Visio Guy

Macro security is an important topic for anyone who deals with automated Microsoft Office solutions. Since Visio and other Office documents can contain Visual Basic code that can perform potentially harmful operations, you need to understand a little bit about how to secure your system.

This article will inform you about the various security settings available forVisio 2003 and Visio 2007, so that you can more confidently enjoy the downloads and code samples that you'll find on Visio guy.

Macro and VBA Preamble

For several versions now, Visio has shipped with Visual Basic for Applications (VBA), which offers a quick (and sometimes dirty) way of creating small automated solutions. It also offers an extremely convenient way of experimenting with Visio's automation capabilities.

VBA also provides a wonderful vehicle for delivering sample-code and automated examples, that help you to learn the stuff of Visio development. In one Visio document, you can have custom master shapes, pre-built template graphics, and VBA "code-behind" that very effectively demonstrate the important parts of an automated Visio solution!

But often times, automated solutions require initialization code. Events such as OnDocumentCreated, OnDocumentOpened, and RunModeEntered allow code to execute when a Visio document is opened. This is where the danger presents itself. Any number of operations can take place just by opening a document! In security parlance, this VBA code-in-a-document is called macros. And protecting yourself from this code is, of course, called macro security.

Macro Security

Of course, it would be all too simple to advise you as follows: Always trust software from Visio Guy! But that would be naiive and irresponsible of me (and of you!), now wouldn't it?

I could also list every line of VBA code in every single download. Then you could meticulously examine and approve each line, then copy it into your own VBA projects. Tedious at best, and rather impractical. It would also negate the convenience of all the nifty, pre-built downloads that you've come to know and love from Visio Guy.

Therefore, the Wizards at Microsoft have come up with a solution. And they've allowed you some flexibility in how you defend yourself. Using Visio's macro security settings, you can choose what level of macro security you want. Based on the settings you choose, Visio will do one of the following when you open a macro-containing document:

• Ignore macros and disable them
• Inform you that macros are present
• Allow you to enable or disable macros on a per-document basis
• Allow all macros to run

Since there have been some changes to macro security in the newest version of Visio, we'll look at the options for both Visio 2003 and Visio 2007.

Visio 2003 Macro Security

To configure your security in Visio 2003, look under the menus: Tools > Macros > Security. You'll see this dialog box:

These settings will have the following effects on the opening of a Visio document that contains VBA code:

Very High - The macros will not run, and you won't be notified unless they are installed in trusted locations.

High - You will get a warning that macros are disabled, unless they are properly signed and certified.

Medium - you get a warning that there are macros in the document, and you can choose to enable or disable them:

Low - All VBA code will run without any warning. If you are getting documents from various sources, this is rather risky.

Medium is the setting that I use. Most of the Visio documents that I use are created by me, or by other Visio freaks whom I know and love. If I get a document from a stranger (or a rookie), I can quickly and conveniently choose disable macros, then personally examine the VBA code before allowing it to run. Disabling the macros doesn't make the VBA project inaccessible. It just stops it from running. So with a quick flick of the wrist, Alt + F11 will bring up the VBA editor, and I can search for something like: "Format C:\" or something equally malicious.

One final note: in Visio 2003, you have to close-down and restart Visio each time you change the level of your macro-security setting.

Visio 2007 Macro Security...er...Trust Center

In Visio 2007, there were slight changes made in the area macros security, along with the inevitable Microsoft name changes. In the new version, you'll find your macro-security settings a bit more accessible. They now live right under: Tools > Trust Center.

These settings will have the following effects on the opening of a Visio document that contains VBA code:

Disable all macros without notification - This setting disables all macros that are not in a trusted location (more on trusted locations later) It's not clear to me if digitally signed macros are still ok with this setting, though.

Disable all macros with notification - If you open a non-trusted, macro-containing Visio document, you'll be presented with this sneaky bar that appears at the top of the Visio drawing window:

All hope is not lost at this point. If you know where the code came from, and want to allow the macros to run, just click the Options... button. You'll then see this dialog:

A quick click of the Enable this content radio button will allow you to proceed. This is analogous to the Medium setting in Visio 2003, but it's a lot more work -- well, three more clicks for every document, anyway.

