Excel > Security and privacy

9 ways to help protect your computer from viruses

By taking the following precautions, you can help reduce the risk of your computer being infected by a virus:

1. Use the default security settings in Microsoft Office  Office has safeguards in place to help protect your programs and data from viruses. We recommend that you do not change the Office default settings to less secure security settings.
2. Turn on the security features in the Microsoft Windows Security Center, and keep your computer updated  The easiest way to do this is to visit the Protect Your PC site, which guides you on how to use the Windows Security Center to enable the following:
• Internet firewall
• Antispyware software
• Antivirus software

For more information about antivirus software vendors that you can sign up with, see the Microsoft Antivirus Partners site.

• Automatic updates from Microsoft Update

Tip  To locate the Windows Security Center in Microsoft Windows, do the following:

• In Microsoft Windows Vista, click the Start button , type security center in the Start Search box, and then press ENTER.
• In Microsoft Windows XP Service Pack 2, click Start, point to All Programs, point to Accessories, point to System Tools, and then click Security Center.
3. Try a subscription to Windows Live OneCare  Windows Live OneCare is a round-the-clock protection and maintenance service that you can subscribe to. Windows Live OneCare helps protect and maintain your computer by providing all-in-one functionality including virus scanning, firewall, antispyware, PC performance tuneups, and file backup and restore capability. Visit the Windows Live OneCare site for more information and to sign up for a free 90-day trial.
4. Find out whether you really have a virus  Viruses often run without your knowledge. However, if your computer is acting strangely or if one of your programs is not working correctly, this does not necessarily mean that your computer has a virus. It is important to be aware of the specific symptoms that a particular virus causes. On the Microsoft Security Antivirus Information site, you can find information and alerts about the latest viruses, their severity, and the symptoms they cause.
5. Check the Microsoft Security Bulletins regularly  An up-to-date list of security issues that affect Microsoft products is available on the Microsoft Security Updates site. This site provides technical information about security issues that affect specific products. If you don't want to remember to check the site regularly, you can subscribe to get security bulletin e-mail notifications for free that let you know about important security updates from Microsoft. In the past, hackers have attempted to mimic these notifications to send bogus information. However, it is not difficult to determine whether a Microsoft security-related message is genuine, because authentic Microsoft security bulletin notifications are always digitally signed and never include software updates as attachments. Instead, the notifications always link to the update on the Microsoft.com Web site.
6. Download files only from trusted sites  When you download a file from a Web site, be sure you know the source! You should download only files that are from known, well-established companies. When in doubt, don't download the file. As an extra precaution, you can download files onto a disk separate from your hard disk, such as a floppy disk or a zip disk, and then scan the files with your virus scanner.
7. Install only from authentic CDs  In general, installing software from authentic, commercially distributed CDs is the safest method. For example, all Microsoft CDs have holograms to prove their authenticity.
8. Back up your data regularly  If a virus erases or corrupts files on your hard disk, a recent backup may be the only way to recover your data. Back up your entire system regularly. At the minimum, back up files that you can't afford to lose, such as documents, pictures, favorite links, address books, and important e-mail messages. For details about how to back up your specific program's data, search the Microsoft Office Online Web site. You can also use the System Tools in Microsoft Windows to back up your data, as follows:
• In Microsoft Windows Vista, click the Start button , click All Programs, click Accessories, click System Tools, and then click Backup status and configuration. Follow the instructions provided.
• In Microsoft Windows XP, click Start, point to All Programs, point to Accessories, point to System Tools, and then click Backup. Follow the instructions provided.
9. Don't open suspicious e-mail messages or files  Even though the Junk E-mail Filter in Microsoft Office Outlook helps to protect your Inbox from spam and phishing messages, it is a good idea to avoid opening any attachment in a message that you did not expect to receive, especially if the message is from a source that is unknown to you.

Excel > Security and privacy

Overview of security and protection in Excel

Excel 2007

Microsoft Office Excel provides several layers of security and protection that allows you to control who can access and change your Excel data. To help protect the data in a workbook, you can do the following:

• For optimal security, you should protect your entire workbook file with a password (password: A way to restrict access to a workbook, worksheet, or part of a worksheet. Excel passwords can be up to 255 letters, numbers, spaces, and symbols. You must type uppercase and lowercase letters correctly when you set and enter passwords.), which allows only authorized users to view or modify your data.
• For additional protection of specific data, you can also protect certain worksheet (worksheet: The primary document that you use in Excel to store and work with data. Also called a spreadsheet. A worksheet consists of cells that are organized into columns and rows; a worksheet is always stored in a workbook.) or workbook elements, with or without a password. Protecting worksheet or workbook elements may help prevent users from accidentally or deliberately changing, moving, or deleting important data.

In this article

Using passwords to help secure an entire workbook

Protecting specific worksheet or workbook elements

Using passwords to help secure an entire workbook

You can help secure an entire workbook by restricting who can open and use the workbook data and by requiring a password to view or to save changes to the workbook.

Password security at the workbook level uses advanced encryption to help protect your workbook from unauthorized access. You can set a password when you save the workbook. You can specify two separate passwords that users must type to:

• Open and view the workbook This password is encrypted to help protect your data from unauthorized access.
• Modify the workbook This password is not encrypted and is only meant to give specific users permission to edit workbook data and to save changes to the file.

These passwords apply to the entire workbook. For optimal password security, you should always assign a password to open and view the file. To give only specific users permission to modify data, you may want to assign both passwords.

Important  You should always use strong passwords that combine uppercase and lowercase letters, numbers, and symbols. Weak passwords don't mix these elements. Strong password: Y6dh!et5. Weak password: House27. Use a strong password that you can remember so that you don't have to write it down.

If you would like to remind users that the data in a workbook is important and that it should not be changed, you can have Excel recommend that the workbook should be opened as read-only. You can specify this option when you save the workbook, with or without requiring a password to open it. Users will get a read-only recommendation when they open the workbook, but they are not prevented from making changes to the workbook.

For more information on how to set passwords and read-only recommendation for a workbook, see Set a password to open or modify a document, workbook, or presentation.

 Top of Page

Protecting specific worksheet or workbook elements

When you share a workbook with other users so that you can collaborate on the data, you may want to protect data in specific worksheet or workbook elements to prevent it from being changed. You can also specify a password that users need to enter to modify specific workbook and worksheet elements that are protected.

Important  Workbook and worksheet element protection should not be confused with workbook-level password security. Element protection cannot protect a workbook from users who have malicious intent.

Protecting worksheet elements

When you protect a worksheet, all cells on the worksheet are locked by default, and users cannot make any changes to a locked cell. For example, they cannot insert, modify, delete, or format data in a locked cell. You can, however, specify which elements users will be allowed to change when you protect the worksheet.

For information on how to protect worksheet elements, see Protect worksheet or workbook elements.

Unlocking specific areas of a protected worksheet

Before you protect a worksheet, you can unlock the ranges that you want users to be able to change or enter data in. You can unlock cells for all users or for specific users.

For information on how to unlock cells and ranges in a protected worksheet, see Allow cells to be edited in a protected worksheet.

Using a password to control access to protected elements

When you protect a worksheet or workbook to lock its elements, adding a password is optional. In this context, the password is merely intended to allow access to certain users while helping to prevent changes by other users. This level of password protection does not ensure that all sensitive data in your workbook is secure. For optimal security, you should secure a workbook itself with a password to help safeguard it from unauthorized access.

When you protect worksheet or workbook elements with a password, it is very important that you remember that password. Without it, there is no way to unprotect the workbook or worksheet.

Important  You should always use strong passwords that combine uppercase and lowercase letters, numbers, and symbols. Weak passwords don't mix these elements. Strong password: Y6dh!et5. Weak password: House27. Use a strong password that you can remember so that you don't have to write it down.

Protecting the structure and windows of a workbook

You can lock the structure of a workbook, which prevents users from adding or deleting worksheets or from displaying hidden worksheets. You can also prevent users from changing the size or position of worksheet windows. Workbook structure and window protection applies to the entire workbook.

For information on how to protect workbook structure and window elements, see Protect worksheet or workbook elements.

Protecting confidential data in a workbook

Hiding, locking, and protecting workbook and worksheet elements is not intended to secure or protect any confidential information that you keep in a workbook. It only helps obscure data or formulas that might confuse other users and prevents them from viewing or making changes to that data.

Excel does not encrypt data that is hidden or locked in a workbook. To help keep confidential data confidential, you may want to limit access to workbooks that contain such information by storing them in a location that is available only to authorized users.

 Top of Page

Excel > Automation and programmability

Digitally sign a macro project

Excel 2007

This article explains how you can digitally sign (digital signature: An electronic, encryption-based, secure stamp of authentication on a macro or document. This signature confirms that the macro or document originated from the signer and has not been altered.) a file or a macro project (macro project: A collection of components, including forms, code, and class modules, that make up a macro. Macro projects created in Microsoft Visual Basic for Applications can be included in add-ins and in most Microsoft Office programs.) by using a certificate (certificate: A digital means of proving identity and authenticity. Certificates are issued by a certification authority, and like a driver's license, can expire or be revoked.). If you don't already have a digital certificate, you must obtain one. To test macro projects on your own computer, you can create your own self-signing certificate by using the Selfcert.exe tool.

In this article

Obtain a digital certificate for signing

Create your own digital certificate for self-signing

Digitally sign a macro project

Obtain a digital certificate for signing

You can obtain a digital certificate from a commercial certificate authority (CA) (certificate authority (CA): A commercial organization that issues digital certificates, keeps track of who is assigned to a certificate, signs certificates to verify their validity, and tracks which certificates are revoked or expired.) or from your internal security administrator or Information Technology (IT) professional.

To learn more about certificate authorities that offer services for Microsoft products, see the list of Microsoft Root Certificate Program Members.

 Top of Page

Create your own digital certificate for self-signing

Because a digital certificate that you create isn't issued by a formal certificate authority, macro projects that are signed by using such a certificate are referred to as self-signed projects. Microsoft Office trusts a self-signed certificate only on a computer that has that certificate in your Personal Certificates store.

Create a self-signing certificate

Which operating system are you using?

Windows Vista

Windows XP

Windows Vista

1. Click the Start button, point to All Programs, click Microsoft Office, click Microsoft Office Tools, and then click Digital Certificate for VBA Projects. In the Your certificate's name box, type a descriptive name for the certificate.
2. When the certificate confirmation message appears, click OK.

To view the certificate in the Personal Certificates store, do the following:

1. Open Windows Internet Explorer.
2. On the Tools menu, click Internet Options, and then click the Content tab.
3. Click Certificates, and then click the Personal tab.

 Top of Page

Windows XP

1. Click the Start button, point to All Programs, point to Microsoft Office, point to Microsoft Office Tools, and then click Digital Certificate for VBA Projects. In the Your certificate's name box, type a descriptive name for the certificate.
2. When the certificate confirmation message appears, click OK.

To view the certificate in the Personal Certificates store, do the following:

1. Open Windows Internet Explorer.
2. On the Tools menu, click Internet Options, and then click the Content tab.
3. Click Certificates, and then click the Personal tab.

 Top of Page

Digitally sign a macro project

Which 2007 Microsoft Office system program are you using?

Excel

Outlook

PowerPoint

Publisher

Visio

Word

Excel

1. Open the file that contains the macro project that you want to sign.
• On the Developer tab, in the Code group, click Visual Basic.

If the Developer tab is not available, click the Microsoft Office Button , and then click Excel Options. Then click Popular, and then select the Show Developer tab in the Ribbon check box.

 Note    The Ribbon is part of the Microsoft Office Fluent user interface.

2. In the Visual Basic Project Explorer, select the project that you want to sign.
3. On the Tools menu, click Digital Signature.
4. Do one of the following:
• If you haven't previously selected a digital certificate or want to use another one, click Choose, select the certificate, and then click OK twice.
• To use the current certificate, click OK.

 Notes 

• Sign macros only after your solution has been tested and is ready for distribution, because whenever code in a signed macro project is changed in any way, its digital signature is removed. However, if you have the valid digital certificate that was previously used to sign the project on your computer, the macro project is automatically re-signed when you save it.
• If you want to prevent users of your solution from accidentally changing your macro project and invalidating your signature, lock the macro project before you sign it. Your digital signature says only that you guarantee that the project has not been tampered with since you signed it. Your digital signature does not prove that you wrote the project. Therefore, locking your macro project doesn't prevent another user from replacing the digital signature with another signature. Corporate administrators can re-sign templates (template: A file or files that contain the structure and tools for shaping such elements as the style and page layout of finished files. For example, Word templates can shape a single document, and FrontPage templates can shape an entire Web site.) and add-ins (add-in: A supplemental program that adds custom commands or custom features to Microsoft Office.) so that they can control exactly what users can run on their computers.
• If you create an add-in that adds code to a macro project, your code should determine if the project is digitally signed and should notify the users of the consequences of changing a signed project before they continue.
• When you digitally sign macros, it is important to obtain a timestamp so that other users can verify your signature even after the certificate used for the signature has expired. If you sign macros without a timestamp, the signature remains valid only for the validity period of your certificate.

 Top of Page

Outlook

1. Open the file that contains the macro project that you want to sign.
• On the Tools menu, point to Macro, and then click Visual Basic Editor.
2. In the Visual Basic Project Explorer, select the project that you want to sign.
3. On the Tools menu, click Digital Signature.
4. Do one of the following:
• If you haven't previously selected a digital certificate or want to use another one, click Choose, select the certificate, and then click OK twice.
• To use the current certificate, click OK.

