Microsoft Office Online
Sign in to My Office Online (What's this?) | Sign in

 
 
Products
Search
Search
 
Icon: Content partners: (c) Microsoft
Highlights
Icon: Business: (c) Microsoft
Buy Online
Updates: (c) Microsoft
Office downloads
 
 
 
Product Information for
Desktop Programs
Servers
Services & Solutions
Related Products and Technologies
Support and Feedback
Additional Resources
Warning: You are viewing this page with an unsupported Web browser. This Web site works best with Microsoft Internet Explorer 6.0 or later, Firefox 1.5, or Netscape Navigator 8.0 or later. Learn more about supported browsers.
Printer-Friendly VersionPrinter-Friendly Version Bookmark and ShareShare
Use Office security features to increase macro safety
 
Power User Corner

By Colin Wilcox,
Siew Moi Khor,
& Andy Lambourne Moss
 

Have you ever run a macro by mistake? Even worse, have you ever picked up a macro virus? Learn how to increase your level of security to avoid running macros by mistake and to decrease the risk of contracting macro viruses. This is part one of a three-part series, and it introduces digital certificates and the Office security features.

Applies to
Microsoft Office XP

See all Power User columns
See all columns

First, we need to say a fond goodbye to Paul Cornell, the original Power User Corner columnist. Paul recently took a position in another division of the company. While it's a great step up for him, we'll miss his energy, ideas, and technical chops. Thanks, Paul, and best of luck!

Now down to business. Macros can make your life a lot easier, especially when you need to automate routine tasks. But have you ever run a macro by mistake? For example, say one of your coworkers creates a macro that changes the formatting for several elements in a document. If you run that macro against the wrong type of document, you can spend a lot of time undoing your changes. Ouch! (As an aside, that's just one of the many good reasons to back up your data frequently.)

Even worse, have you ever had to cope with a macro virus? I've had to deal with them, and it typically takes a lot of time and effort (and thus money) to eradicate the virus and restore the computer to a clean state. If you use macros, one of the smartest things you can do is use the Microsoft Office security features to increase macro security. You use a combination of tools to help protect your files and hardware:

  • Digital certificates
  • Security settings in Office
  • Your computer's list of trusted publishers

The tools that we'll explore in this set of articles are just one line of defense. You should also run antivirus software and use some care when deciding which macros to trust and run.

To follow this article, you need your Office XP installation CD. You'll install and use a tool called SelfCert.exe to create a digital certificate. You'll then use the certificate to digitally sign a macro, and use the signed macro to learn how security settings work with a list of trusted publishers.

Create a test macro

To follow the steps in this article, you need a macro that has not been digitally signed. If you don't have an unsigned macro handy, follow these steps to create a small macro. Otherwise, skip to the next section. For more information about creating a macro, see Using Macros to Speed Up Your Work.

  1. Start Microsoft Word and open a new, blank file.
  2. On the Tools menu, point to Macro, and then click Visual Basic Editor.
  3. In the Project window, double-click ThisDocument.
  4. Copy and paste this code into the code window: 
    sub test()
   MsgBox "This is only a test."
end sub

  5. Save the document to your default working folder. To find your default folder, on the Tools menu, click Options, and then click the File Locations tab. The Documents entry in the list shows you the location of your default folder.
  6. Close the file.

The next sections explain how to sign a macro and use the various combinations of digital signatures, security levels, and trusted publishers.

Understand and use digital signatures and certificates

A digital signature is an encrypted, electronic authentication stamp. Signatures confirm that a given macro originated with the signer and that no one has altered it since it was signed. You can obtain digital certificates from commercial Certification Authorities (CAs), such as VeriSign, Inc. CAs do background checks to verify that the writers or producers of macros and other documents (known as publishers) are reputable. Publishers can use a single certificate many times to create many digital signatures. If you work with an information technology (IT) department, they may also sign macros for internal use.

For this exercise, you'll use an Office utility called SelfCert.exe to create a test certificate. You'll then sign a macro and add the certificate to your list of trusted sources.

Note  You can't use certificates created with SelfCert to publish macros commercially. If you want to distribute your code publicly, you must obtain certificates from a CA whose root certificate is trusted on a user's computer. Test certificates will not validate correctly on the user's machine. You can obtain valid certificates from VeriSign, GTE, or other certification authorities.

