Pointless Access security warnings

[Guest]

Please, please, PLEASE get rid of the ridiculous "security" warnings. All
they really do is annoy the users by presenting frightening messages that the
application MAY contain. Users immediately panic. And after that they quickly
learn to ignore the messages altogether, producing the "yeah yeah" response
and taking the one or two clicks required to make the annoyance go away.

We have tried suggesting to our clients that we could use digital
signatures, but their response was, "But then we'd have to turn on
certification."

The bottom line is that the messages do not increase user awareness of
security issues. If anything, they desensitize users to said issues. The real
effect is that we have to spend more time on the phone with users explaining
that yes, they should run the latest Windows and Office updates and yes, the
application really does come from us, and no, those are not actual warnings
that the code "is" harmful, and yes, they should just ignore the message. Is
this really what we want to accomplish?



----------------
This post is a suggestion for Microsoft, and Microsoft responds to the
suggestions with the most votes. To vote for this suggestion, click the "I
Agree" button in the message pane. If you do not see the button, follow this
link to open the suggestion in the Microsoft Web-based Newsreader and then
click "I Agree" in the message pane.

http://www.microsoft.com/office/com...3e174a978&dg=microsoft.public.access.security

 

[david epsom dot com dot au]

Apparently, Access and Jet have been shifted around so that
the SQL Server folks have less responsibility, and the Office
folks more responsibility.

This is expected to mean that in the next version Access
will be more usable, and there will be less emphasis
on encouraging people to use SQL Server instead.

(david)

 

[Guest]

First, thanks very much for taking time to respond. Do you mean that the
stupid security warnings are a function of SQL Server?

r

 

[Rick Brandt]

First, thanks very much for taking time to respond. Do you mean that the
stupid security warnings are a function of SQL Server?

No. Just set...

Tools - Macros - Security

....to Low and the prompts will be gone.

 

[Guest]

Yes, we know about changing the Access macro security settings.
Unfortunately, our clients are major hospitals who don't take well to
suggestions that they should lower their security.

More profoundly, however, the warnings are only desensitizing users. In
essence, they're turning into a kind of electronic elevator music. First it's
just annoying, then it's really, really annoying, and finally you just stop
listening. Again, is this really helpful?

r

 

[Guest]

No. Just set...

Tools - Macros - Security

....to Low and the prompts will be gone.

--
I don't check the Email account attached
to this message. Send instead to...
RBrandt at Hunter dot com


Interesting. I jsut started using 2003 from 2002 and those prompts when opeing files are very annoying. However, there is no security option under Macros in my menu. Any thoughts on that one?

 

[david epsom dot com dot au]

Historically these features - Sandbox, restricted
expressions etc - followed from a very public SQL
Server security failure

Following that public relations disaster, the SQL Server
folks realised that the Jet database engine was a security
risk to SQL Server.

The first changes where some simple changes to file
export in Jet, which prevented SQL Server from using
Jet to overwrite system files.

This then flowed on to restrictions on the distribution
and installation of Jet, wider file export restrictions,
and changes to the default installation of SQL Server.

At the same time, Jet development was stopped so as
not to compete with SQL Server.

Lacking a clear champion, when security restrictions
were added to Outlook, IE, and Windows (to protect
those products), additional restrictions where placed
on Jet files.

Note that I haven't said "security restrictions were
applied to Jet to make it more attractive to customers".

Quite the reverse.

Now that the next Jet developments and distribution
will be the responsibility of the Office team, rather
than the Windows or the SQL Server people, we expect
to see slightly less conflict of interest.

Not entirely gone of course: MS still has competing
products, and their are different visions about the
future of computing.

(david)

 

[Rick Brandt]

On some installations the menu option is not there by default. Right-click on
the menu and go into customize. Find the one for macros and choose "Reset".
Then it should show up.

<rant>
I understand why MS did this and I can even go along with it being set to medium
by default. What totally dumbfounds me is the appearance and content of those
prompt dialogs that come up. Could they BE any more obtuse, ugly, and
ill-conceived? You have to read the first larger one several times through just
to determine what the hell it is talking about. And why are there two of them?

If they had simply displayed the same kind of messages that you see in most web
browsers..."Access files can contain malicious, harmful code. If you do not
trust the origin of this file you should not open it. ... Open anyway?" it would
be SO much easier to live with.

And could they not make this only happen on files brought in from outside the
local system? SP2 for WinXP can block files and give warnings on an individual
basis, only does so when the file is downloaded or received from Email, and the
"Block" can be removed from any individual file never to bother you again.
Could something like this not have been done with the A2K3 macro security?
</rant>

 

[Guest]

Thanks very much for your response. I love the rant. Nice to know I'm not the
only one out there who objects to the pointless warnings.

r

 

[Guest]

Thanks very much for the history lesson. It helps to konw what led to this
incomparably stupid decision. Let's hope it gets removed in future versions
of Access, yeah?

r