 Notes 

• Sign macros only after your solution has been tested and is ready for distribution, because whenever code in a signed macro project is changed in any way, its digital signature is removed. However, if you have the valid digital certificate that was previously used to sign the project on your computer, the macro project is automatically re-signed when you save it.
• If you want to prevent users of your solution from accidentally changing your macro project and invalidating your signature, lock the macro project before you sign it. Your digital signature says only that you guarantee that the project has not been tampered with since you signed it. Your digital signature does not prove that you wrote the project. Therefore, locking your macro project doesn't prevent another user from replacing the digital signature with another signature. Corporate administrators can re-sign templates (template: A file or files that contain the structure and tools for shaping such elements as the style and page layout of finished files. For example, Word templates can shape a single document, and FrontPage templates can shape an entire Web site.) and add-ins (add-in: A supplemental program that adds custom commands or custom features to Microsoft Office.) so that they can control exactly what users can run on their computers.
• If you create an add-in that adds code to a macro project, your code should determine if the project is digitally signed and should notify the users of the consequences of changing a signed project before they continue.
• When you digitally sign macros, it is important to obtain a timestamp so that other users can verify your signature even after the certificate used for the signature has expired. If you sign macros without a timestamp, the signature remains valid only for the validity period of your certificate.

 Top of Page

PowerPoint

1. Open the file that contains the macro project that you want to sign.
• On the Developer tab, in the Code group, click Visual Basic.

If the Developer tab is not available, click the Microsoft Office Button , and then click PowerPoint Options. Then click Popular, and then select the Show Developer tab in the Ribbon check box.

 Note    The Ribbon is part of the Microsoft Office Fluent user interface.

2. In the Visual Basic Project Explorer, select the project that you want to sign.
3. On the Tools menu, click Digital Signature.
4. Do one of the following:
• If you haven't previously selected a digital certificate or want to use another one, click Choose, select the certificate, and then click OK twice.
• To use the current certificate, click OK.

 Notes 

• Sign macros only after your solution has been tested and is ready for distribution, because whenever code in a signed macro project is changed in any way, its digital signature is removed. However, if you have the valid digital certificate that was previously used to sign the project on your computer, the macro project is automatically re-signed when you save it.
• If you want to prevent users of your solution from accidentally changing your macro project and invalidating your signature, lock the macro project before you sign it. Your digital signature says only that you guarantee that the project has not been tampered with since you signed it. Your digital signature does not prove that you wrote the project. Therefore, locking your macro project doesn't prevent another user from replacing the digital signature with another signature. Corporate administrators can re-sign templates (template: A file or files that contain the structure and tools for shaping such elements as the style and page layout of finished files. For example, Word templates can shape a single document, and FrontPage templates can shape an entire Web site.) and add-ins (add-in: A supplemental program that adds custom commands or custom features to Microsoft Office.) so that they can control exactly what users can run on their computers.
• If you create an add-in that adds code to a macro project, your code should determine if the project is digitally signed and should notify the users of the consequences of changing a signed project before they continue.
• When you digitally sign macros, it is important to obtain a timestamp so that other users can verify your signature even after the certificate used for the signature has expired. If you sign macros without a timestamp, the signature remains valid only for the validity period of your certificate.

 Top of Page

Publisher

1. Open the file that contains the macro project that you want to sign.
• On the Tools menu, point to Macro, and then click Visual Basic Editor.
2. In the Visual Basic Project Explorer, select the project that you want to sign.
3. On the Tools menu, click Digital Signature.
4. Do one of the following:
• If you haven't previously selected a digital certificate or want to use another one, click Choose, select the certificate, and then click OK twice.
• To use the current certificate, click OK.

 Notes 

• Sign macros only after your solution has been tested and is ready for distribution, because whenever code in a signed macro project is changed in any way, its digital signature is removed. However, if you have the valid digital certificate that was previously used to sign the project on your computer, the macro project is automatically re-signed when you save it.
• If you want to prevent users of your solution from accidentally changing your macro project and invalidating your signature, lock the macro project before you sign it. Your digital signature says only that you guarantee that the project has not been tampered with since you signed it. Your digital signature does not prove that you wrote the project. Therefore, locking your macro project doesn't prevent another user from replacing the digital signature with another signature. Corporate administrators can re-sign templates (template: A file or files that contain the structure and tools for shaping such elements as the style and page layout of finished files. For example, Word templates can shape a single document, and FrontPage templates can shape an entire Web site.) and add-ins (add-in: A supplemental program that adds custom commands or custom features to Microsoft Office.) so that they can control exactly what users can run on their computers.
• If you create an add-in that adds code to a macro project, your code should determine if the project is digitally signed and should notify the users of the consequences of changing a signed project before they continue.
• When you digitally sign macros, it is important to obtain a timestamp so that other users can verify your signature even after the certificate used for the signature has expired. If you sign macros without a timestamp, the signature remains valid only for the validity period of your certificate.

 Top of Page

Visio

1. Open the file that contains the macro project that you want to sign.
• On the Tools menu, point to Macro, and then click Visual Basic Editor.
2. In the Visual Basic Project Explorer, select the project that you want to sign.
3. On the Tools menu, click Digital Signature.
4. Do one of the following:
• If you haven't previously selected a digital certificate or want to use another one, click Choose, select the certificate, and then click OK twice.
• To use the current certificate, click OK.

 Notes 

• Sign macros only after your solution has been tested and is ready for distribution, because whenever code in a signed macro project is changed in any way, its digital signature is removed. However, if you have the valid digital certificate that was previously used to sign the project on your computer, the macro project is automatically re-signed when you save it.
• If you want to prevent users of your solution from accidentally changing your macro project and invalidating your signature, lock the macro project before you sign it. Your digital signature says only that you guarantee that the project has not been tampered with since you signed it. Your digital signature does not prove that you wrote the project. Therefore, locking your macro project doesn't prevent another user from replacing the digital signature with another signature. Corporate administrators can re-sign templates (template: A file or files that contain the structure and tools for shaping such elements as the style and page layout of finished files. For example, Word templates can shape a single document, and FrontPage templates can shape an entire Web site.) and add-ins (add-in: A supplemental program that adds custom commands or custom features to Microsoft Office.) so that they can control exactly what users can run on their computers.
• If you create an add-in that adds code to a macro project, your code should determine if the project is digitally signed and should notify the users of the consequences of changing a signed project before they continue.
• When you digitally sign macros, it is important to obtain a timestamp so that other users can verify your signature even after the certificate used for the signature has expired. If you sign macros without a timestamp, the signature remains valid only for the validity period of your certificate.

 Top of Page

Word

1. Open the file that contains the macro project that you want to sign.
• On the Developer tab, in the Code group, click Visual Basic.

If the Developer tab is not available, click the Microsoft Office Button , and then click Word Options. Then click Popular, and then select the Show Developer tab in the Ribbon check box.

 Note    The Ribbon is part of the Microsoft Office Fluent user interface.

2. In the Visual Basic Project Explorer, select the project that you want to sign.
3. On the Tools menu, click Digital Signature.
4. Do one of the following:
• If you haven't previously selected a digital certificate or want to use another one, click Choose, select the certificate, and then click OK twice.
• To use the current certificate, click OK.

 Notes 

• Sign macros only after your solution has been tested and is ready for distribution, because whenever code in a signed macro project is changed in any way, its digital signature is removed. However, if you have the valid digital certificate that was previously used to sign the project on your computer, the macro project is automatically re-signed when you save it.
• If you want to prevent users of your solution from accidentally changing your macro project and invalidating your signature, lock the macro project before you sign it. Your digital signature says only that you guarantee that the project has not been tampered with since you signed it. Your digital signature does not prove that you wrote the project. Therefore, locking your macro project doesn't prevent another user from replacing the digital signature with another signature. Corporate administrators can re-sign templates (template: A file or files that contain the structure and tools for shaping such elements as the style and page layout of finished files. For example, Word templates can shape a single document, and FrontPage templates can shape an entire Web site.) and add-ins (add-in: A supplemental program that adds custom commands or custom features to Microsoft Office.) so that they can control exactly what users can run on their computers.
• If you create an add-in that adds code to a macro project, your code should determine if the project is digitally signed and should notify the users of the consequences of changing a signed project before they continue.
• When you digitally sign macros, it is important to obtain a timestamp so that other users can verify your signature even after the certificate used for the signature has expired. If you sign macros without a timestamp, the signature remains valid only for the validity period of your certificate.

 Top of Page

Excel > Security and privacy

Keep your computer updated by using Microsoft Update

Tags  download; Excel; install; security; update

What are tags?

This article explains what Microsoft Update options you can use to keep the 2007 Microsoft Office system and your other Microsoft software updated regularly.

In this article

What is the Microsoft Update service?

Choose your update options from the Microsoft Update Wizard

Change your Automatic Update settings in Control Panel

Check for updates in a 2007 Office release program

What is the Microsoft Update service?

Microsoft Update is a service from Microsoft that delivers updates for Microsoft Windows, Microsoft Office, and other Microsoft programs.

If you use Microsoft Update, you no longer need to go to different Web sites to get the latest updates for supported Microsoft software. For more information about which products are supported, see the Microsoft Update Web site.

 Note    If you use Microsoft Office 2000 or earlier, you can still get updates from Microsoft Office Downloads.

Updates often include downloads that can help to keep your computer secure.

 Top of Page

Choose your update options from the Microsoft Update Wizard

The following options are available from the wizard:

• Download and install updates from Microsoft Update when available (recommended)   Click this option to get automatic updates. If you choose this option, you can also choose how and when your updates are downloaded and installed on your computer using Control Panel.
• I don't want to use Microsoft Update   Click this option if you don't want to get updates. Your currently configured settings for getting updates remain unchanged. By choosing not to get the updates, you can miss getting the downloads that can help to keep your computer more secure.

 Top of Page

Change your Automatic Update settings in Control Panel

Which operating system are you using?

Windows Vista

Windows XP

Windows Vista

To change your Automatic Update settings, you must be logged on as a Microsoft Windows administrator, and then do the following:

1. Exit all programs.
2. In Microsoft Windows, click the Start button, and then click Control Panel.
3. Click System and Maintenance, and then click Windows Update.

 Note    In Classic view, double-click Windows Update.

 Top of Page

Windows XP

To change your Automatic Update settings, you must be logged on as a Microsoft Windows administrator, and then do the following:

1. Exit all programs.
2. In Microsoft Windows, click the Start button, and then click Control Panel.
3. Click Performance and Maintenance, click System, and then click the Automatic Updates tab.

 Note    In Classic view, double-click System, and then click the Automatic Updates tab.

 Top of Page

Check for updates in a 2007 Office release program

Which 2007 Microsoft Office system program are you using?

Access

Excel

InfoPath

OneNote

Outlook

PowerPoint

Project

Publisher

SharePoint Designer

Visio

Word

Access

1. Click the Microsoft Office Button , and then click Access Options.
2. Click Resources, and then click Check for Updates.
3. Follow the directions on the Microsoft Update site.

 Top of Page

Excel

1. Click the Microsoft Office Button , and then click Excel Options.
2. Click Resources, and then click Check for Updates.
3. Follow the directions on the Microsoft Update site.

 Top of Page

InfoPath

1. On the Help menu, click Check for Updates.
2. Follow the directions on the Microsoft Update site.

 Top of Page

OneNote

1. On the Help menu, click Check for Updates.
2. Follow the directions on the Microsoft Update site.

 Top of Page

Outlook

1. On the Help menu, click Check for Updates.
2. Follow the directions on the Microsoft Update site.

 Top of Page

PowerPoint

1. Click the Microsoft Office Button , and then click PowerPoint Options.
2. Click Resources, and then click Check for Updates.
3. Follow the directions on the Microsoft Update site.

 Top of Page

Project

1. On the Help menu, click Check for Updates.
2. Follow the directions on the Microsoft Update site.

 Top of Page

Publisher

1. On the Help menu, click Check for Updates.
2. Follow the directions on the Microsoft Update site.

 Top of Page

SharePoint Designer

1. On the Help menu, click Check for Updates.
2. Follow the directions on the Microsoft Update site.

 Top of Page

Visio

1. On the Help menu, click Check for Updates.
2. Follow the directions on the Microsoft Update site.

 Top of Page

Word

1. Click the Microsoft Office Button , and then click Word Options.
2. Click Resources, and then click Check for Updates.
3. Follow the directions on the Microsoft Update site.

 Top of Page

Excel > Security and privacy

Block or unblock external content in Office documents

To help protect your security and privacy, the 2007 Microsoft Office system is configured by default to block external content — such as images, linked media, hyperlinks, and data connections — in workbooks and presentations. Blocking external content helps to prevent Web beacons and other intrusive methods that hackers use to invade your privacy and lure you into running malicious code without your knowledge or consent.

In this article

What is external content, and why are Web beacons a potential threat?

How does the Trust Center help protect me from external content?

What should I do when a security warning asks if I want to enable or disable external content?

Change external content settings for Excel in the Trust Center

What is external content, and why are Web beacons a potential threat?

External content is any content that is linked from the Internet or an intranet to a workbook or presentation. Some examples of external content are images, linked media, data connections, and templates.

Hackers can use external content as Web beacons. Web beacons send back, or beacon, information from your computer to the server that hosts the external content. Types of Web beacons include the following:

• Images   A hacker sends a workbook or presentation for you to review that contains images. When you open the file, the image is downloaded and information about the file is beaconed back to the external server.
• Images in Outlook e-mail messages  Microsoft Office Outlook 2007 has its own mechanism for blocking external content in messages. This helps to protect against Web beacons that could otherwise capture your e-mail address. For more information, see Block or unblock automatic picture downloads in e-mail messages.
• Linked media   A hacker sends you a presentation as an attachment in an e-mail message. The presentation contains a media object, such as a sound, that is linked to an external server. When you open the presentation in Microsoft Office PowerPoint 2007, the media object is played and in turn executes code that runs a malicious script that harms your computer.
• Data connections   A hacker creates a workbook and sends it to you as an attachment in an e-mail message. The workbook contains code that pulls data from or pushes data to a database. The hacker does not have permissions to the database, but you do. As a result, when you open the workbook in Microsoft Office Excel 2007, the code executes and accesses the database by using your credentials. Data can then be accessed or changed without your knowledge or consent.

