About macro security

In Excel, you can set a macro security level to control what happens when you open a workbook that contains a macro. For example, you can choose to run macros based on whether they are digitally signed by a developer on your list of trusted sources.

Security levels and what they mean

The following information summarizes how macro virus protection works under each setting on the Security Level tab in the Security dialog box (Tools menu, Macro submenu) under different conditions. Under all settings, if antivirus software that works with Microsoft Office 2003 is installed and the file contains macros, the file is scanned for known viruses before it is opened.

 Note   In Microsoft Office 2003 or later, a component checks all XML files that have references to XSL files for script that could be unsafe. If macro security is set to High, running this script is disabled. If macro security is set to Medium, the user is asked whether or not to run script in XSL files. If macro security is set to Low, the script is run.

ShowVery High

Only macros installed in trusted locations will be allowed to run. All other signed and unsigned macros are disabled. You can disable all macros entirely by setting your security level to Very High and disabling macros installed in trusted locations. To disable macros installed in trusted locations, click Tools, then select Macro and Security, and then click on the Trusted Publisher tab and “uncheck” the Trust all installed add-ins and templates option.

 Note   This also disables all Com Add-ins and Smart Tag .DLLs as well as macros.

ShowHigh

Unsigned macros

Macros are automatically disabled, and the file is opened.

Signed macros

The source of the macro and the status of the signature determine how signed macros are handled.

ShowA trusted source. Signature is valid.

Macros are automatically enabled, and the file is opened.

ShowAn unknown author. Signature is valid.

A dialog box is displayed with information about the certificate (digital certificate: Attachment for a file, macro project, or e-mail message that vouches for authenticity, provides secure encryption, or supplies a verifiable signature. To digitally sign macro projects, you must install a digital certificate.). Macros can be enabled only if the user chooses to trust the author and certification authority. A network administrator can lock the list of trusted sources and prevent the user from adding the developer to the list and enabling the macros.

ShowAny author. Signature is invalid, possibly because of a virus.

User is warned of a possible virus. Macros are automatically disabled.

ShowAny author. Signature validation is not possible because public key is missing or incompatible encryption methods were used.

User is warned that signature validation is not possible. Macros are automatically disabled.

ShowAny author. The signature was made after the certificate had expired or had been revoked.

User is warned that the signature has expired or been revoked. Macros are automatically disabled.

ShowMedium

Unsigned macros

User is prompted to enable or disable macros.

Signed macros

The source of the macro and the status of the signature determine how signed macros are handled.

ShowA trusted source. Signature is valid.

Macros are automatically enabled, and the file is opened.

ShowAn unknown author. Signature is valid.

A dialog box is displayed with information about the certificate. The user is prompted to enable or disable macros. The user can choose to trust the developer and certification authority.

ShowAny author. Signature is invalid, possibly because of a virus.

User is warned of a possible virus. Macros are automatically disabled.

ShowAny author. Signature validation is not possible because public key is missing or incompatible encryption methods were used.

User is warned that signature validation is not possible. User is prompted to enable or disable macros.

ShowAny author. The signature was made after the certificate had expired or had been revoked.

User is warned that the signature has expired or been revoked. User is prompted to enable or disable macros.

ShowLow

When security it set to low, all macros are treated equally regardless of origin or certificate status. With low security, you receive no prompt or signature validation and macros are automatically enabled. Use this setting only if you are certain that all macros in your files are from trusted sources.

About digital signatures

Office 2003 uses Microsoft Authenticode technology to enable macro creators to digitally sign (digital signature: An electronic, encryption-based, secure stamp of authentication on a macro or document. This signature confirms that the macro or document originated from the signer and has not been altered.) a file or a macro project (macro project: A collection of components, including forms, code, and class modules, that make up a macro. Macro projects created in Microsoft Visual Basic for Applications can be included in add-ins and in most Microsoft Office programs.). The certificate used to create this signature confirms that the macro or document originated from the signer, and the signature confirms that it has not been altered.

After you have installed your digital certificate (digital certificate: Attachment for a file, macro project, or e-mail message that vouches for authenticity, provides secure encryption, or supplies a verifiable signature. To digitally sign macro projects, you must install a digital certificate.), you can sign files and macro projects.

ShowSigning macros

You should sign macros only after your solution has been tested and is ready for distribution, because whenever code in a signed macro project is modified in any way, its digital signature is removed. However, if you have the proper digital certificate on your computer, the macro project will automatically be re-signed when saved. If you want to prevent users of your solution from accidentally modifying your macro project and invalidating your signature, lock the macro project before signing it. Your digital signature says only that you guarantee that this project is safe. It does not prove that you wrote the project. So locking your macro project doesn't prevent another user from replacing the digital signature with another signature. Corporate administrators might re-sign templates and add-ins so that they can control exactly what users may run on their computers.

If you create an add-in that adds code to a macro project, your code should determine if the project is digitally signed and notify the user of the consequences of modifying a signed project before continuing.

ShowWhere to get certificates

You can obtain a digital certificate from a commercial certification authority, such as VeriSign, Inc., or from your internal security administrator or IT professional. Or, you can create a digital signature yourself using the Selfcert.exe tool.

 Note   Because a digital certificate you create yourself isn't issued by a formal certification authority, macro projects signed by using such a certificate are referred to as self-signed projects. Depending on how Office digital-signature features are being used in your organization, you might be prevented from using such a certificate, and other users might not be able to run self-signed macros for security reasons.

Commercial certification authorities

To obtain a digital certificate from a commercial certification authority, such as VeriSign, Inc., you or your organization must submit an application to that authority.

Depending on your status as a developer, you should apply for a Class 2 or Class 3 digital certificate for software publishers:

  • A Class 2 digital certificate is designed for people who publish software as individuals. This class of digital certificate provides assurance as to the identity of the individual publisher.
  • A Class 3 digital certificate is designed for companies and other organizations that publish software. This class of digital certificate provides greater assurance as to the identity of the publishing organization. Class 3 digital certificates are designed to represent the level of assurance provided today by retail channels for software. An applicant for a Class 3 digital certificate must also meet a minimum financial stability level based on ratings from Dun & Bradstreet Financial Services.

When you receive your digital certificate, you are given instructions on how to install it on the computer you use to sign your Office solutions.

Internal certification authorities

Some organizations and corporations might have a security administrator or group act as their own certification authority and produce or distribute digital certificates by using tools such as Microsoft Certificate Server. Microsoft Certificate Server can function as a stand-alone certification authority or as part of an existing certification authority hierarchy. Depending on how Office digital-signature features are used in your organization, you might be able to sign macro projects by using a digital certificate from your organization's internal certification authority. Or you might need to have an administrator sign macro projects for you by using an approved certificate. For information about your organization's policy, contact your network administrator or IT department.

 
 
Applies to:
Excel 2003