Chapter 4: Security and Privacy

In this chapter, we'll cover overall system security issues, including ways to help protect your system against malicious software and hide your personal information from unwanted scrutiny. And we'll discuss using digital signatures to both verify incoming files and certify your own outgoing files. Microsoft Office Excel 2007 has additional security features you can apply within workbooks, worksheets, and even cells. We'll discuss these features in "Protecting Worksheets" on page 156 and in "Hiding and Protecting Workbooks" on page 175.

The Trust Center

Microsoft consolidated the kind of security features that are common to many 2007 Microsoft Office system programs in a dialog box it calls the Trust Center. Click the Microsoft Office Button, click Excel Options, and select the Trust Center category to display the first dialog box shown in Figure 4-1.

Figure 4-1: The Trust Center dialog box controls many security settings.

This category in the Excel Options dialog box contains links to disclaimers and declarations on the Web. Click Trust Center Settings to open the second dialog box in Figure 4-1, where the security settings live.

The settings you can configure within the Trust Center determine how Excel responds when you open a file with active content-that is, any external file that contains links or code used to communicate to another location on the Internet or an intranet. When you do so, Office Excel 2007 investigates several measures of trustworthiness. Rules exist by which a publisher attains Trusted status. Defined as reputable developers, Trusted publishers must sign their code using valid, current digital signatures that are issued by certified certificate authorities such as IntelliSafe. If you open a file that does not meet one of these criteria, a security alert appears, and you need to decide whether to run the active content anyway. But even if you add a publisher, unsigned code from that publisher will still trigger a security alert. Most of the categories in the Trust Center dialog box deal with issues that directly affect the triggering of security alerts and the ability to run active content.

Excel displays security alerts in the Message Bar, which appears right under the formula bar. If you click the Options button in the Message Bar, a dialog box like the one in Figure 4-2 appears, giving you choices about the various types of active content lurking within the file.

Figure 4-2: Security alerts appear in the Message Bar. Click the Options button in the Message Bar to learn more about the active content in the file.

For more information about code signing, see "Using Digital Signatures" on page 112.

Trusted Publishers and Locations

In this context, a publisher is any software developer, which can range in relative scale and trustworthiness from the guy in the next cubicle to Microsoft. You might know the guy next door, and you might not trust Microsoft. Whatever the case, you can apply your unique level of paranoia by adding or deleting publishers using the first two categories in the Trust Center dialog box. Excel populates the Trusted Publishers list whenever you open a macro or add-in for the first time that triggers a security alert. If you decide to enable the content, Excel adds the publisher to the list. Subsequent active content from the same publisher opens without triggering a security alert.

Trusted locations can be folders on your own hard disk or on a network; the more precise, the better. We recommend you designate trusted locations on the subfolder level-even the default Documents folder (a.k.a. The Folder Formerly Known As My Documents) is too broad, particularly if you work in a networked environment. It is better to designate subfolders of Documents-or better yet, outside the Documents folder entirely-to minimize the ease with which others can locate interesting stuff on your computer to steal or to modify. Several trusted locations are installed with Excel, such as subfolder locations of template and startup files, as shown in Figure 4-1.

Add-Ins, ActiveX Settings, and Macro Settings

The Add-Ins, ActiveX Settings, and Macro Settings categories in the Trust Center, as shown in Figure 4-3, deal with blocking active content. You have only two choices for add-ins: just disable them all, or require them to be from a trusted publisher. If you decide on the latter, you can additionally disable the usual Message Bar notification when an add-in is unsigned.

Figure 4-3: Using the options in the Add-Ins, ActiveX Settings, and Macro Settings categories, you can enable or disable most types of active content that you might encounter.

ActiveX controls are more general than add-ins, and they can be designed to run on the Web or on your computer but always within a host application. ActiveX has been the language of choice for many malicious code developers (a.k.a. hackers), because it allows nearly unlimited access to your computer. You should never allow ActiveX controls without restriction-the minimum protection option should be Prompt Me Before Enabling All Controls With Minimal Restrictions. The option that mentions Safe For Initialization (SFI) controls refers to a sort of internal code-signing protocol set by the developer to verify its safety. Choosing this option puts your code through a few more levels of restriction. The best solution if you want to stay safe yet you need to use certain ActiveX controls is to set up or utilize a trusted location to store the ActiveX controls you know to be safe.