 Top of Page

How does the Trust Center help protect me from external content?

If there is external content present in your workbook or presentation, when you open the file the Message Bar notifies you that the external content has been blocked.

If you click Options on the Message Bar, a security dialog box opens, giving you the option to unblock the external content. To learn how to make a secure decision before clicking an option, see the next section.

 Top of Page

What should I do when a security warning asks if I want to enable or disable external content?

When a security dialog box appears, you have the option to enable the external content or to leave it blocked. You should only enable the external content if you are sure that it is from a trustworthy source.

Important  If you are sure that the external content in a workbook or presentation is trustworthy, and if you do not want to be notified about this specific external content again, instead of changing the default Trust Center settings to a less safe security level, it is better to move the file to a trusted location. Files in trusted locations are allowed to run without being checked by the Trust Center security system.

 Top of Page

Change external content settings for Excel in the Trust Center

External content security settings are located in the Trust Center for Office Excel 2007 only. You cannot change external content settings globally for Office PowerPoint 2007 in the Trust Center.

If you work in an organization, your system administrator might already have changed the default settings, and this might prevent you from changing any settings yourself.

Change settings for Data Connections

1. In Excel, click the Microsoft Office Button , and then Excel Options.
2. Click Trust Center, click Trust Center Settings, and then click External Content.
3. Click the option that you want under Security settings for Data Connections:
• Enable all Data Connections (not recommended)   Click this option if you want to open workbooks that contain external data connections and to create connections to external data in the current workbook without receiving security warnings. We don't recommend this option, because connections to an external data source that you are not familiar with can be harmful, and because you do not receive any security warnings when you open any workbook from any location. Use this option only when you trust the data sources of the external data connections. You may want to select this option temporarily, and then return to the default setting when you no longer need it.
• Prompt user about Data Connections   This is the default option. Click this option if you want to receive a security warning whenever a workbook that contains external data connections is opened, and whenever an external data connection is created in the current workbook. Security warnings give you the option of enabling or disabling data connections for each workbook that you open on a case-by-case basis.
• Disable all Data Connections   Click this option if you don't want any external data connections to be enabled in the current workbook. When you choose this option, no data connection in any workbook that you open is ever connected. If you create new external data connections after opening a workbook, those data connections are not enabled when you open the workbook again. This is a very restrictive setting, and may cause some functionality not to work as expected.

Change settings for Workbook Links

1. In Excel, click the Microsoft Office Button , and then Excel Options.
2. Click Trust Center, click Trust Center Settings, and then click External Content.
3. Click the option that you want under Security settings for Workbook Links:
• Enable automatic update for all Workbook Links (not recommended)   Click this option if you want links to data in another workbook to be updated automatically in the current workbook without receiving a security warning. We don't recommend this option, because automatically updating links to data in workbooks that you are not familiar with can be harmful. Use this option only when you trust the workbooks that the data is linked to. You may want to select this option temporarily, and then return to the default setting when you no longer need it.
• Prompt user on automatic update for Workbook Links   This is the default option. Click this option if you want to receive a security warning whenever you run automatic updates in the current workbook for links to data in another workbook.
• Disable automatic update of Workbook Links   Click this option if you don't want links in the current workbook to data in another workbook to be updated automatically.

 Top of Page

See Also

• View my privacy options
• View my security settings in the Trust Center

Excel > Security and privacy

Remove hidden data and personal information from Office documents

Excel 2007

Before you share an important document with colleagues or clients, you probably take the precaution of proofreading or reviewing the contents of the document to ensure that everything is correct and the document does not contain anything you do not want to share with other people. If you plan to share an electronic copy of a Microsoft Office document, it is a good idea to take the extra step of reviewing the document for hidden data or personal information that might be stored in the document itself or in the document properties (metadata (metadata: Data that describes other data. For example, the words in a document are data; the word count is an example of metadata.)). Because this hidden information can reveal details about your organization or about the document itself that you might not want to share publicly, you might want to remove this hidden information before you share the document with other people.

This article explains how the Document Inspector feature in Microsoft Office Word 2007, Microsoft Office Excel 2007, and Microsoft Office PowerPoint 2007 can help you find and remove hidden data and personal information in your Office documents.

In this article

What types of hidden data and personal information are stored in Office documents?

What information can the Document Inspector find and remove?

How do I find and remove hidden data and personal information in my Office documents?

What types of hidden data and personal information are stored in Office documents?

Several types of hidden data and personal information can be saved in an Office document. This information might not be immediately visible when you view the document in an Office program, but it might be possible for other people to view or retrieve the information.

Hidden information can include the data that Office programs add to a file to enable you to collaborate on writing and editing a document with other people. It can also include information that you deliberately designate as hidden.

Office documents can contain the following types of hidden data and personal information:

• Comments, revision marks from tracked changes, versions, and ink annotations  If you collaborated with other people to create your document, your document might contain items such as revision marks from tracked changes, comments, ink annotations, or versions. This information can enable other people to see the names of people who worked on your document, comments from reviewers, and changes that were made to your document.
• Document properties and personal information  Document properties, also known as metadata (metadata: Data that describes other data. For example, the words in a document are data; the word count is an example of metadata.), include details about your document such as author, subject, and title. Document properties also include information that is automatically maintained by Office programs, such as the name of the person who most recently saved a document and the date when a document was created. If you used specific features, your document might also contain additional kinds of personally identifiable information (PII) (personally identifiable information (PII): Any information that can be used to identify a person, such as a name, address, e-mail address, government ID, IP address, or any unique identifier associated with PII in another program.), such as e-mail headers, send-for-review information, routing slips, printer paths, and file path information for publishing Web pages.
• Headers, footers, and watermarks  Word documents and Excel workbooks can contain information in headers and footers. Additionally, you might have added a watermark to your Word document.
• Hidden text  Word documents can contain text that is formatted as hidden text. If you do not know whether your document contains hidden text, you can use the Document Inspector to search for it.
• Hidden rows, columns, and worksheets  In an Excel workbook, rows, columns, and entire worksheets can be hidden. If you distribute a copy of a workbook that contains hidden rows, columns, or worksheets, other people might unhide these row, columns, or worksheets and view the data that they contain.
• Invisible content  PowerPoint presentations and Excel workbooks can contain objects that are not visible because they are formatted as invisible.
• Off-slide content  PowerPoint presentations can contain objects that are not immediately visible because they were dragged off the slide into the off-slide area. This off-slide content can include text boxes, clip art, graphics, and tables.
• Presentation notes  The Notes section of a PowerPoint presentation can contain text that you might not want to share publicly, especially if the notes were written solely for the use of the person who is delivering the presentation.
• Document server properties  If your document was saved to a location on a document management server, such as a Document Workspace site or a library based on Microsoft Windows SharePoint Services, the document might contain additional document properties or information related to this server location.
• Custom XML data  Documents can contain custom XML data that is not visible in the document itself. The Document Inspector can find and remove this XML data.

 Top of Page

What information can the Document Inspector find and remove?

The Document Inspector includes several different Inspectors that you can use to find and remove different kinds of hidden data and personal information. Some of these Inspectors are specific to individual Office programs. The Document Inspector displays different sets of Inspectors in Office Word 2007, Office Excel 2007, and Office PowerPoint 2007 to enable you to find and remove hidden data and personal information that is specific to each of these programs.

To learn more about what types of hidden data and personal information the Document Inspector can find and remove in a specific Microsoft Office program, review the tables below.

 Note    If your organization customized the Document Inspector by adding Inspector modules, you might be able to check your documents for additional types of information.

Office Word 2007

Office Excel 2007

Office PowerPoint 2007

 Top of Page

How do I find and remove hidden data and personal information in my Office documents?

You can use the Document Inspector to find and remove hidden data and personal information in Office documents that were created in Office Word 2007, Office Excel 2007, Office PowerPoint 2007, and earlier versions of these Office programs. It is a good idea to use the Document Inspector before you share an electronic copy of your Office document, such as in an e-mail attachment.

1. Open the Office document that you want to inspect for hidden data or personal information.
2. Click the Microsoft Office Button , click Save As, and then type a name in the File name box to save a copy of your original document.

Important  It is a good idea to use the Document Inspector on a copy of your original document because it is not always possible to restore the data that the Document Inspector removes.

3. In the copy of your original document, click the Microsoft Office Button , point to Prepare, and then click Inspect Document.
4. In the Document Inspector dialog box, select the check boxes to choose the types of hidden content that you want to be inspected. For more information about the individual Inspectors, see What information can the Document Inspector find and remove?
5. Click Inspect.
6. Review the results of the inspection in the Document Inspector dialog box.
7. Click Remove All next to the inspection results for the types of hidden content that you want to remove from your document.

Important  

• If you remove hidden content from your document, you might not be able to restore it by clicking Undo.
• The inspectors for Comments and Annotations, Document Properties and Personal Information, and Headers and Footers cannot be used in an Excel workbook that has been saved as a shared workbook (Review tab, Shared Workbook command). This is because shared workbooks use personal information to enable different people to collaborate on the same workbook. To remove this information from a shared workbook, you can copy the workbook, and then unshare it. To unshare a workbook, on the Review tab, click Shared Workbook. On the Editing tab, clear the Allow changes by more than one user at the same time check box.

 Top of Page

Excel > Security and privacy

How Office helps protect you from phishing schemes

Excel 2007

This article explains what phishing is and includes tips on how to identify phishing schemes and follow best practices to avoid becoming a victim of online fraud. This article also describes how the 2007 Microsoft Office system helps to protect you from phishing schemes.

In this article

What is phishing?

Examples and characteristics of phishing schemes

How can Office help protect me from phishing schemes?

Best practices to help protect yourself from online fraud

How do I report online fraud and identity theft?

What is phishing?

Phishing (pronounced "fishing") is an online fraud technique used by criminals to lure you into disclosing your personal information.

There are many different tactics used to lure you, including e-mail and Web sites that mimic well-known, trusted brands. A common phishing practice uses spoofed messages that are disguised to look like they are from a well-known company or Web site, such as a bank, credit card company, charity, or e-commerce online shopping site. The purpose of these spoofed messages is to trick you into providing personally identifiable information (PII) (personally identifiable information (PII): Any information that can be used to identify a person, such as a name, address, e-mail address, government ID, IP address, or any unique identifier associated with PII in another program.), such as the following:

• Name and user name
• Address and telephone number
• Password or PIN
• Bank account number
• ATM/debit or credit card number
• Credit card validation code (CVC) (card validation code: A code that credit card companies use to authorize credit card charges. For example, American Express uses a four-digit number on the front of the credit card, and Visa, MasterCard, and Discover use a three-digit number on the back.) or card verification value (CVV)
• Social Security Number (SSN)

This information is used in many ways for financial gain. For example, a common practice is identity theft, whereby the thief steals your personal information, takes on your identity, and can then do the following:

• Apply for and get credit in your name.
• Empty your bank account and charge expenses to the limit of your credit cards.
• Transfer money from your investment or credit line accounts into your checking account, and then use a copy of your debit card to withdraw cash from your checking account at automated teller machines (ATMs) around the world.

For tips on how to avoid being the victim of online fraud, see the Best practices to help protect yourself from online fraud section later in this article.

 Top of Page

Examples and characteristics of phishing schemes

Some examples of phishing schemes include:

• Fake e-mail messages   The message appears to be from a company that you do business with, warning you that they need to verify your account information, and if they don't get the information, your account will be suspended.
• A combination of auction fraud and phony escrow sites   This occurs when items are put up for sale at a legitimate online auction to lure you into making payments to a fake escrow site.
• Fake online sales transactions   A criminal offers to buy something from you and requests that he or she pay you an amount well over the price of the item the criminal is buying. In return, the criminal asks you to send him or her a check for the difference. The payment to you is not sent, but your check is cashed, and the thief keeps the difference. Additionally, the check that you send has your bank account number, bank routing code, address, and phone number, which the criminal can continue to use and get your money.
• Fake charities   This type of phishing scheme poses as a charity and asks for direct monetary donations. Unfortunately, many people want to take advantage of your generous nature.
• Fake Web sites   The Web sites can be made to look similar to legitimate sites. When you inadvertently visit them, the sites can automatically download malicious software, such as a virus (virus: A computer program or macro that "infects" computer files by inserting copies of itself into those files. When the infected file is loaded into memory, the virus can infect other files. Viruses often have harmful side effects.) or spyware. The spyware can then record the keystrokes that you use to log into personal online accounts. That information is sent back to the phisher. You can protect against this particular kind of attack by downloading and installing anti-spyware software, such as Microsoft anti-spyware software.

There are many more phishing schemes that people are using. For an up-to-date report on phishing schemes that authorities have uncovered, visit the Anti-Phishing Working Group Web site.

Typical characteristics of a phishing scheme

Unfortunately, as phishing attacks become more sophisticated, it is very difficult for the average person to tell whether an e-mail message or Web site is fraudulent. That is why phishing schemes are so prevalent and successful for criminals. For example, many phony e-mail messages and Web sites link to real company logos of well-known brands, so they look legitimate. The following are a few things you can do to help protect yourself:

• Requests for personal information in an e-mail message   Most legitimate businesses have a policy that they do not ask you for your personal information through e-mail. Be very suspicious of a message that asks for personal information even if it might look legitimate.
• Urgent wording   Wording in phishing e-mail messages is usually polite and accommodating in tone. It almost always tries to get you to respond to the message or to click the link that is included in the message. To increase the number of responses, people try to create a sense of urgency so that you immediately respond without thinking. Usually, spoofed e-mail messages are not personalized, though valid messages from your bank or e-commerce company generally are personalized. The following is an example from an actual phishing scheme:

Dear valued bank member, it has come to our attention that your account information needs to be updated due to inactive member, frauds, and spoof reports. Failure to update your records will result in account deletion. Please follow the link below to confirm your data.

