Last week I told you how to disable Norton Antivirus's Office document scanner and a couple of people thought it was unwise and highly dangerous to disable the Office plugin.
So how dangerous or unsafe is it to disable your antivirus's document scanning features? Like everything else, it depends on the person and the network and common sense prevails. Because antivirus scanners are only as good as their most recent definition update, it's riskier to have two year old definitions than it is to disable document scanning.
For many people, there is no increase in the risk because they are careful about the documents they open and how they get them. For those who lack this level of self-control, autoprotect, macro security, and Outlook's attachment security reduce the risk to almost nothing.
Infected Office documents are rare these days. If you use a newer version of Word, macro viruses can't run unless you lower the macro security level. (Never set it on low, use medium or sign your macros using selfcert.) Disabling the Office plugin is very low risk unless you use a lot of documents that are stored on removable media and set your macro security to low. If either is true, you should scan the documents before opening.
If the virus can't get in, users won't run it.
If they can't access it, they won't run it.
Corporate mail users should never see infected attachments because infected messages and executables are removed from the message stream before they reach the users mailbox. A network drive should never have an infected document. If there isn't a network virus scanner, a gateway email scanner, and group policy controlling the users' ability to disable antivirus or bring files into the network, they need to install a scanner then review their IT department and policies. (Even on the tightest network, a desktop virus scanner is needed as backup, especially if the users have Internet access, but they shouldn't need email or document scanning enabled.)
If you open an attachment directly from an email, it's written to the drive and as long as you have autoprotect enabled (always recommended), it will be scanned. Email scanning (at the desktop) causes a lot of problems connecting to the mail servers and adds no additional level of safety – just an earlier warning.
If you use a version of Outlook (or Outlook Express) that blocks potentially dangerous attachments, resist the urge to disable the security feature. This will help protect you against new viruses not yet identified by your virus scanner. (If you disable the attachment blocking features in Outlook, the document scanner is the least of your
worries.)
If you use documents on floppy disks, USB keys, CDs or other removable media, the file is only scanned by autoprotect if you copy it to the hard drive or initiate a manual scan. If the file came from someone else, it should always be scanned before opening. (Network files will be scanned by the network scanner.)
Remember, your antivirus only protects you against viruses it knows about. This means you are susceptible to viruses discovered after your last update. Keep your viruses definitions up-to-date and don't open attachments you aren't expecting or didn't request and your risk of infection is zero.
Published April 19, 2005. Last updated on June 17, 2011.