Why not sandbox it?
Posted Jun 14, 2007 5:51 UTC (Thu) by eru
Parent article: BadBunny? Only if you invite it in
I don't buy this idea that an office suite must have a fully virus-capable
macro language to be competitive. It would not limit much the useful
capabilities of the language if it operated by default in a sandbox, where
it cannot access anything outside the document currently being worked on
without asking the user for permission with a dialog box that makes clear the
request comes from a potentially dangerous macro. Some capabilities should
be forbidden totally, like starting programs, or creating or modifying
By the way, a MS Office-style "security setting" of asking the user
permission before running macroes in a document is totally useless. In
corporations, many documents are based on templates with macroes, so you would
get the silly question every time unless you turn the check off. Far better
to ask permission for a possibly dangerous access, not merely starting a macro.
to post comments)