• Attachments   Many phishing schemes ask you to open attachments, which can then infect your computer with a virus (virus: A computer program or macro that "infects" computer files by inserting copies of itself into those files. When the infected file is loaded into memory, the virus can infect other files. Viruses often have harmful side effects.) or spyware. If spyware is downloaded to your computer, it can record the keystrokes that you use to log into your personal online accounts. Any attachment that you want to view should be saved first, and then scanned with an up-to-date antivirus program before you open it. To help protect your computer, Outlook automatically blocks certain attachment file types that can spread viruses. If Outlook detects a suspicious message, attachments of any file type in the message are blocked. For more information, see How Outlook helps protect you from viruses, spam, and phishing.
• Fake links   People who create phishing messages are so sophisticated in their ability to create misleading links that it is impossible for the average person to tell whether a link is legitimate. It is always best to type the Web address or Uniform Resource Locator (URL) (Uniform Resource Locator (URL): An address that specifies a protocol (such as HTTP or FTP) and a location of an object, document, World Wide Web page, or other destination on the Internet or an intranet, for example: http://www.microsoft.com/.) that you know is correct into your browser. Also, you can save the correct URL to your browser Favorites. Do not copy and paste URLs from messages into your browser. Some of the techniques that criminals have used to forge links are as follows:
• Link masks   Though the link that you are urged to click might contain all or part of a real company's name, the link can be "masked." This means that the link you see does not take you to that address but somewhere different, usually a spoofed Web site. Notice in this example that resting the pointer on the link in an Outlook message reveals another numeric Internet address in the box with the yellow background. This should make you suspicious. Keep in mind that even the link in the box with the yellow background can be spoofed to look like a trustworthy Web address.

Also, be aware of URLs that include the @ sign. In the https://www.woodgrovebank.com@nl.tv/secure_verification.aspx example, the URL would take you to the location that comes after the @ sign, not to Wood Grove Bank. This is because browsers ignore anything in the URL that comes before the @ sign.

The real location, nl.tv/secure_verification.aspx, could easily be an unsafe site.

• Homographs   A homograph is a word with the same spelling as another word but with a different meaning. In computers, a homograph attack is a Web address that looks like a familiar Web address but is actually altered. The purpose of spoofed Web links that are used in phishing schemes is to deceive you into clicking the link. For example, www.microsoft.com could appear instead as:

www.micosoft.com

www.mircosoft.com

In more sophisticated homograph attacks, the Web address looks exactly like that of a legitimate Web site. This occurs when the domain name (domain name: The address of a network location that identifies its owner in this specific format: server.organization.type. For example, www.whitehouse.gov identifies the Web server at the White House, which is part of the U.S. government.) was created by using alphabet characters from different languages, not just English. For example, the following Web address looks legitimate, but what you can't see is that the "i" is a Cyrillic character from the Russian alphabet:

www.microsoft.com

Phishers spoof the domain names of banks and other companies in order to deceive consumers into thinking they are visiting a familiar Web site. Special software is needed to detect these kinds of spoofed domain names in Web addresses. See the next section to learn more about how the 2007 Office release helps protect you from links that attempt to lead you to suspicious Web sites.

 Top of Page

How can Office help protect me from phishing and homograph attacks?

Suspicious links in documents

By default, the 2007 Office release displays security alerts in the following situations:

• You have a document open and you click a link to a Web site with an address that has a potentially spoofed domain name.
• You open a file from a Web site with an address that has a potentially spoofed domain name.

The following alert appears when you click a link to a Web site that uses a potentially spoofed domain name.

You can then choose whether to continue to visit the Web site. In this situation, we recommend that you click No. This functionality helps to protect against homograph attacks. For more information, see Enable or disable warnings about links to and files from suspicious Web sites.

Suspicious links in e-mail messages

By default, Microsoft Office Outlook 2007 does the following to a suspicious message:

• If the Junk E-mail Filter does not consider a message to be spam but does consider it to be phishing, the message is left in the Inbox, but any links in the message are disabled and you cannot use the Reply and Reply All functionality.
• If the Junk E-mail Filter considers the message to be both spam and phishing, the message is automatically sent to the Junk E-mail folder. Any message sent to the Junk E-mail folder is converted to plain text format and all links are disabled. In addition, the Reply and Reply All functionality is disabled. The InfoBar alerts you to this change in functionality.

If you click a link that was disabled in a phishing message, the following Outlook Security dialog box appears.

If you want to continue to be alerted to potential security risks, click OK. If you don't want to keep getting the warning, select the Please do not show me this dialog again check box.

For more information, see Enable or disable links and functionality in phishing messages.

 Top of Page

Best practices to help protect yourself from online fraud

• Never reply to e-mail messages that request your personal information   Be very suspicious of any e-mail message from a business or person who asks for your personal information — or one that sends you personal information and asks you to update or confirm it. Instead, use the phone number from one of your statements to call the business. Do not call a number listed in the e-mail message. Similarly, never volunteer any personal information to someone who places an unsolicited call to you.
• Don't click links in suspicious e-mail   Don't click a link in a suspicious message. The link might not be trustworthy. Instead, visit Web sites by typing their URL into your browser or by using your Favorites link. Do not copy and paste links from messages into your browser.
• Don't send personal information in regular e-mail messages   Regular e-mail messages are not encrypted and are like sending a post card. If you must use e-mail messages for personal transactions, use Outlook to digitally sign and encrypt messages by using S/MIME security. MSN, Microsoft Hotmail, Microsoft Outlook Express, Microsoft Office Outlook Web Access, Lotus Notes, Netscape, and Eudora all support S/MIME security.
• Do business only with companies that you know and trust   Use well-known, established companies with a reputation for quality service. A business Web site should always have a privacy statement that specifically states that the business won't pass your name and information to other people.
• Make sure the Web site uses encryption   The Web address should be preceded by https:// instead of the usual http:// in the browser's Address bar. Also, double-click the lock icon on your browser's status bar to display the digital certificate for the site. The name that follows Issued to in the certificate should match the site that you think you are on. If you suspect that a Web site is not what it should be, leave the site immediately and report it. Don't follow any of the instructions that it presents.
• Help protect your PC   It is important to use a firewall, keep your computer updated, and use antivirus software, especially if you connect to the Internet through a cable modem or a digital subscriber line (DSL) modem. For information on how to do this, visit Protect your PC. For additional information on virus protection, see Best practices for protection from viruses and Best practices to help prevent spam. You should also consider using anti-spyware software. You can download Microsoft anti-spyware or use a third-party product available from the security software downloads and trials site.
• Monitor your transactions   Review your order confirmations and credit card and bank statements as soon as you receive them to make sure that you are being charged only for transactions you made. Immediately report any irregularities in your accounts by dialing the number shown on your account statement. Using just one credit card for online purchases makes it easier to track your transactions.
• Use credit cards for transactions on the Internet   In most locales, your personal liability in case someone compromises your credit card is significantly limited. By contrast, if you use direct debit from your bank account or a debit card, your personal liability frequently is the full balance of your bank account. In addition, a credit card with a small credit limit is preferable for use on the Internet because it limits the amount of money that a thief can steal in case the card is compromised. Better yet, several major credit card issuers are now offering customers the option of shopping online with virtual, single-use credit card numbers that expire within one or two months. If the service is available in your country, your bank can provide you with details about perishable virtual credit card numbers.

If you need more tips on safer online shopping and banking, visit the Online Fraud Web site.

 Top of Page

How do I report online fraud and identity theft?

If you think that you received a fraudulent e-mail message, you can report the problem and attach the suspicious message. Reporting suspicious messages to authorities helps in the effort to combat phishing schemes.

1. In Outlook, select, but don't open, the message that you want to report.
2. On the Actions menu, click Forward As Attachment, or press CTRL+ALT+F.
3. In the To line, type the e-mail address of the company to whom you are reporting the phishing message. Some e-mail addresses that you can use to report suspicious mail are:
• reportphishing@antiphishing.org goes to the Anti-Phishing Working Group, an industry association.
• spam@uce.gov goes to the Federal Trade Commission (FTC).
• abuse@msn.com goes to MSN.
• abuse@microsoft.com goes to Microsoft.
4. Click Send.

 Top of Page

See Also

• Enable or disable security alerts about links to and files from suspicious Web sites

Excel > Security and privacy

Enable or disable ActiveX controls in Office documents

Excel 2007

This article explains the risks involved in enabling ActiveX controls and how the Trust Center in the 2007 Microsoft Office system can help to mitigate these risks. In this article, the term "document" can mean any Office file that can contain ActiveX controls.

In this article

What is an ActiveX control and what is the security risk?

How can the Trust Center help protect me from unsafe ActiveX controls?

What should I do when a security warning asks if I want to enable or disable an ActiveX control?

Change ActiveX security settings for all documents in the Trust Center

What is an ActiveX control and what is the security risk?

An ActiveX control can be as simple as a text box or more complex, such as a special toolbar, an entire dialog box, or a small application. ActiveX controls are used in Web sites and in applications on your computer. ActiveX controls are not stand-alone solutions. ActiveX controls can be run only from within host programs, such as Windows Internet Explorer and Microsoft Office programs. However, ActiveX controls are very powerful, because they are Component Object Model (COM) (Component Object Model (COM): A specification developed by Microsoft for building software components that can be assembled into programs or can add functionality to existing programs running on Microsoft Windows operating systems.) objects and have unrestricted access to your computer. ActiveX controls can access the local file system and change the registry settings of your operating system. If a hacker repurposes an ActiveX control to take over your computer, the damage can be significant.

 Top of Page

How can the Trust Center help protect me from unsafe ActiveX controls?

There are two main parts to achieving a secure environment for running ActiveX controls. The first is that the developer creates a well-designed ActiveX control with security in mind. The second part involves the Trust Center checking for the following two things before the ActiveX control is loaded:

• Whether the "kill-bit" on the control is set in the registry. A "kill bit" is a feature that prevents controls that have a known exploit from being loaded. If the Trust Center detects there is a "kill bit" set, the control is not loaded and cannot be loaded in any circumstances.
• Whether the control is marked as Safe for Initialization (SFI). This is something the developer sets to verify the safety of the control. If the control is not marked as SFI, the control is considered to be Unsafe for Initialization (UFI), and the Trust Center applies more restrictions.

The Trust Center also examines the document that contains the ActiveX control. If the document contains a Visual Basic for Applications (VBA) (Visual Basic for Applications (VBA): A macro-language version of Microsoft Visual Basic that is used to program Microsoft Windows-based applications and is included with several Microsoft programs.) project — for example, a macro-enabled .xlsm file — the Trust Center is more restrictive, because the document contains both macros and ActiveX controls. For more information on the ActiveX control settings, see the Change ActiveX security settings for all documents in the Trust Center section.

If the Trust Center detects a potentially unsafe ActiveX control, the control is disabled by default, and the Message Bar appears to notify you of a potentially unsafe ActiveX control.

If you click Options on the Message Bar, a security dialog box appears that gives you the option to enable the Active X control. See the next section for how to make a secure decision before you click an option.

 Note    In Microsoft Office Outlook 2007 and Microsoft Office Publisher 2007, security alerts appear in dialog boxes, not in the Message Bar.

 Top of Page

What should I do when a security warning asks if I want to enable or disable an ActiveX control?

When a security dialog box appears, you have the option to enable the ActiveX control or leave it disabled. You should enable the ActiveX control only if you are sure it is from a trustworthy source.

 Note    If you do enable the ActiveX control, it is enabled only for that document in that Office program session and according to the current setting for ActiveX controls in the Trust Center. See the next section for more information on all the ActiveX control settings.

Important  If you want to use a document-based solution that uses ActiveX controls you trust, and you do not want to receive security alerts about the content again, instead of changing the default Trust Center settings to a less safe ActiveX security setting, you can put the document in a trusted location. None of the security settings in the Trust Center affect a document in a trusted location. The one exception to this is an ActiveX control with the "kill bit" set. In this state, the ActiveX control does not run.

 Top of Page

Change ActiveX security settings for all documents in the Trust Center

ActiveX control security settings are located in the Trust Center. If you work in an organization, your system administrator might have changed the default settings, and this might prevent you from changing any settings.

 Note    If you change an ActiveX control setting in one Office program, the settings are changed in all the other Office programs listed in these steps.

Which 2007 Microsoft Office system program are you using?

Access

Excel

Outlook

PowerPoint

Word

Access

1. Click the Microsoft Office Button , and then click Access Options.
2. Click Trust Center, click Trust Center Settings, and then click ActiveX Settings.
3. Click the option that you want:
• Disable all controls without notification Click this option if you don't trust the ActiveX controls. All the ActiveX controls in documents are disabled. Only their placeholder red X or a picture of the control is displayed in the document. The Message Bar and any associated notifications and warnings about ActiveX controls are not displayed.

Important  If you want to use a document-based solution that uses ActiveX controls you trust, and you do not want to receive security alerts about the content again, instead of changing the default Trust Center settings to a less safe ActiveX security setting, you can put the document in a trusted location. None of the security settings in the Trust Center affect a document in a trusted location. The one exception to this is an ActiveX control with the "kill bit" set. In this state, the ActiveX control does not run.