Inside Out-Of Web Beacons and Homograph Attacks

The word exploits, which used to conjure images of heroic figures and derring-do, has come to describe the actions of malicious software. Phishing is a rather clever type of lure used by phishers (hackers, trolling for data) to reel unsuspecting prey into their virtual creels. Homographs use the extended international character set to create scam Web sites with uniform resource locators (URLs) that replace one or more English-alphabet letters in the real domain names with similar ones from another language's character set. You see what you think is a trusted URL, and if you access the site, you might end up sharing information with the phishermen instead of the trusted site. Where homographs are designed to lure you in, web beacons might be what you "win" after you get there. These are forms of spyware that infiltrate your system and then just sit there transmitting data-beacons of information-to malicious data-mining operations. These are just a few of the many clever methods being employed to rip you off. The new Trust Center in the 2007 Office system addresses some of the grim realities of this new world of "insecurity" in which we live.

You can read more about all this in the online Help for the 2007 Office system. The easiest way to get to the relevant topics is to open the Trust Center dialog box and then click the Help button (the little question mark icon in the upper-right corner) to display a Help topic about the currently active category.

Unlike ActiveX controls, macros are application-specific, but they can be destructive when they emanate from a malicious coder. The Trust Center Macro Settings category reveals options that are similar to those of ActiveX controls, as are the recommendations. The Trust Access To The VBA Project Object Model option is for developers only but might be desired in a development environment where a shared Visual Basic for Applications project object model is not secure.

Message Bar

The Message Bar category in the Trust Center dialog box simply lets you turn off the display of security alerts in the Message Bar. It does not turn off the actual security features, just the notifications. The Message Bar is ordinarily turned on, unless you opt to disable all macros. ActiveX controls still generate their own security alerts.

External Content

External content comes in many flavors, and people can use it in many ways to implement malicious intent. The Trust Center dialog box can intercept potential problems by blocking external content such as data connections, hyperlinks, and images, all of which can contain or facilitate malicious code. Figure 4-4 shows the External Content category of the Trust Center dialog box.

Figure 4-4: The External Content category contains settings that control data connections and links.

The real difference between the two sets of External Content options is that data connections are links to data from other programs such as databases while workbook links are external references used between Excel workbooks. If you do not control or do not have confidence in the linked or connected sources, it's best to go with the default settings, prompting you for a decision whenever external content is encountered. As with most of these Trust Center options, allowing all data connections or workbook links is not recommended.

Privacy Options

Excel 2007 includes more interactive features than ever. In fact, Excel 2007 uses the Internet behind the scenes to give you access to all the information you need at a moment's notice. Many people want to know exactly when their computer is retrieving online information, so Microsoft lets you control these interactions by clicking the Microsoft Office Button, clicking Excel Options, clicking Trust Center, and then clicking Trust Center Settings. In the Trust Center dialog box, click the Privacy Options category to display the dialog box shown in Figure 4-5.

Figure 4-5: If you are uncomfortable with Excel connecting automatically to the Web, you can specify otherwise.

The first set of options you see in Figure 4-5 control whether Excel can automatically communicate and share information over the Internet under various circumstances:

• Search Microsoft Office Online For Help Content When I'm Connected To The Internet You might prefer to take control of Web interactions yourself, for example, if you use a dial-up Internet connection. If you clear this check box, you can still connect to the online Help content from within the Help dialog box.

• Update Featured Links From Microsoft Office Online This has implications similar to the previous option for those with slow Internet connections; it allows a dynamic link from the Microsoft Office Online Web site to the dialog box that appears when you click the Microsoft Office Button and click New. With this check box selected, the graphic display area toward the bottom of the New dialog box changes periodically, responding to updates posted on the Web site. When you clear this check box, this area remains static.

• Download A File Periodically That Helps Determine System Problems You need to decide whether to allow Microsoft to send diagnostic programs to your computer. If you worry about losing data to system crashes, you can select this check box to aid in any future system rehab and recovery efforts.

• Sign Up For The Customer Experience Improvement Program Over the years, Microsoft's on-site usability lab has been instrumental in helping refine products based on how people actually work. The Customer Experience Improvement Program is similar, except that instead of conducting tests in a controlled environment on the Microsoft corporate campus, data is accumulated in a collective "lab" that potentially includes your office. The usage data collected by this program is much more useful than that generated in the artificial environment of a laboratory. This program began with Excel 2003 and has been at least partially responsible for some of the many changes you see in Excel 2007. It's kind of like installing a Nielsen ratings box on your television-yes, they'll know what you're watching, but maybe the TV shows will get better.

• Check Microsoft Office Documents That Are From Or Link To Suspicious Web Sites This option turns on what Microsoft calls spoofed Web site detection. This refers to a homograph-type phishing scheme using Web domain names that closely resemble trusted sites. It's often hard to tell the difference with the naked eye, so you can let Excel do it for you. (See the sidebar "Of Web Beacons and Homograph Attacks" on page 107.)

For all these privacy issues, Microsoft won't collect any personal information and promises that participants will remain completely anonymous. You might want to return to the Excel Options dialog box and read the linked information in the Trust Center category before deciding whether to select these check boxes.