’t been authenticated by a certificate authority.
Security II: Turn off the Message Bar and run code safely
Other security features
Office 2007 provides several other security features, and you use them by starting the Trust Center.
1
2
Use the Add-Ins page to require all add-ins to be code signed or to disable them entirely.
Use the Macro Settings page to set the conditions under which macros run, and the type of notification other users see when they try to run a macro.
Security II: Turn off the Message Bar and run code safely
Other security features
Office 2007 provides several other security features, and you use them by starting the Trust Center.
3 Use the Message Bar page to show or hide the Message Bar. Unless you know what you’re doing, never disable the Message Bar. Disabling the Message Bar will not allow code to run.
Security II: Turn off the Message Bar and run code safely
Other security features
Office 2007 provides several other security features, and you use them by starting the Trust Center.
Use the Privacy Options page to control a number of items, including whether the parent program checks files that come from suspicious links or other sources.
4
Security II: Turn off the Message Bar and run code safely
Other security features
Office 2007 provides several other security features, and you use them by starting the Trust Center.
Important: Unless you have some experience with security, leave these features and settings alone. Changing them can make your computer harder to use, or put it and your data at risk.
Security II: Turn off the Message Bar and run code safely
Suggestions for practice
1.Trust a digital certificate.
2.Run a trusted macro.
3.Remove a certificate from your list of trusted publishers.
4.Create a trusted location.
5.Run a file in a trusted location.
Online practice (requires Word 2007)
Security II: Turn off the Message Bar and run code safely
Test question 1
Trusting the publisher is a process of what? (Pick one answer.)
1. Using a trusted location to open a file that contains a macro or other code.
2. Adding a digital certificate to your list of trusted publishers.
3. Enabling the content each time you open a file that contains a macro or other code.
Security II: Turn off the Message Bar and run code safely
Test question 1: Answer
Adding a digital certificate to your list of trusted publishers.
You do that by opening the file, clicking Options on the Message Bar, and then trusting all content from that publisher.
Security II: Turn off the Message Bar and run code safely
Test question 2
You can only run signed code in a trusted location. (Pick one answer.)
1. True.
2. False.
Security II: Turn off the Message Bar and run code safely
Test question 2: Answer
False.
The ability to run unsigned code in a trusted location is why you only open files from sources you trust.
Security II: Turn off the Message Bar and run code safely
Test question 3
Which of these statements best describes a trusted publisher? (Pick one answer.)
1. Someone who writes non-malicious code.
2. A person or company who signs code with a digital certificate that you choose to trust.
3. A person or company who issues digital certificates to software developers.
Security II: Turn off the Message Bar and run code safely
Test question 3: Answer
A person or company who signs code with a digital certificate that you choose to trust.
Even you can be a trusted publisher, if you self sign your own code and run it on your own computer.
Security II: Turn off the Message Bar and run code safely
Quick Reference Card
For a summary of the tasks covered in this course, view the Quick Reference Card.