• Prompt me before enabling Unsafe for Initialization controls with additional restrictions and Safe for Initialization (SFI) controls with minimal restrictions This option has different behavior depending on whether the document that contains the ActiveX control has a VBA project.
• Documents that contain a VBA project  

All ActiveX controls are disabled   Documents that contain a VBA project can include files in Microsoft Office 97–2003 and any macro-enabled files in the 2007 Office release. For example, a Microsoft Office Word 2007 .docm document is a macro-enabled file. When you open a document, the Message Bar appears, notifying you about the presence of an ActiveX control. If you click Enable Content on the Message Bar, a dialog box appears, giving you the option to enable or disable the ActiveX control. When you click Enable, UFI ActiveX controls are loaded with additional restrictions. SFI ActiveX controls are loaded with minimal restrictions. Additional restrictions means that the ActiveX control is initialized with default values (InitNew). Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew).

• Documents without a VBA project  

SFI ActiveX controls are enabled with minimal restrictions   Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew). The Message Bar won't appear, and you won't get any notifications about the presence of ActiveX controls in your documents. However, if there is at least one UFI ActiveX control in the document, you are notified. The ActiveX controls in the document must all be marked as SFI in order not to generate a notification.

UFI ActiveX controls are disabled   When you open a document, the Message Bar appears, notifying you about the presence of an ActiveX control. If you click Enable Content on the Message Bar, a dialog box appears, giving you the option to enable or disable the ActiveX control. When you click Enable, all ActiveX controls are loaded as follows: SFI controls are loaded with minimal restrictions and UFI controls are loaded with additional restrictions. Additional restrictions means that the ActiveX control is initialized with default values (InitNew). The persisted properties of the control are lost if you save changes to the document. Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions.

• Prompt me before enabling all controls with minimal restrictions This is the default option and determines different behavior, depending on whether the document that contains the ActiveX control has a Visual Basic for Applications (VBA) project.
• Documents that contain a VBA project  

All ActiveX controls are disabled  Documents that contain a VBA project can include files in Microsoft Office 97-2003 and any macro-enabled files in 2007 Office release. For example, a Microsoft Office Word 2007 .docm document is a macro-enabled file that can contain a VBA project. When you open a document, the Message Bar appears, notifying you about the presence of an ActiveX control. If you click Enable Content on the Message Bar, a dialog box appears, giving you the option to enable or disable the ActiveX control. When you click Enable, all ActiveX controls (SFI and UFI) are loaded with minimal restrictions. Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew).

• Documents without a VBA project  

Safe for Initialization (SFI) ActiveX controls are enabled with minimal restrictions  Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew). The Message Bar won't appear, and you won't get any notifications about the presence of ActiveX controls in your documents. However, if there is at least one Unsafe for Initialization (UFI) ActiveX control in the document, you are notified. The ActiveX controls in the document must all be marked as SFI in order not to generate a notification.

UFI ActiveX controls are disabled   When you open a document, the Message Bar appears, notifying you about the presence of an ActiveX control. If you click Enable Content on the Message Bar, a dialog box appears, giving you the option to enable or disable the ActiveX control. When you click Enable, all ActiveX controls are loaded as follows: SFI and UFI controls are loaded with minimal restrictions. The persisted properties of the control are lost if you save changes to the document. Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions.

• Enable all controls without restrictions and without prompting (not recommended, potentially dangerous controls can run) Click this option if you want to enable all ActiveX controls in documents with minimal restrictions. Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew). The Message Bar won't appear, and you won't get any notifications about the presence of ActiveX controls in your documents.

Important  If you want to use a document-based solution that uses ActiveX controls you trust, and you do not want to receive security alerts about the content again, instead of changing the default Trust Center settings to a less safe ActiveX security setting, you can put the document in a trusted location. None of the security settings in the Trust Center affect a document in a trusted location. The one exception to this is an ActiveX control with the "kill bit" set. In this state, the ActiveX control does not run.

• Safe mode (Helps limit the control's access to your computer)   Select this check box to enable only SFI ActiveX controls in safe mode. Safe mode means the developer has marked the control as safe. For example, a worksheet control can both read and write files when it is in unsafe mode, but perhaps only read from files when it is in safe mode. This would allow the control to be used in very powerful ways when safety wasn't important, but the control would still be safe for use in a Web page. Safe mode applies only to SFI ActiveX controls. UFI ActiveX controls are always loaded in unsafe mode.

 Top of Page

Excel

1. Click the Microsoft Office Button , and then click Excel Options.
2. Click Trust Center, click Trust Center Settings, and then click ActiveX Settings.
3. Click the option that you want:
• Disable all controls without notification Click this option if you don't trust the ActiveX controls. All the ActiveX controls in documents are disabled. Only their placeholder red X or a picture of the control is displayed in the document. The Message Bar and any associated notifications and warnings about ActiveX controls are not displayed.

Important  If you want to use a document-based solution that uses ActiveX controls you trust, and you do not want to receive security alerts about the content again, instead of changing the default Trust Center settings to a less safe ActiveX security setting, you can put the document in a trusted location. None of the security settings in the Trust Center affect a document in a trusted location. The one exception to this is an ActiveX control with the "kill bit" set. In this state, the ActiveX control does not run.

• Prompt me before enabling Unsafe for Initialization controls with additional restrictions and Safe for Initialization (SFI) controls with minimal restrictions This option has different behavior depending on whether the document that contains the ActiveX control has a VBA project.
• Documents that contain a VBA project  

All ActiveX controls are disabled   Documents that contain a VBA project can include files in Microsoft Office 97–2003 and any macro-enabled files in the 2007 Office release. For example, a Microsoft Office Word 2007 .docm document is a macro-enabled file. When you open a document, the Message Bar appears, notifying you about the presence of an ActiveX control. If you click Enable Content on the Message Bar, a dialog box appears, giving you the option to enable or disable the ActiveX control. When you click Enable, UFI ActiveX controls are loaded with additional restrictions. SFI ActiveX controls are loaded with minimal restrictions. Additional restrictions means that the ActiveX control is initialized with default values (InitNew). Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew).

• Documents without a VBA project  

SFI ActiveX controls are enabled with minimal restrictions   Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew). The Message Bar won't appear, and you won't get any notifications about the presence of ActiveX controls in your documents. However, if there is at least one UFI ActiveX control in the document, you are notified. The ActiveX controls in the document must all be marked as SFI in order not to generate a notification.

UFI ActiveX controls are disabled   When you open a document, the Message Bar appears, notifying you about the presence of an ActiveX control. If you click Enable Content on the Message Bar, a dialog box appears, giving you the option to enable or disable the ActiveX control. When you click Enable, all ActiveX controls are loaded as follows: SFI controls are loaded with minimal restrictions and UFI controls are loaded with additional restrictions. Additional restrictions means that the ActiveX control is initialized with default values (InitNew). The persisted properties of the control are lost if you save changes to the document. Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions.

• Prompt me before enabling all controls with minimal restrictions This is the default option and determines different behavior, depending on whether the document that contains the ActiveX control has a Visual Basic for Applications (VBA) project.
• Documents that contain a VBA project  

All ActiveX controls are disabled  Documents that contain a VBA project can include files in Microsoft Office 97-2003 and any macro-enabled files in 2007 Office release. For example, a Microsoft Office Word 2007 .docm document is a macro-enabled file that can contain a VBA project. When you open a document, the Message Bar appears, notifying you about the presence of an ActiveX control. If you click Enable Content on the Message Bar, a dialog box appears, giving you the option to enable or disable the ActiveX control. When you click Enable, all ActiveX controls (SFI and UFI) are loaded with minimal restrictions. Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew).

• Documents without a VBA project  

Safe for Initialization (SFI) ActiveX controls are enabled with minimal restrictions  Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew). The Message Bar won't appear, and you won't get any notifications about the presence of ActiveX controls in your documents. However, if there is at least one Unsafe for Initialization (UFI) ActiveX control in the document, you are notified. The ActiveX controls in the document must all be marked as SFI in order not to generate a notification.

UFI ActiveX controls are disabled   When you open a document, the Message Bar appears, notifying you about the presence of an ActiveX control. If you click Enable Content on the Message Bar, a dialog box appears, giving you the option to enable or disable the ActiveX control. When you click Enable, all ActiveX controls are loaded as follows: SFI and UFI controls are loaded with minimal restrictions. The persisted properties of the control are lost if you save changes to the document. Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions.

• Enable all controls without restrictions and without prompting (not recommended, potentially dangerous controls can run) Click this option if you want to enable all ActiveX controls in documents with minimal restrictions. Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew). The Message Bar won't appear, and you won't get any notifications about the presence of ActiveX controls in your documents.

Important  If you want to use a document-based solution that uses ActiveX controls you trust, and you do not want to receive security alerts about the content again, instead of changing the default Trust Center settings to a less safe ActiveX security setting, you can put the document in a trusted location. None of the security settings in the Trust Center affect a document in a trusted location. The one exception to this is an ActiveX control with the "kill bit" set. In this state, the ActiveX control does not run.

• Safe mode (Helps limit the control's access to your computer)   Select this check box to enable only SFI ActiveX controls in safe mode. Safe mode means the developer has marked the control as safe. For example, a worksheet control can both read and write files when it is in unsafe mode, but perhaps only read from files when it is in safe mode. This would allow the control to be used in very powerful ways when safety wasn't important, but the control would still be safe for use in a Web page. Safe mode applies only to SFI ActiveX controls. UFI ActiveX controls are always loaded in unsafe mode.

 Top of Page

Outlook

1. On the Tools menu, click Trust Center.
2. Click ActiveX Settings.
3. Click the option that you want:
• Disable all controls without notification Click this option if you don't trust the ActiveX controls. All the ActiveX controls in documents are disabled. Only their placeholder red X or a picture of the control is displayed in the document. The Message Bar and any associated notifications and warnings about ActiveX controls are not displayed.

Important  If you want to use a document-based solution that uses ActiveX controls you trust, and you do not want to receive security alerts about the content again, instead of changing the default Trust Center settings to a less safe ActiveX security setting, you can put the document in a trusted location. None of the security settings in the Trust Center affect a document in a trusted location. The one exception to this is an ActiveX control with the "kill bit" set. In this state, the ActiveX control does not run.

• Prompt me before enabling Unsafe for Initialization controls with additional restrictions and Safe for Initialization (SFI) controls with minimal restrictions This option has different behavior depending on whether the document that contains the ActiveX control has a VBA project.
• Documents that contain a VBA project  

All ActiveX controls are disabled   Documents that contain a VBA project can include files in Microsoft Office 97–2003 and any macro-enabled files in the 2007 Office release. For example, a Microsoft Office Word 2007 .docm document is a macro-enabled file. When you open a document, the Message Bar appears, notifying you about the presence of an ActiveX control. If you click Enable Content on the Message Bar, a dialog box appears, giving you the option to enable or disable the ActiveX control. When you click Enable, UFI ActiveX controls are loaded with additional restrictions. SFI ActiveX controls are loaded with minimal restrictions. Additional restrictions means that the ActiveX control is initialized with default values (InitNew). Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew).

• Documents without a VBA project  

SFI ActiveX controls are enabled with minimal restrictions   Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew). The Message Bar won't appear, and you won't get any notifications about the presence of ActiveX controls in your documents. However, if there is at least one UFI ActiveX control in the document, you are notified. The ActiveX controls in the document must all be marked as SFI in order not to generate a notification.

UFI ActiveX controls are disabled   When you open a document, the Message Bar appears, notifying you about the presence of an ActiveX control. If you click Enable Content on the Message Bar, a dialog box appears, giving you the option to enable or disable the ActiveX control. When you click Enable, all ActiveX controls are loaded as follows: SFI controls are loaded with minimal restrictions and UFI controls are loaded with additional restrictions. Additional restrictions means that the ActiveX control is initialized with default values (InitNew). The persisted properties of the control are lost if you save changes to the document. Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions.

• Prompt me before enabling all controls with minimal restrictions This is the default option and determines different behavior, depending on whether the document that contains the ActiveX control has a Visual Basic for Applications (VBA) project.
• Documents that contain a VBA project  

All ActiveX controls are disabled  Documents that contain a VBA project can include files in Microsoft Office 97-2003 and any macro-enabled files in 2007 Office release. For example, a Microsoft Office Word 2007 .docm document is a macro-enabled file that can contain a VBA project. When you open a document, the Message Bar appears, notifying you about the presence of an ActiveX control. If you click Enable Content on the Message Bar, a dialog box appears, giving you the option to enable or disable the ActiveX control. When you click Enable, all ActiveX controls (SFI and UFI) are loaded with minimal restrictions. Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew).

• Documents without a VBA project  

Safe for Initialization (SFI) ActiveX controls are enabled with minimal restrictions  Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew). The Message Bar won't appear, and you won't get any notifications about the presence of ActiveX controls in your documents. However, if there is at least one Unsafe for Initialization (UFI) ActiveX control in the document, you are notified. The ActiveX controls in the document must all be marked as SFI in order not to generate a notification.

UFI ActiveX controls are disabled   When you open a document, the Message Bar appears, notifying you about the presence of an ActiveX control. If you click Enable Content on the Message Bar, a dialog box appears, giving you the option to enable or disable the ActiveX control. When you click Enable, all ActiveX controls are loaded as follows: SFI and UFI controls are loaded with minimal restrictions. The persisted properties of the control are lost if you save changes to the document. Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions.

• Enable all controls without restrictions and without prompting (not recommended, potentially dangerous controls can run) Click this option if you want to enable all ActiveX controls in documents with minimal restrictions. Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew). The Message Bar won't appear, and you won't get any notifications about the presence of ActiveX controls in your documents.

Important  If you want to use a document-based solution that uses ActiveX controls you trust, and you do not want to receive security alerts about the content again, instead of changing the default Trust Center settings to a less safe ActiveX security setting, you can put the document in a trusted location. None of the security settings in the Trust Center affect a document in a trusted location. The one exception to this is an ActiveX control with the "kill bit" set. In this state, the ActiveX control does not run.

