About protecting files from macro viruses

A macro virus is a type of computer virus that's stored in a macro within a file, template, or add-in. For the best protection against macro viruses, you should purchase and install specialized antivirus software.

For more information about using antivirus software with Microsoft Office XP, see the Microsoft Office Web site.

To further reduce the risk of macro infection in Office files, set the macro security level to High or Medium and use digital signatures.

Security levels for macros

The levels of security to reduce macro virus infection are as follow:

By default, the security level is set to High. If the security level is set to Medium or High, you can maintain a list of trusted macro sources. When you open a file or load an add-in that contains macros developed by any of these sources, the macros are automatically enabled.

Digital signatures

A digital signature on a macro is like a wax seal on an envelope — it confirms that the macro originated from the developer who signed it and that the macro has not been altered.

When you open a file or load an add-in that contains a digitally signed macro, the digital signature appears on your computer as a certificate. The certificate names the macro's source, plus additional information about the identity and integrity of that source. A digital signature does not necessarily guarantee the safety of a macro, so you must decide whether you trust a macro that has been digitally signed. For example, you might trust macros signed by someone you know or by a well-established company. If you are unsure about a file or add-in that contains digitally signed macros, carefully examine the certificate before enabling macros or, to be even safer, disable the macros. If you know you can always trust macros from a particular source, you can add that macro developer to the list of trusted sources when you open the file or load the add-in.

If you are a developer, you can digitally sign macros from within the Visual Basic Editor.

List of trusted sources

When you open a file that includes signed macros, you are prompted whether you want to trust all macros originating from that source. If you select this option, you add the certificate's owner to your list of trusted sources. Before you decide to do this, you should review the details of the digital certificate — for example, look at the Issued to and Issued by fields to determine whether you trust its source, and look at the Valid from field to determine if the certificate is current. The certificate may also include details such as the e-mail name or Web site of the person who obtained the certificate.

Once you add a person (or corporation) to your list of trusted sources, Office will enable macros signed by this trusted source without showing you a security warning. However, it is possible to remove entries from the list of trusted sources.

Warnings about installed templates and add-ins

When you open a template or load an add-in from the Startup folder, macros within the file may be automatically enabled. However, you can clear the Trust all installed add-ins and templates security option to receive a warning about these macros. The warning will vary according to the level of security you have chosen.