Microsoft Office Tutorials and References
In Depth Information
App catalogs, add-ins, ActiveX settings, and macro settings
nearly unlimited access to your computer. You should never allow ActiveX controls without
restriction—the minimum protection option should be Prompt Me Before Enabling All
Controls With Minimal Restrictions. The option that mentions Safe For Initialization (SFI)
controls refers to a sort of internal code-signing protocol set by the developer to verify its
safety. Choosing this option puts code through a few more levels of restriction. The best
solution if you want to stay safe yet you need to use certain ActiveX controls is to set up or
use a trusted location to store the ActiveX controls you know to be safe.
INSIDE OUT Of web beacons and homograph attacks
The word exploits , which used to conjure images of heroic figures and derring-do, has
come to describe the actions of malicious software. Phishing is a rather clever type of
lure used by hackers trolling for data to reel unsuspecting prey into their virtual creels.
Homographs use the extended international character set to create scam websites with
Uniform Resource Locators (URLs) that replace one or more English-alphabet letters
in the real domain names with similar ones from another language’s character set. You
see what you think is a trusted URL, but if you access the site, you might end up
sharing information with the phishermen instead of the trusted site. Where homographs
are designed to lure you in, web beacons might be what you “win” after you get there.
These are forms of spyware that infiltrate your system and then just sit there
transmitting data—beacons of information—to malicious data-mining operations. These are
just a few of the many clever methods being employed to rip you off. The Trust Center
addresses some grim realities of this insecure world, but, of course, it shouldn’t be your
only line of defense. Unfortunately, every Internet-connected computer needs to have
an automatically updating antiviral/firewall application installed to fend off current and
You can read more about all this in the Help system. The easiest way to get to the
relevant topics is to open the Trust Center dialog box and then click the Help button (the
little question mark icon in the upper-right corner) to display a Help topic about the
currently active category.
Unlike ActiveX controls, macros are application-specific, but they can be destructive when
they emanate from a malicious coder. The Trust Center Macro Settings category reveals
options that are similar to those of ActiveX controls, as are the recommendations. The Trust
Access To The VBA Project Object Model option is for developers only, but it might be
desirable in a development environment where a shared Visual Basic for Applications
project object model is known to be secure and isolated.