• Safe mode (Helps limit the control's access to your computer)   Select this check box to enable only SFI ActiveX controls in safe mode. Safe mode means the developer has marked the control as safe. For example, a worksheet control can both read and write files when it is in unsafe mode, but perhaps only read from files when it is in safe mode. This would allow the control to be used in very powerful ways when safety wasn't important, but the control would still be safe for use in a Web page. Safe mode applies only to SFI ActiveX controls. UFI ActiveX controls are always loaded in unsafe mode.

 Top of Page

PowerPoint

1. Click the Microsoft Office Button , and then click PowerPoint Options.
2. Click Trust Center, click Trust Center Settings, and then click ActiveX Settings.
3. Click the option that you want:
• Disable all controls without notification Click this option if you don't trust the ActiveX controls. All the ActiveX controls in documents are disabled. Only their placeholder red X or a picture of the control is displayed in the document. The Message Bar and any associated notifications and warnings about ActiveX controls are not displayed.

Important  If you want to use a document-based solution that uses ActiveX controls you trust, and you do not want to receive security alerts about the content again, instead of changing the default Trust Center settings to a less safe ActiveX security setting, you can put the document in a trusted location. None of the security settings in the Trust Center affect a document in a trusted location. The one exception to this is an ActiveX control with the "kill bit" set. In this state, the ActiveX control does not run.

• Prompt me before enabling Unsafe for Initialization controls with additional restrictions and Safe for Initialization (SFI) controls with minimal restrictions This option has different behavior depending on whether the document that contains the ActiveX control has a VBA project.
• Documents that contain a VBA project  

All ActiveX controls are disabled   Documents that contain a VBA project can include files in Microsoft Office 97–2003 and any macro-enabled files in the 2007 Office release. For example, a Microsoft Office Word 2007 .docm document is a macro-enabled file. When you open a document, the Message Bar appears, notifying you about the presence of an ActiveX control. If you click Enable Content on the Message Bar, a dialog box appears, giving you the option to enable or disable the ActiveX control. When you click Enable, UFI ActiveX controls are loaded with additional restrictions. SFI ActiveX controls are loaded with minimal restrictions. Additional restrictions means that the ActiveX control is initialized with default values (InitNew). Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew).

• Documents without a VBA project  

SFI ActiveX controls are enabled with minimal restrictions   Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew). The Message Bar won't appear, and you won't get any notifications about the presence of ActiveX controls in your documents. However, if there is at least one UFI ActiveX control in the document, you are notified. The ActiveX controls in the document must all be marked as SFI in order not to generate a notification.

UFI ActiveX controls are disabled   When you open a document, the Message Bar appears, notifying you about the presence of an ActiveX control. If you click Enable Content on the Message Bar, a dialog box appears, giving you the option to enable or disable the ActiveX control. When you click Enable, all ActiveX controls are loaded as follows: SFI controls are loaded with minimal restrictions and UFI controls are loaded with additional restrictions. Additional restrictions means that the ActiveX control is initialized with default values (InitNew). The persisted properties of the control are lost if you save changes to the document. Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions.

• Prompt me before enabling all controls with minimal restrictions This is the default option and determines different behavior, depending on whether the document that contains the ActiveX control has a Visual Basic for Applications (VBA) project.
• Documents that contain a VBA project  

All ActiveX controls are disabled  Documents that contain a VBA project can include files in Microsoft Office 97-2003 and any macro-enabled files in 2007 Office release. For example, a Microsoft Office Word 2007 .docm document is a macro-enabled file that can contain a VBA project. When you open a document, the Message Bar appears, notifying you about the presence of an ActiveX control. If you click Enable Content on the Message Bar, a dialog box appears, giving you the option to enable or disable the ActiveX control. When you click Enable, all ActiveX controls (SFI and UFI) are loaded with minimal restrictions. Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew).

• Documents without a VBA project  

Safe for Initialization (SFI) ActiveX controls are enabled with minimal restrictions  Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew). The Message Bar won't appear, and you won't get any notifications about the presence of ActiveX controls in your documents. However, if there is at least one Unsafe for Initialization (UFI) ActiveX control in the document, you are notified. The ActiveX controls in the document must all be marked as SFI in order not to generate a notification.

UFI ActiveX controls are disabled   When you open a document, the Message Bar appears, notifying you about the presence of an ActiveX control. If you click Enable Content on the Message Bar, a dialog box appears, giving you the option to enable or disable the ActiveX control. When you click Enable, all ActiveX controls are loaded as follows: SFI and UFI controls are loaded with minimal restrictions. The persisted properties of the control are lost if you save changes to the document. Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions.

• Enable all controls without restrictions and without prompting (not recommended, potentially dangerous controls can run) Click this option if you want to enable all ActiveX controls in documents with minimal restrictions. Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew). The Message Bar won't appear, and you won't get any notifications about the presence of ActiveX controls in your documents.

Important  If you want to use a document-based solution that uses ActiveX controls you trust, and you do not want to receive security alerts about the content again, instead of changing the default Trust Center settings to a less safe ActiveX security setting, you can put the document in a trusted location. None of the security settings in the Trust Center affect a document in a trusted location. The one exception to this is an ActiveX control with the "kill bit" set. In this state, the ActiveX control does not run.

• Safe mode (Helps limit the control's access to your computer)   Select this check box to enable only SFI ActiveX controls in safe mode. Safe mode means the developer has marked the control as safe. For example, a worksheet control can both read and write files when it is in unsafe mode, but perhaps only read from files when it is in safe mode. This would allow the control to be used in very powerful ways when safety wasn't important, but the control would still be safe for use in a Web page. Safe mode applies only to SFI ActiveX controls. UFI ActiveX controls are always loaded in unsafe mode.

 Top of Page

Word

1. Click the Microsoft Office Button , and then click Word Options.
2. Click Trust Center, click Trust Center Settings, and then click ActiveX Settings.
3. Click the option that you want:
• Disable all controls without notification Click this option if you don't trust the ActiveX controls. All the ActiveX controls in documents are disabled. Only their placeholder red X or a picture of the control is displayed in the document. The Message Bar and any associated notifications and warnings about ActiveX controls are not displayed.

Important  If you want to use a document-based solution that uses ActiveX controls you trust, and you do not want to receive security alerts about the content again, instead of changing the default Trust Center settings to a less safe ActiveX security setting, you can put the document in a trusted location. None of the security settings in the Trust Center affect a document in a trusted location. The one exception to this is an ActiveX control with the "kill bit" set. In this state, the ActiveX control does not run.

• Prompt me before enabling Unsafe for Initialization controls with additional restrictions and Safe for Initialization (SFI) controls with minimal restrictions This option has different behavior depending on whether the document that contains the ActiveX control has a VBA project.
• Documents that contain a VBA project  

All ActiveX controls are disabled   Documents that contain a VBA project can include files in Microsoft Office 97–2003 and any macro-enabled files in the 2007 Office release. For example, a Microsoft Office Word 2007 .docm document is a macro-enabled file. When you open a document, the Message Bar appears, notifying you about the presence of an ActiveX control. If you click Enable Content on the Message Bar, a dialog box appears, giving you the option to enable or disable the ActiveX control. When you click Enable, UFI ActiveX controls are loaded with additional restrictions. SFI ActiveX controls are loaded with minimal restrictions. Additional restrictions means that the ActiveX control is initialized with default values (InitNew). Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew).

• Documents without a VBA project  

SFI ActiveX controls are enabled with minimal restrictions   Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew). The Message Bar won't appear, and you won't get any notifications about the presence of ActiveX controls in your documents. However, if there is at least one UFI ActiveX control in the document, you are notified. The ActiveX controls in the document must all be marked as SFI in order not to generate a notification.

UFI ActiveX controls are disabled   When you open a document, the Message Bar appears, notifying you about the presence of an ActiveX control. If you click Enable Content on the Message Bar, a dialog box appears, giving you the option to enable or disable the ActiveX control. When you click Enable, all ActiveX controls are loaded as follows: SFI controls are loaded with minimal restrictions and UFI controls are loaded with additional restrictions. Additional restrictions means that the ActiveX control is initialized with default values (InitNew). The persisted properties of the control are lost if you save changes to the document. Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions.

• Prompt me before enabling all controls with minimal restrictions This is the default option and determines different behavior, depending on whether the document that contains the ActiveX control has a Visual Basic for Applications (VBA) project.
• Documents that contain a VBA project  

All ActiveX controls are disabled  Documents that contain a VBA project can include files in Microsoft Office 97-2003 and any macro-enabled files in 2007 Office release. For example, a Microsoft Office Word 2007 .docm document is a macro-enabled file that can contain a VBA project. When you open a document, the Message Bar appears, notifying you about the presence of an ActiveX control. If you click Enable Content on the Message Bar, a dialog box appears, giving you the option to enable or disable the ActiveX control. When you click Enable, all ActiveX controls (SFI and UFI) are loaded with minimal restrictions. Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew).

• Documents without a VBA project  

Safe for Initialization (SFI) ActiveX controls are enabled with minimal restrictions  Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew). The Message Bar won't appear, and you won't get any notifications about the presence of ActiveX controls in your documents. However, if there is at least one Unsafe for Initialization (UFI) ActiveX control in the document, you are notified. The ActiveX controls in the document must all be marked as SFI in order not to generate a notification.

UFI ActiveX controls are disabled   When you open a document, the Message Bar appears, notifying you about the presence of an ActiveX control. If you click Enable Content on the Message Bar, a dialog box appears, giving you the option to enable or disable the ActiveX control. When you click Enable, all ActiveX controls are loaded as follows: SFI and UFI controls are loaded with minimal restrictions. The persisted properties of the control are lost if you save changes to the document. Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions.

• Enable all controls without restrictions and without prompting (not recommended, potentially dangerous controls can run) Click this option if you want to enable all ActiveX controls in documents with minimal restrictions. Minimal restrictions means that if any persisted values exist, the ActiveX control is initialized with minimal restrictions. If persisted values don't exist, the control is initialized with default values (InitNew). The Message Bar won't appear, and you won't get any notifications about the presence of ActiveX controls in your documents.

Important  If you want to use a document-based solution that uses ActiveX controls you trust, and you do not want to receive security alerts about the content again, instead of changing the default Trust Center settings to a less safe ActiveX security setting, you can put the document in a trusted location. None of the security settings in the Trust Center affect a document in a trusted location. The one exception to this is an ActiveX control with the "kill bit" set. In this state, the ActiveX control does not run.

• Safe mode (Helps limit the control's access to your computer)   Select this check box to enable only SFI ActiveX controls in safe mode. Safe mode means the developer has marked the control as safe. For example, a worksheet control can both read and write files when it is in unsafe mode, but perhaps only read from files when it is in safe mode. This would allow the control to be used in very powerful ways when safety wasn't important, but the control would still be safe for use in a Web page. Safe mode applies only to SFI ActiveX controls. UFI ActiveX controls are always loaded in unsafe mode.

 Top of Page

Excel > Security and privacy

Set a password to open or modify a document, workbook, or presentation

Tags  create password; forgot password; lock; password; password protect; permissions; protect; security

What are tags?

In the 2007 Microsoft Office system, you can use passwords to help prevent other people from opening or modifying Microsoft Office Word 2007 documents, Microsoft Office Excel 2007 workbooks, and Microsoft Office PowerPoint 2007 presentations.

Important  

Use strong passwords that combine uppercase and lowercase letters, numbers, and symbols. Weak passwords don't mix these elements. Strong password: Y6dh!et5. Weak password: House27. Passwords should be 8 or more characters in length. A pass phrase that uses 14 or more characters is better. For more information, see Help protect your personal information with strong passwords.

It is critical that you remember your password. If you forget your password, Microsoft cannot retrieve it. Store the passwords that you write down in a secure place away from the information that they help protect.

What do you want to do?

Encrypt and set a password to open a document

Set a password to modify a document

Encrypt and set a password to open a workbook

Set a password to modify a workbook

Encrypt and set a password to open a presentation

Set a password to modify a presentation

Change a password

Remove a password

Encrypt and set a password to open a document

To encrypt your file and set a password to open it, do the following:

1. Click the Microsoft Office Button , point to Prepare, and then click Encrypt Document.

2. In the Encrypt Document dialog box, in the Password box, type a password, and then click OK.

You can type up to 255 characters. By default, this feature uses AES 128-bit advanced encryption. Encryption is a standard method used to help make your file more secure.

3. In the Confirm Password dialog box, in the Reenter password box, type the password again, and then click OK.
4. To save the password, save the file.

 Top of Page

Set a password to modify a document

To allow only authorized reviewers to modify your content, do the following:

1. Click the Microsoft Office Button , and then click Save As.
2. Click Tools, and then click General Options.

3. Do one or both of the following:
• If you want reviewers to enter a password before they can view the document, type a password in the Password to open box. By default, this feature uses advanced encryption, but unlike using the Encrypt Document command described in

Encrypt and set a password to open a document

, it does not allow you to type up to 255 characters, only up to 15 characters.

• If you want reviewers to enter a password before they can save changes to the document, type a password in the Password to modify box. This feature does not use any encryption method. It is designed so you can collaborate with content reviewers you trust. It is not designed to help make your file more secure.

 Note    Both passwords   You can assign both passwords — one to access the file and one to provide specific reviewers with permission to modify its content. Make sure each password is different from the other.

4. If you don't want content reviewers to accidentally modify the file, select the Read-only recommended check box. When the reviewers open the file, they are asked if they want to open the file as read-only.
5. Click OK.
6. When prompted, retype your passwords to confirm them, and then click OK.
7. In the Save As dialog box, click Save.
8. If prompted, click Yes to replace the existing document.

 Top of Page

Encrypt and set a password to open a workbook

To encrypt your file and set a password to open it, do the following:

1. Click the Microsoft Office Button , point to Prepare, and then click Encrypt Document.

2. In the Password box, type a password, and then click OK.

You can type up to 255 characters. By default, this feature uses AES 128-bit advanced encryption. Encryption is a standard method used to help make your file more secure.