To install SelfCert.exe
  1. Start your Office XP setup CD or other installation media. In the Microsoft Office XP Setup dialog box, click the Add or Remove Features option, and then click Next.

    Note  If you work in an environment in which Office is installed on individual computers by IT administrators, rather than by CD, follow these steps:

    1. Click the Start button in Microsoft Windows®, and then click Control Panel.
    2. Double-click Add or Remove Programs.
    3. Select Microsoft Office XP Professional with FrontPage, and then click Change. The setup wizard starts.
    4. Select Add or remove features, and then click Next.
    5. Follow the remaining steps below.
  2. Expand the Office Shared Features node by clicking the plus sign (+) next to it.
  3. Click Digital Signature for VBA Projects.
  4. Click Run from My Computer.
  5. Click Update.
  6. Click OK to complete the installation.
To create a test certificate
  1. Navigate to the directory that contains your Office XP program files. The default folder is Drive:\Program Files\Microsoft Office\Office 10.
  2. Locate and double-click SelfCert.exe. The Create Digital Certificate dialog box appears.
  3. In the Your name box, type a name for the new test certificate.
  4. Click OK twice.
To sign the macro
  1. Open the Word document containing the macro that you want to sign.
  2. On the Tools menu, point to Macro, and then click Visual Basic Editor.
  3. In the Project Explorer window, select the macro that you want to sign.
  4. On the Tools menu, click Digital Signature. The Digital Signature dialog box appears.
  5. Click Choose to select your test certificate.
  6. Click OK twice.
To set the security level for Office

Note  These steps disable all unsigned macros, add-ins, and templates.

  1. If you haven't already, start Word.
  2. On the Tools menu, point to Macro, and then click Security.
  3. On the Security Level tab, click High.
  4. Click the Trusted Sources tab, and then clear the Trust all installed add-ins and templates check box.

With these settings, Word only runs signed macros after you agree to trust the publisher. However, once you trust the publisher, Word automatically runs any other macros signed with that certificate. Many IT departments use this as the default setting for their Office applications. The steps in the next section demonstrate this process.

To test the signed macro
  1. Open the document that contains the signed macro.

    Note  If you followed the previous steps, your computer has no trusted sources—you have to agree to trust them before the Office applications add them to your Trusted Sources list. When you first attempt to open any file that contains a macro or a digital signature, the Security Warning dialog box appears.

  2. To add the publisher to your list of trusted sources, select the Always trust macros from this source check box.
  3. Click Enable Macros.
  4. Open the Security dialog box, and then click the Trusted Sources tab. The certificate you created appears in the list.

Using the other security settings

So far, this article has used Word to demonstrate macro security. However, in Office XP you use the same tools to implement macro security in Microsoft Excel and Microsoft PowerPoint®. The following table lists the actions that each application will take as you vary the settings in the Security dialog box.

Security level Trust all installed add-ins and templates check box Digitally signed From trusted sources Action performed by Word, Excel, and PowerPoint
High Cleared Yes Yes Run the macro silently.


Yes No Open the Security Warning dialog box so that you can choose to enable or disable the macro.


No n/a Disable all macros without warning.
Medium Cleared Yes Yes Run the macro silently.


Yes No Open the Security Warning dialog box so that you can enable or disable the macro.


No n/a Open the Security Warning dialog box so that you can enable or disable the macro.
Low Cleared Yes or No Yes or No Run the macro silently.
High, Medium, or Low Selected Yes or No Yes or No Run all macros silently. Macros will run silently if they're in the User Templates folder, Workgroup Templates folder, or the Startup folder.

Other Microsoft Visual Basic® for Applications (VBA) macros will be picked up according to the security settings above.

What's next?

The next column in this three-part series explains the various macro security settings, as well as the warning messages and dialog boxes that Word displays as you use them.

More information

About the authors

Colin Wilcox and Siew Moi Khor write for the Office Help team. Andy Lambourne Moss writes for the Office Training team.

See all Power User columns
See all columns

See Also
advertisement
Printer-Friendly VersionPrinter-Friendly Version