In Excel, you can set a macro security level to control what happens when you open a workbook that contains a macro. For example, you can choose to run macros based on whether they are digitally signed by a developer on your list of trusted sources.
Security levels and what they mean
The following information summarizes how macro virus protection works under each setting on the Security Level tab in the Security dialog box (Tools menu, Macro submenu) under different conditions. Under all settings, if antivirus software that works with Microsoft Office 2003 is installed and the file contains macros, the file is scanned for known viruses before it is opened.
Note In Microsoft Office 2003 or later, a component checks all XML files that have references to XSL files for script that could be unsafe. If macro security is set to High, running this script is disabled. If macro security is set to Medium, the user is asked whether or not to run script in XSL files. If macro security is set to Low, the script is run.
Only macros installed in trusted locations will be allowed to run. All other signed and unsigned macros are disabled. You can disable all macros entirely by setting your security level to Very High and disabling macros installed in trusted locations. To disable macros installed in trusted locations, click Tools, then select Macro and Security, and then click on the Trusted Publisher tab and “uncheck” the Trust all installed add-ins and templates option.
Note This also disables all Com Add-ins and Smart Tag .DLLs as well as macros.
When security it set to low, all macros are treated equally regardless of origin or certificate status. With low security, you receive no prompt or signature validation and macros are automatically enabled. Use this setting only if you are certain that all macros in your files are from trusted sources.
About digital signatures
Office 2003 uses Microsoft Authenticode technology to enable macro creators to digitally sign (digital signature: An electronic, encryption-based, secure stamp of authentication on a macro or document. This signature confirms that the macro or document originated from the signer and has not been altered.) a file or a macro project (macro project: A collection of components, including forms, code, and class modules, that make up a macro. Macro projects created in Microsoft Visual Basic for Applications can be included in add-ins and in most Microsoft Office programs.). The certificate used to create this signature confirms that the macro or document originated from the signer, and the signature confirms that it has not been altered.
After you have installed your digital certificate (digital certificate: Attachment for a file, macro project, or e-mail message that vouches for authenticity, provides secure encryption, or supplies a verifiable signature. To digitally sign macro projects, you must install a digital certificate.), you can sign files and macro projects.
You should sign macros only after your solution has been tested and is ready for distribution, because whenever code in a signed macro project is modified in any way, its digital signature is removed. However, if you have the proper digital certificate on your computer, the macro project will automatically be re-signed when saved. If you want to prevent users of your solution from accidentally modifying your macro project and invalidating your signature, lock the macro project before signing it. Your digital signature says only that you guarantee that this project is safe. It does not prove that you wrote the project. So locking your macro project doesn't prevent another user from replacing the digital signature with another signature. Corporate administrators might re-sign templates and add-ins so that they can control exactly what users may run on their computers.
If you create an add-in that adds code to a macro project, your code should determine if the project is digitally signed and notify the user of the consequences of modifying a signed project before continuing.
Where to get certificates
You can obtain a digital certificate from a commercial certification authority, such as VeriSign, Inc., or from your internal security administrator or IT professional. Or, you can create a digital signature yourself using the Selfcert.exe tool.
Note Because a digital certificate you create yourself isn't issued by a formal certification authority, macro projects signed by using such a certificate are referred to as self-signed projects. Depending on how Office digital-signature features are being used in your organization, you might be prevented from using such a certificate, and other users might not be able to run self-signed macros for security reasons.
Commercial certification authorities
To obtain a digital certificate from a commercial certification authority, such as VeriSign, Inc., you or your organization must submit an application to that authority.
Depending on your status as a developer, you should apply for a Class 2 or Class 3 digital certificate for software publishers:
- A Class 2 digital certificate is designed for people who publish software as individuals. This class of digital certificate provides assurance as to the identity of the individual publisher.
- A Class 3 digital certificate is designed for companies and other organizations that publish software. This class of digital certificate provides greater assurance as to the identity of the publishing organization. Class 3 digital certificates are designed to represent the level of assurance provided today by retail channels for software. An applicant for a Class 3 digital certificate must also meet a minimum financial stability level based on ratings from Dun & Bradstreet Financial Services.
When you receive your digital certificate, you are given instructions on how to install it on the computer you use to sign your Office solutions.
Internal certification authorities
Some organizations and corporations might have a security administrator or group act as their own certification authority and produce or distribute digital certificates by using tools such as Microsoft Certificate Server. Microsoft Certificate Server can function as a stand-alone certification authority or as part of an existing certification authority hierarchy. Depending on how Office digital-signature features are used in your organization, you might be able to sign macro projects by using a digital certificate from your organization's internal certification authority. Or you might need to have an administrator sign macro projects for you by using an approved certificate. For information about your organization's policy, contact your network administrator or IT department.