3. In the Reenter password box, type the password again, and then click OK.
4. To save the password, save the file.

 Top of Page

Set a password to modify a workbook

To allow only authorized reviewers to modify your content, do the following:

1. Click the Microsoft Office Button , and then click Save As.
2. Click Tools, and then click General Options.

3. Do one or both of the following:
• If you want reviewers to enter a password before they can view the workbook, type a password in the Password to open box. By default, this feature uses advanced encryption and is the equivalent of using the Encrypt Document command described in

Encrypt and set a password to open a workbook

.

• If you want reviewers to enter a password before they can save changes to the workbook, type a password in the Password to modify box. This feature does not use any encryption method. It is designed so you can collaborate with content reviewers you trust. It is not designed to help make your file more secure.

 Note    Both passwords   You can assign both passwords — one to access the file and one to provide specific reviewers with permission to modify its content. Make sure each password is different from the other.

4. If you don't want content reviewers to accidentally modify the file, select the Read-only recommended check box. When the reviewers open the file, they are asked if they want to open the file as read-only.
5. Click OK.
6. When prompted, retype your passwords to confirm them, and then click OK.
7. In the Save As dialog box, click Save.
8. If prompted, click Yes to replace the existing workbook.

 Note    Helping to secure an entire workbook with a password is separate from the workbook and worksheet protection that you can set on the Review tab in the Changes group. For more information about workbook and worksheet protection, see Protect worksheet or workbook elements.

 Top of Page

Encrypt and set a password to open a presentation

To encrypt your file and set a password to open it, do the following:

1. Click the Microsoft Office Button , point to Prepare, and then click Encrypt Document.

2. In the Password box, type a password, and then click OK.

You can type up to 255 characters. By default, this feature uses AES 128-bit advanced encryption. Encryption is a standard method used to help make your file more secure.

3. In the Reenter password box, type the password again, and then click OK.
4. To save the password, save the file.

 Top of Page

Set a password to modify a presentation

To allow only authorized reviewers to modify your content, do the following:

1. Click the Microsoft Office Button , and then click Save As.
2. Click Tools, and then click General Options.

3. Do one or both of the following:
• If you want reviewers to enter a password before they can view the presentation, type a password in the Password to open box. By default, this feature uses advanced encryption and is the equivalent of using the Encrypt Document command described in

Encrypt and set a password to open a presentation

.

• If you want reviewers to enter a password before they can save changes to the presentation, type a password in the Password to modify box. By default, this feature uses advanced encryption. Encryption is a standard method used to help make your file more secure.

 Note    Both passwords   You can assign both passwords — one to access the file and one to provide specific reviewers with permission to modify its content. Make sure each password is different from the other.

4. Click OK.
5. When prompted, retype your passwords to confirm them, and then click OK.
6. In the Save As dialog box, click Save.
7. If prompted, click Yes to replace the existing presentation.

 Top of Page

Change a password

1. Do one or both of the following:
• Open the file using your open password so that the file is opened as read/write.
• Open the file using your modify password so that the file is opened as read/write.
2. Click the Microsoft Office Button , and then click Save As.
3. Click Tools, and then click General Options.

4. Select the existing password, and then type a new password.
5. Click OK.
6. When prompted, retype your password to confirm it, and then click OK.
7. Click Save.
8. If prompted, click Yes to replace the existing file.

 Top of Page

Remove a password

1. Do one or both of the following:
• Open the file using your open password so that the file is opened as read/write.
• Open the file using your modify password so that the file is opened as read/write.
2. Click the Microsoft Office Button , and then click Save As.
3. Click Tools, and then click General Options.

4. Select the password, and then press DELETE.
5. Click OK.
6. Click Save.
7. If prompted, click Yes to replace the existing file.

 Top of Page

Excel > Security and privacy

Enable or disable add-ins in Office programs

Excel 2007

Tags  .pdf add-in; add; add-in; enhancements; errors; extensions; macro; security

What are tags?

Generally speaking, an add-in is supplemental functionality that adds custom commands and specialized features to the 2007 Microsoft Office system programs. Examples of add-ins are: COM add-ins (COM add-in: A supplemental program that extends the capabilities of a Microsoft Office program by adding custom commands and specialized features. COM add-ins can run in one or more Office programs. COM add-ins use the file name extension .dll or .exe.), automation add-ins, application add-ins (.wll, .xll, .xlam), XML expansion packs, XML style sheets, smart tags, and so forth. This article describes how to view and manage the add-ins for your Office programs.

In this article

View the installed add-ins

Manage the installed add-ins

What do I do if I get a message that the HKEY_LOCAL_MACHINE cannot be changed?

Identifying custom buttons and controls added to the Ribbon from add-ins

How can the Trust Center help to protect me from unsafe add-ins?

What should I do when a security warning asks if I want to enable or disable an add-in or application extension?

View or change the add-in security settings

View the installed add-ins

When you install the 2007 Microsoft Office system, several add-ins are installed and registered automatically on your computer.

Which 2007 Microsoft Office system program are you using?

Access

Excel

InfoPath

Outlook

PowerPoint

Publisher

Visio

Word

Access

1. Click the Microsoft Office Button , click Access Options, and then click Add-Ins.
2. View the add-ins and application extensions that are categorized as follows:
• Active Application Add-ins   Lists the extensions that are registered and currently running in your Office program.
• Inactive Application Add-ins   Lists the add-ins that are present on your computer but are not currently loaded. For example, smart tags or XML Schemas are active only when the document that references them is open. Another example is the COM add-ins that are listed in the COM Add-ins dialog box. If the check box for a COM add-in is selected, the add-in is active. If the check box for a COM add-in is cleared, the add-in is inactive. To learn how to open the COM Add-in dialog box, see the section called Manage the installed add-ins.
• Document Related Add-ins   Lists template files that are referenced by currently open documents.
• Disabled Application Add-ins   Lists add-ins that were automatically disabled because they are causing Office programs to crash.

 Top of Page

Excel

1. Click the Microsoft Office Button , click Excel Options, and then click Add-Ins.
2. View the add-ins and application extensions that are categorized as follows:
• Active Application Add-ins   Lists the extensions that are registered and currently running in your Office program.
• Inactive Application Add-ins   Lists the add-ins that are present on your computer but are not currently loaded. For example, smart tags or XML Schemas are active only when the document that references them is open. Another example is the COM add-ins that are listed in the COM Add-ins dialog box. If the check box for a COM add-in is selected, the add-in is active. If the check box for a COM add-in is cleared, the add-in is inactive. To learn how to open the COM Add-in dialog box, see the section called Manage the installed add-ins.
• Document Related Add-ins   Lists template files that are referenced by currently open documents.
• Disabled Application Add-ins   Lists add-ins that were automatically disabled because they are causing Office programs to crash.

 Top of Page

InfoPath

1. On the Tools menu, click Trust Center, and then click Add-ins.
2. View the add-ins and application extensions that are categorized as follows:
• Active Application Add-ins   Lists the extensions that are registered and currently running in your Office program.
• Inactive Application Add-ins   Lists the add-ins that are present on your computer but are not currently loaded. For example, smart tags or XML Schemas are active only when the document that references them is open. Another example is the COM add-ins that are listed in the COM Add-ins dialog box. If the check box for a COM add-in is selected, the add-in is active. If the check box for a COM add-in is cleared, the add-in is inactive. To learn how to open the COM Add-in dialog box, see the section called Manage the installed add-ins.
• Document Related Add-ins   Lists template files that are referenced by currently open documents.
• Disabled Application Add-ins   Lists add-ins that were automatically disabled because they are causing Office programs to crash.

 Top of Page

Outlook

1. On the Tools menu, click Trust Center, and then click Add-ins.
2. View the add-ins and application extensions that are categorized as follows:
• Active Application Add-ins   Lists the extensions that are registered and currently running in your Office program.
• Inactive Application Add-ins   Lists the add-ins that are present on your computer but are not currently loaded. For example, smart tags or XML Schemas are active only when the document that references them is open. Another example is the COM add-ins that are listed in the COM Add-ins dialog box. If the check box for a COM add-in is selected, the add-in is active. If the check box for a COM add-in is cleared, the add-in is inactive. To learn how to open the COM Add-in dialog box, see the section called Manage the installed add-ins.
• Document Related Add-ins   Lists template files that are referenced by currently open documents.
• Disabled Application Add-ins   Lists add-ins that were automatically disabled because they are causing Office programs to crash.

 Top of Page

PowerPoint

1. Click the Microsoft Office Button , click PowerPoint Options, and then click Add-Ins.
2. View the add-ins and application extensions that are categorized as follows:
• Active Application Add-ins   Lists the extensions that are registered and currently running in your Office program.
• Inactive Application Add-ins   Lists the add-ins that are present on your computer but are not currently loaded. For example, smart tags or XML Schemas are active only when the document that references them is open. Another example is the COM add-ins that are listed in the COM Add-ins dialog box. If the check box for a COM add-in is selected, the add-in is active. If the check box for a COM add-in is cleared, the add-in is inactive. To learn how to open the COM Add-in dialog box, see the section called Manage the installed add-ins.
• Document Related Add-ins   Lists template files that are referenced by currently open documents.
• Disabled Application Add-ins   Lists add-ins that were automatically disabled because they are causing Office programs to crash.

 Top of Page

Publisher

1. On the Tools menu, click Trust Center, and then click Add-ins.
2. View the add-ins and application extensions that are categorized as follows:
• Active Application Add-ins   Lists the extensions that are registered and currently running in your Office program.
• Inactive Application Add-ins   Lists the add-ins that are present on your computer but are not currently loaded. For example, smart tags or XML Schemas are active only when the document that references them is open. Another example is the COM add-ins that are listed in the COM Add-ins dialog box. If the check box for a COM add-in is selected, the add-in is active. If the check box for a COM add-in is cleared, the add-in is inactive. To learn how to open the COM Add-in dialog box, see the section called Manage the installed add-ins.
• Document Related Add-ins   Lists template files that are referenced by currently open documents.
• Disabled Application Add-ins   Lists add-ins that were automatically disabled because they are causing Office programs to crash.

 Top of Page

Visio

1. On the Tools menu, click Trust Center, and then click Add-ins.
2. View the add-ins and application extensions that are categorized as follows:
• Active Application Add-ins   Lists the extensions that are registered and currently running in your Office program.
• Inactive Application Add-ins   Lists the add-ins that are present on your computer but are not currently loaded. For example, smart tags or XML Schemas are active only when the document that references them is open. Another example is the COM add-ins that are listed in the COM Add-ins dialog box. If the check box for a COM add-in is selected, the add-in is active. If the check box for a COM add-in is cleared, the add-in is inactive. To learn how to open the COM Add-in dialog box, see the section called Manage the installed add-ins.
• Document Related Add-ins   Lists template files that are referenced by currently open documents.
• Disabled Application Add-ins   Lists add-ins that were automatically disabled because they are causing Office programs to crash.

 Top of Page

Word

1. Click the Microsoft Office Button , click Word Options, and then click Add-Ins.
2. View the add-ins and application extensions that are categorized as follows:
• Active Application Add-ins   Lists the extensions that are registered and currently running in your Office program.
• Inactive Application Add-ins   Lists the add-ins that are present on your computer but are not currently loaded. For example, smart tags or XML Schemas are active only when the document that references them is open. Another example is the COM add-ins that are listed in the COM Add-ins dialog box. If the check box for a COM add-in is selected, the add-in is active. If the check box for a COM add-in is cleared, the add-in is inactive. To learn how to open the COM Add-in dialog box, see the section called Manage the installed add-ins.
• Document Related Add-ins   Lists template files that are referenced by currently open documents.
• Disabled Application Add-ins   Lists add-ins that were automatically disabled because they are causing Office programs to crash.

 Top of Page

Manage the installed add-ins

Managing add-ins can involve enabling or disabling an add-in, adding or removing an add-in, and making an add-in active or inactive.

For information about how to enable add-ins that were disabled by the Trust Center security system, see the next two sections.

Which 2007 Microsoft Office system program are you using?

Access

Excel

InfoPath

Outlook

PowerPoint

Publisher

Visio

Word

Access

1. Click the Microsoft Office Button , click Access Options, and then click Add-Ins.
2. In the Add-ins box, identify the add-in that you want to enable or disable and note the Add-in type located in the Type column.
3. Select the Add-in type in the Manage box and then click Go.
4. Select or clear the check box for the Add-in that you want enable or disable and then click OK.

 Note    Add-ins of type Document Inspector are enabled using a different method. These add-ins are automatically enabled when you inspect the document for hidden metadata or personal information. To inspect your document, click the Microsoft Office Button , click Prepare, and then click Inspect Document.

 Top of Page

Excel

1. Click the Microsoft Office Button , click Excel Options, and then click Add-Ins.
2. In the Add-ins box, identify the add-in that you want to enable or disable and note the Add-in type located in the Type column.
3. Select the Add-in type in the Manage box and then click Go.
4. Select or clear the check box for the Add-in that you want enable or disable and then click OK.

 Note    Add-ins of type Document Inspector are enabled using a different method. These add-ins are automatically enabled when you inspect the document for hidden metadata or personal information. To inspect your document, click the Microsoft Office Button , click Prepare, and then click Inspect Document.

 Top of Page

InfoPath

1. On the Tools menu, click Trust Center, and then click Add-ins.
2. In the Add-ins box, identify the add-in that you want to enable or disable and note the Add-in type located in the Type column.
3. Select the Add-in type in the Manage box and then click Go.
4. Select or clear the check box for the Add-in that you want enable or disable and then click OK.

