A.19. Chapter 19: Securing Your Code with VBA's Security Features

Understand how VBA implements security Microsoft takes a multipronged approach to protecting users from malicious VBA code embedded in documents and capable of launching itself when the user simply opens the document.

Master It Name two ways that users are protected from malicious VBA code.

Solution Ways that users are protected from malicious VBA code include the following:

• The default file type for Office documents simply cannot contain any embedded macros at all (these files' filename extensions end in x, such as .docx).

• Macro-enabled documents can be stored in a trusted area on the hard drive.

• The user can specify various trust settings for both macros and other executables, such as add-ins and ActiveX controls. For example, the user can forbid the execution of any controls without notifying the user; or another setting prompts the user for permission before allowing a control to be loaded.

• The user can modify a list of "trusted publishers"—companies whose documents are considered safe.

• Developers can digitally sign their own projects, thereby making themselves "trusted publishers."

Sign a macro project with a digital signature You can add a digital signature to your projects by creating your own certification, getting it from your company, or getting it from certification authorities such as VeriSign.

Master It Describe the limitations of certifying a VBA macro project for yourself—without obtaining a certificate from your company or a commercial certification authority.

Solution The quickest and easiest way of getting a digital certificate is to create one yourself. However, this kind of certification only works on the computer on which the certificate was created, and is the least trustworthy type of digital signature. A digital certificate you create yourself is of little use to people beyond you and those who personally trust you.

Get a digital certificate Commercial certification authorities provide the greatest level of security, but their certification is also more difficult to achieve than self-certification or obtaining certification from your company.

Master It Name some of the ways you may be required to prove your identity when obtaining a digital signature from a commercial certification authority.

Solution The procedure for proving your identity varies depending on the commercial certification authority and the type of certificate you want. Generally speaking, the greater the degree of trust that the certificate is intended to inspire, the more proof you'll need to supply. For example, you can get a basic certificate on the strength of nothing more than a verifiable e-mail address, but this type of certificate is unlikely to make people trust you. Other certificate types require you to appear in person before a registration authority with full documentation (such as a passport, driver's license, or other identity documents). Such certificates carry more trust.

Choose the appropriate security level Choosing the right security level to use VBA macros safely, you or a user of your code must achieve a balance. The security level must be set high enough to avoid malicious or incompetent code, but low enough that it doesn't prevent you from running useful, safe code.

Master It To set a suitable level of security for your purposes, open the Trust Center in Access, Word, Excel, or PowerPoint. You'll see four settings. Which one of the following five settings is not available:

1. Disable All Macros Without Notification

2. Disable All Macros With Notification

3. Disable All Macros Except Digitally Signed Macros

4. Enable All Macros With Notification

5. Enable All Macros

Solution The answer is D. There is no Enable All Macros With Notification option.

Designate trusted publishers You can add publishers to the list of trusted publishers.

Master It How do you add a publisher to the list of trusted publishers?

Solution To add a trusted publisher, open a document or template that contains VBA code from the publisher you want to add. A Security Alert dialog box opens. When you open a file (or load an add-in) that contains code from a source with a valid digital signature, you have the option of adding this publisher to your list of trusted publishers. In the Security Alert dialog box, click the Trust All Documents from This Publisher option button.

Lock your code You can protect your source code in the Visual Basic Editor from others. You add a password to a project (the items in boldface in the Project Explorer) and others can't open your VBA procedures for reading or modifying.

Master It Describe how to create a strong password—one that will be difficult for others to crack.

Solution Two ways to create a strong password are as follows:

• Make the password as long as practical.

• Make it complex by avoiding actual words, including digits and symbols such as #.