Disable all macros except digitally signed macros - This one is pretty self-explanatory. No sign, no go.

Enable all macros (not recommended; potentially dangerous code can run) - Also pretty clear. Everything goes! Open Visio document, run macro, Format C:\!!!

You'll also see the setting for Trust access to the VBA project object model right here on this screen. This is nice and convenient. In Visio 2003, this check box was buried under Tools > Macros > Security > Trusted Publishers Tab.

Also, another improvement is that in Visio 2007, you don't have to restart Visio for the security settings to take effect.

Let's Play: Complain About the Changes in the New Version!

As I mentioned before, the second option; Disable all macros with notification is about the same as the Medium security in Visio 2003, except that you have to click a button, view another dialog, click a radio button, and then (finally) click OK. If you have as many Visio files with VBA code as I do, then you will immediately file this change under HUGE PAIN IN THE ASS.

"But, Mr. Visio guy, you can easily get around this, by digitally signing your VBA projects, right?" Well yes, but this might pose a hindrance because:

1. You have to actually have a Digital Signature certificate for signing a document's code project
2. You have to actually bother to sign the document
3. If you change the code in the project, you have to re-sign the document

I think there are cost-free methods for creating and obtaining your own personal Digital Signature, so that code that you created can be run by you. I haven't researched this yet. If you plan on deploying your documents to a wide audience, then you'll need to get a certificate and properly sign your stuff. I have no qualms with this, but I believe that is not cheap to obtain one.

I'll go so far as to say that Visio Guy should probably grow up digitally sign the downloads it offers, but, well, we aren't generating a lot of cash with free downloads, and we're, like, travelling around the world right now, and well, um, er, you know...

Fortunately, there's another option. Back in our friendly Trust Center, you can set up trusted locations on your machine. If you highlight the Trusted Locations tab, you'll be able to add local folders to a list of trusted locations. These files will behave as though they've been digitally signed, and not pester you with macro warnings:

Note also the handy-dandy subfolders check box in the path-entry dialog box. This allows you to set up an entire Good Guy Macro-document Location on your machine, where all macros are benign and benevolent.

Summary

Visio 2007 seems to offer more features regarding macro security than Visio 2003. I'm sure that Microsoft were faced with loads of security issues that I haven't considered or would necessarily even fully understand. It seems that the new method is more flexible, and is surely more secure.

However, I personally like the Visio 2003 flow better, because it allows lazy hackers like me to be safer. I didn't find it difficult to click Enable or Disable every time a macro'd document was open, because MS put the dialog right in my face, when I chose the Medium setting.

With Visio 2007, it seems likely that a developer would set, say, the Desktop and all sub-folders as a trusted location, and then haphazardly drop a document from an e-mail to that location and open it. In this case, they won't get any warning about the macros, and they could possibly get bitten. It would be nice to still have the ask me every time option.

With the new setup, users need to be disciplined enough not to defeat the system too widely -- with trusted locations that are too general. They also have be disciplined enough to place unknown documents in non-trusted locations. I imagine that opening a document from an e-mail is the same as opening from an untrusted location, but I haven't researched this yet.

I do like the fact that with good habits, Visio 2007 will allow you to do less. You can easily get rid of macro-warnings for all of your trusted files.

More on Macro Security

Enable or disable macros in Office documents Covers all the options involved in Trust Center, and highlights the differences in macro security between the various Office 2007 applications.

Todo...

Some items that might make this article more complete:

• Discuss the other tabs under Trust Center: Trusted Publishers, Add-ins, Active-X Settings, Macro Settings, Message Bar, Privatcy Options. What they are, where they were buried in older versions, if they existed at all, etc.
• More about Digital Signatures and how to obtain a certificate. Obvious places to start: VeriSign.
• More links to "Office Security", links to information about Microsoft Office solution-distribution and deployment.