Features versus Security versus User Education

• To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
• Subject: Features versus Security versus User Education
• From: Steve Sheldon <sheldonVISI.COM>
• Date: Mon, 29 Mar 1999 22:18:16 -0600
• Approved-By: Russ.CooperRC.ON.CA
• Importance: Normal
• Posted-Date: Mon, 29 Mar 1999 22:19:15 -0600 (CST)
• Reply-To: Steve Sheldon <sheldonVISI.COM>
• Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>

I see a lot of good comments.

I tend to agree that the VBA functionality is powerful and desirable to the
end users.  We have been showing our users how they can use Excel to connect
directly against our MTS based objects and extract data into spreadsheets,
etc.

 However, the VBA environment could be better implemented to protect users.

For instance, every Word macro virus I have encountered contains this line:

Options.Virusprotection = Disable

 This turns off the virus protection from then on out, so the next document
opened doesn't display the warning, which causes the Virus to spread without
people even being warned.

 I frankly don't see any reason why Word macro's should be able to change
program configuration options.  Actually I frankly don't see any reason why
user's should be given the option of turning this warning off.

Steve

• Follow-Ups:
  • Re: Features versus Security versus User Education
    • From: Vesselin Bontchev <bontchevCOMPLEX.IS>
  • Features versus Security versus User Education
    • From: Paul L Schmehl <paulsUTDALLAS.EDU>

• Prev by Date: Features versus Security versus User Education
• Next by Date: Re: Features versus Security versus User Education
• Prev by thread: Re: Features versus Security versus User Education
• Next by thread: Re: Features versus Security versus User Education
• Index(es):
  • Date
  • Thread