Excel Macros - Security



The macros that you create in Excel would be written in the programming language VBA (Visual Basic for Applications). You will learn about the Excel macro code in later chapters. As you are aware, when there is an executable code, there is a threat of viruses. Macros are also susceptible to viruses.

What are Macro Viruses?

Excel VBA in which the Macros are written has access to most Windows system calls and executes automatically when workbooks are opened. Hence, there is a potential threat of the existence of a virus written as a macro and is hidden within Excel that are executed on opening a workbook. Therefore, Excel macros can be very dangerous to your computer in many ways. However, Microsoft has taken appropriate measures to shield the workbooks from macro viruses.

Microsoft has introduced macro security so that you can identify which macros you can trust and which you cannot.

Macro Enabled Excel Workbooks

The most important Excel macro security feature is - file extensions.

Excel workbooks will be saved with .xlsx file extension by default. You can always trust workbooks with .xlsx file extension, as they are incapable of storing a macro and will not carry any threat.

Excel workbooks with macros are saved with .xlsm file extension. They are termed as Macro Enabled Excel Workbooks. Before you open such workbooks, you should make sure that the macros they contain are not malicious. For this, you must ensure that you can trust the origin of this type of workbooks.

Ways of Trusting Macro Enabled Workbook

Excel provides three ways to trust a macro enabled workbook.

  • Placing the macro enabled workbooks in a trusted folder

  • Checking if a macro is digitally signed

  • Enabling security alert messages before opening macro enabled workbooks

Placing the macro enabled workbooks in a trusted folder

This is the easiest and best way to manage macro security. Excel allows you to designate a folder as a trusted location. Place all your macro-enabled workbooks in that trusted folder. You can open macro-enabled workbooks that are saved to this location without warnings or restrictions.

Checking if a macro is digitally signed

Digital signatures confirm the identity of the author. You can configure Excel to run digitally signed macros from trusted persons without warnings or restrictions. Excel will also warn the recipient if it has been changed since the author signed it.

Enabling security alert messages before opening macro enabled workbooks

When you open a workbook, Excel warns you that the workbook contains macros and asks whether you wish to enable them. You can click the Enable Content button if the source of the workbook is reliable.

Security

You can set any of these three options in the Trust Center in the Excel Options.

If you work in an organization, the system administrator might have changed the default settings to prevent anyone from changing the settings. Microsoft advises that you do not change security settings in the Trust Center as the consequences can be loss of data, data theft or security compromises on your computer or network.

However, you can learn the macro security settings in the following sections and check if they are to be changed. You have to use your own instinct to decide on any of these options based on the context and your knowledge of the file origin.

Macro Security Settings in Trust Center

The macro settings are located in the Trust Center in the Excel Options. To access the Trust Center, do the following −

  • Click the FILE tab on the Ribbon.

  • Click Options. The Excel Options dialog box appears.

  • Click Trust Center in the left pane.

  • Click the Trust Center Settings button under Microsoft Excel Trust Center.

Macro Settings

The Trust Center dialog box appears.

Trust Center

You will see various options available in the Excel Trust Center in the left pane. You will learn about the options related to Excel macros in the following sections.

Macro Settings

Macro settings are located in the Trust Center.

Macro Settings

Under Macro Settings, four options are available.

  • Disable all macros without notification − If this option is chosen, Macros and security alerts about macros are disabled.

  • Disable all macros with notification − Macros are disabled, but security alerts appear if there are macros present. You can enable macros on a case-by-case basis.

  • Disable all macros except digitally signed macros − Macros are disabled but security alerts appear if there are macros present. However, if the macro is digitally signed by a trusted publisher, the macro runs if you trust the publisher. If you have do not trust the publisher, you will be notified to enable the signed macro and trust the publisher.

  • Enable all macros (not recommended, susceptible to macro viruses) − If this option is chosen, all macros run. This setting makes your computer vulnerable to potentially malicious code.

You have an additional security option under Developer Macro Settings with a Check box.

  • Trust access to the VBA project object model.

    • This option allows programmatic access to the Visual Basic for Applications (VBA) object model from an automation client.

    • This security option is for code written to automate an Office program and manipulate the VBA environment and object model.

    • It is a per-user and per-application setting, and denies access by default, hindering unauthorized programs from building harmful self-replicating code.

    • For automation clients to access the VBA object model, the user running the code must grant access. To turn on access, select the check box.

Defining a Trusted Location

If you think that a macro-enabled workbook is from a reliable source, it is better to move the file to the trusted location identified by Excel, instead of changing the default Trust Center settings to a less-safe macro security setting.

You can find the trusted folder settings in the Trust Center.

Click the Trusted Locations in the Trust Center dialog box. The Trusted Locations set by Microsoft Office appear on the right side.

Trusted Location

You can add new locations, remove the existing locations and modify the existing locations. The identified trusted locations will be treated by Microsoft office as reliable for opening files. However, if you add or modify a location, ensure that the location is secure.

You can also find the options that office does not recommend, such as locations on internet.

Digitally Signed Macros from Reliable Sources

Microsoft provides an option to accommodate digitally signed macros. However, even if a macro is digitally signed, you need to ensure that it is from a trusted publisher.

You will find the trusted publishers in in the Trust Center.

  • Click Trusted Publishers in the Trust Center dialog box. A list of certificates appear on the right side with the details – Issued To, Issued By and Expiration Date.

  • Select a certificate and click View.

Trusted Publishers

The certificate information is displayed.

As you have learnt earlier in this chapter, you can set an option to run a macro that is digitally signed only if you trust the publisher. If you do not trust the publisher, you will be notified to enable the signed macro and trust the publisher.

Using Warning Messages

The Message Bar displays security alert when there are macros in the file that you are opening. The yellow Message Bar with a shield icon alerts you that the macros are disabled.

Warning Messages

If you know that the macro or macros are from a reliable source, you can click n the Enable Content button on the Message Bar, to enable the macros.

You can disable the Message Bar option if you do not want security alerts. On the other hand, you can enable the Message Bar option to increase security.

Enabling / Disabling Security Alerts on the Message Bar

You can enable / disable security alerts with Message Bars as follows −

  • Click the FILE tab on the Ribbon.
  • Click Options. The Excel Options dialog box appears.
  • Click Trust Center.
  • Click the Trust Center Settings button.
  • Click Message Bar.

The Message Bar Settings for all Office Applications appear.

Message Bar

There are two options under - Showing the Message Bar.

Option 1 − Show the Message Bar in all applications when active content such as macros is blocked.

  • This is the default option. The Message Bar appears when potentially unsafe content has been disabled.

  • If you had selected - Disable all macros without notification in the Macro Settings of the Trust Center, this option is not selected and the Message Bar does not appear.

Showing Message

Option 2 − Never show information about blocked content.

If this option if selected, it disables the Message Bar and no alerts appear about security issues, regardless of any security settings in the Trust Center.

Blocked
Advertisements