 Top of Page

Outlook

1. On the Tools menu, click Trust Center, and then click Add-ins.
2. In the Add-ins box, identify the add-in that you want to enable or disable and note the Add-in type located in the Type column.
3. Select the Add-in type in the Manage box and then click Go.
4. Select or clear the check box for the Add-in that you want enable or disable and then click OK.

 Top of Page

PowerPoint

1. Click the Microsoft Office Button , click PowerPoint Options, and then click Add-Ins.
2. In the Add-ins box, identify the add-in that you want to enable or disable and note the Add-in type located in the Type column.
3. Select the Add-in type in the Manage box and then click Go.
4. Select or clear the check box for the Add-in that you want enable or disable and then click OK.

 Note    Add-ins of type Document Inspector are enabled using a different method. These add-ins are automatically enabled when you inspect the document for hidden metadata or personal information. To inspect your document, click the Microsoft Office Button , click Prepare, and then click Inspect Document.

 Top of Page

Publisher

1. On the Tools menu, click Trust Center, and then click Add-ins.
2. In the Add-ins box, identify the add-in that you want to enable or disable and note the Add-in type located in the Type column.
3. Select the Add-in type in the Manage box and then click Go.
4. Select or clear the check box for the Add-in that you want enable or disable and then click OK.

 Top of Page

Visio

1. On the Tools menu, click Trust Center, and then click Add-ins.
2. In the Add-ins box, identify the add-in that you want to enable or disable and note the Add-in type located in the Type column.
3. Select the Add-in type in the Manage box and then click Go.
4. Select or clear the check box for the Add-in that you want enable or disable and then click OK.

 Top of Page

Word

1. Click the Microsoft Office Button , click Word Options, and then click Add-Ins.
2. In the Add-ins box, identify the add-in that you want to enable or disable and note the Add-in type located in the Type column.
3. Select the Add-in type in the Manage box and then click Go.
4. Select or clear the check box for the Add-in that you want enable or disable and then click OK.

 Note    Add-ins of type Document Inspector are enabled using a different method. These add-ins are automatically enabled when you inspect the document for hidden metadata or personal information. To inspect your document, click the Microsoft Office Button , click Prepare, and then click Inspect Document.

 Top of Page

What do I do if I get a message that the HKEY_LOCAL_MACHINE cannot be changed?

If you try to disable an add-in and receive the message, "The connected state of Office Add-Ins registered in HKEY_LOCAL_MACHINE cannot be changed", do the following:

Which operating system are you using?

Windows Vista

Windows XP

Windows Vista

1. Close Outlook, if you have it open.
2. Verify that the Outlook service is not running by doing the following:
• Right-click the taskbar, click Task Manager, and then click Processes.
• Look for OUTLOOK.EXE in the processes list:
• If OUTLOOK.EXE is not in the list, go to step 3.
• If OUTLOOK.EXE is in the list, click it, and then click End Process.
3. Start Outlook in administrator mode by doing the following:
• Right-click the Outlook icon on the Quick Launch toolbar (located next to the Windows Start button), and then click Run as administrator.

Outlook is not on my Quick Launch toolbar

4. Disable the add-ins you want to disable following the steps in the Manage the installed add-ins section in this article.
5. Close Outlook.
6. Open Outlook but not in administrator mode.

 Top of Page

Windows XP

1. Close Outlook, if you have it open.
2. Verify that the Outlook service is not running by doing the following:
• Right-click the taskbar, click Task Manager, and then click Processes.
• Look for OUTLOOK.EXE in the processes list:
• If OUTLOOK.EXE is not in the list, go to step 3.
• If OUTLOOK.EXE is in the list, click it, and then click End Process.
3. Start Outlook in administrator mode by doing the following:
• If you are not logged on to Windows XP as an administrator, log off Windows XP, and then log on as an administrator.
• Open Outlook, and then disable the add-ins you want to disable following the steps in the Manage the installed add-ins section in this article.
4. Close Outlook.
5. Log off Windows XP, and then log on with your usual user account.
6. Open Outlook.

 Top of Page

Identifying custom buttons and controls added to the Ribbon from add-ins

Add-ins and documents can add custom buttons and controls to the Ribbon, which is part of the Microsoft Office Fluent user interface. All custom controls in the Office Fluent Ribbon have a special ScreenTip that identifies the origin of the control. In this example, the control comes from RXDemo.xlsm, and is identified in the control's ScreenTip.

This way, you know where the custom controls are coming from and can then remove or update the document, global template, or COM add-in that is presenting the control. See the previous section to learn how to view installed COM add-ins.

 Top of Page

How can the Trust Center help to protect me from unsafe add-ins?

By default, installed and registered add-ins are allowed to run without notification. Add-ins can be exploited by hackers to do malicious harm, such as spreading a virus, so you can use the security settings for add-ins to change this behavior. For more information, see

View or change the add-in security settings

later in this article.

If you or your administrator set a higher security setting for add-ins and the Trust Center detects a potentially unsafe add-in that does not meet these criteria, the Trust Center disables the code by default, and the Message Bar appears to notify you of a potentially unsafe add-in or application extension.

If you click Options on the Message Bar, a security dialog box opens, giving you the option to enable the add-in. See the next section for how to make a secure decision before you click an option.

 Note    In Microsoft Office Outlook 2007 and Microsoft Office Publisher 2007, security alerts appear in dialog boxes, not in the Message Bar. By default, Office Outlook 2007 allows any installed add-in to run. To change the default setting, see View or change the add-in security settings.

 Top of Page

What should I do when a security warning asks if I want to enable or disable an add-in or application extension?

When a security dialog box appears, you can enable the add-in for just the current session by clicking Enable this add-in for this session only, or you can leave it disabled. You should enable the add-in only if you are sure it is from a trustworthy source.

Alternately, you can explicitly trust the publisher by clicking Enable all code published by this publisher. Doing so enables the add-in and allows any software by that publisher to be always trusted.

Microsoft Office Outlook

In Office Outlook 2007, when the security dialog box appears, you can enable the add-in for just the current session by clicking Enable Application Add-in, or you can leave it disabled. You should enable the add-in only if you are sure it is from a trustworthy source.

Alternately, you can explicitly trust the publisher by clicking Trust all documents from this publisher. Doing so enables the add-in and allows any software by that publisher to be always trusted.

For more information about trusted publishers, see Add, remove, or view a trusted publisher.

 Top of Page

View or change the add-in security settings

When you change an add-in security setting, it affects only the program in which the change was made. Do the following in these 2007 Microsoft Office system programs:

Which 2007 Microsoft Office system program are you using?

Access

Excel

InfoPath

Outlook

PowerPoint

Publisher

Visio

Word

Access

1. Click the Microsoft Office Button , and then click Access Options.
2. Click Trust Center, click Trust Center Settings, and then click Add-ins.
3. Click the options that you want. These settings are not selected by default unless you work in an organization and your information technology (IT) administrator changed the defaults by using an administrator policy.
• Require Application Add-ins to be signed by Trusted Publisher Select this option if you want the Trust Center to check for a digital signature (digital signature: An electronic, encryption-based, secure stamp of authentication on a macro or document. This signature confirms that the macro or document originated from the signer and has not been altered.) on the dynamic-link library (.dll) (Dynamic Link Library: A set of routines that can be called from Visual Basic procedures and are loaded and linked into your application at run time.) file that contains the add-in. If the publisher has not been trusted (trust: Indicates whether you trust the individual or group to whom the certificate is issued. The default setting is Inherit Trust from Issuer, which means that the certificate is trusted because the issuer, usually a certificate authority, is trusted.), the Office program does not load the add-in, and the Message Bar displays a notification that the add-in has been disabled.
• Disable notification for unsigned add-ins (code will remain disabled) This check box is available only if you select the Require Application Extensions to be signed by Trusted Publisher check box. In some situations, the dynamic-link library (.dll) (Dynamic Link Library: A set of routines that can be called from Visual Basic procedures and are loaded and linked into your application at run time.) file that contains the add-in might be unsigned. In these cases, add-ins signed by a trusted publisher are enabled, but unsigned add-ins are disabled silently.
• Disable all Application Add-ins (may impair functionality) Select this check box if you don't trust any add-ins. All add-ins are disabled without any notification, and the other add-in check boxes are made unavailable.

 Note    This setting takes effect only after you exit and restart your Office program.

 Top of Page

Excel

1. Click the Microsoft Office Button , and then click Excel Options.
2. Click Trust Center, click Trust Center Settings, and then click Add-ins.
3. Click the options that you want. These settings are not selected by default unless you work in an organization and your information technology (IT) administrator changed the defaults by using an administrator policy.
• Require Application Add-ins to be signed by Trusted Publisher Select this option if you want the Trust Center to check for a digital signature (digital signature: An electronic, encryption-based, secure stamp of authentication on a macro or document. This signature confirms that the macro or document originated from the signer and has not been altered.) on the dynamic-link library (.dll) (Dynamic Link Library: A set of routines that can be called from Visual Basic procedures and are loaded and linked into your application at run time.) file that contains the add-in. If the publisher has not been trusted (trust: Indicates whether you trust the individual or group to whom the certificate is issued. The default setting is Inherit Trust from Issuer, which means that the certificate is trusted because the issuer, usually a certificate authority, is trusted.), the Office program does not load the add-in, and the Message Bar displays a notification that the add-in has been disabled.
• Disable notification for unsigned add-ins (code will remain disabled) This check box is available only if you select the Require Application Extensions to be signed by Trusted Publisher check box. In some situations, the dynamic-link library (.dll) (Dynamic Link Library: A set of routines that can be called from Visual Basic procedures and are loaded and linked into your application at run time.) file that contains the add-in might be unsigned. In these cases, add-ins signed by a trusted publisher are enabled, but unsigned add-ins are disabled silently.
• Disable all Application Add-ins (may impair functionality) Select this check box if you don't trust any add-ins. All add-ins are disabled without any notification, and the other add-in check boxes are made unavailable.

 Note    This setting takes effect only after you exit and restart your Office program.

 Top of Page

InfoPath

1. On the Tools menu, click Trust Center.
2. Click Add-ins.
3. Click the options that you want. These settings are not selected by default unless you work in an organization and your information technology (IT) administrator changed the defaults by using an administrator policy.
• Require Application Add-ins to be signed by Trusted Publisher Select this option if you want the Trust Center to check for a digital signature (digital signature: An electronic, encryption-based, secure stamp of authentication on a macro or document. This signature confirms that the macro or document originated from the signer and has not been altered.) on the dynamic-link library (.dll) (Dynamic Link Library: A set of routines that can be called from Visual Basic procedures and are loaded and linked into your application at run time.) file that contains the add-in. If the publisher has not been trusted (trust: Indicates whether you trust the individual or group to whom the certificate is issued. The default setting is Inherit Trust from Issuer, which means that the certificate is trusted because the issuer, usually a certificate authority, is trusted.), the Office program does not load the add-in, and the Message Bar displays a notification that the add-in has been disabled.
• Disable notification for unsigned add-ins (code will remain disabled) This check box is available only if you select the Require Application Extensions to be signed by Trusted Publisher check box. In some situations, the dynamic-link library (.dll) (Dynamic Link Library: A set of routines that can be called from Visual Basic procedures and are loaded and linked into your application at run time.) file that contains the add-in might be unsigned. In these cases, add-ins signed by a trusted publisher are enabled, but unsigned add-ins are disabled silently.
• Disable all Application Add-ins (may impair functionality) Select this check box if you don't trust any add-ins. All add-ins are disabled without any notification, and the other add-in check boxes are made unavailable.

 Note    This setting takes effect only after you exit and restart your Office program.

 Top of Page

Outlook

By default, Outlook allows any installed add-in to run. You can restrict Outlook to run only those add-ins that are digitally signed by applying the Warnings for signed macros; all unsigned macros are disabled setting to add-ins, as follows:

1. On the Tools menu, click Trust Center.
2. In the left pane, click Macro Security.
3. Click Warnings for signed macros; all unsigned macros are disabled.
4. In the left pane, click Add-ins.
5. Select the Apply macro security settings to installed add-ins check box.

 Top of Page

PowerPoint

1. Click the Microsoft Office Button , and then click PowerPoint Options.
2. Click Trust Center, click Trust Center Settings, and then click Add-ins.
3. Click the options that you want. These settings are not selected by default unless you work in an organization and your information technology (IT) administrator changed the defaults by using an administrator policy.
• Require Application Add-ins to be signed by Trusted Publisher Select this option if you want the Trust Center to check for a digital signature (digital signature: An electronic, encryption-based, secure stamp of authentication on a macro or document. This signature confirms that the macro or document originated from the signer and has not been altered.) on the dynamic-link library (.dll) (Dynamic Link Library: A set of routines that can be called from Visual Basic procedures and are loaded and linked into your application at run time.) file that contains the add-in. If the publisher has not been trusted (trust: Indicates whether you trust the individual or group to whom the certificate is issued. The default setting is Inherit Trust from Issuer, which means that the certificate is trusted because the issuer, usually a certificate authority, is trusted.), the Office program does not load the add-in, and the Message Bar displays a notification that the add-in has been disabled.
• Disable notification for unsigned add-ins (code will remain disabled) This check box is available only if you select the Require Application Extensions to be signed by Trusted Publisher check box. In some situations, the dynamic-link library (.dll) (Dynamic Link Library: A set of routines that can be called from Visual Basic procedures and are loaded and linked into your application at run time.) file that contains the add-in might be unsigned. In these cases, add-ins signed by a trusted publisher are enabled, but unsigned add-ins are disabled silently.
• Disable all Application Add-ins (may impair functionality) Select this check box if you don't trust any add-ins. All add-ins are disabled without any notification, and the other add-in check boxes are made unavailable.

 Note    This setting takes effect only after you exit and restart your Office program.

 Top of Page

Publisher

1. On the Tools menu, click Trust Center.
2. Click Add-ins.
3. Click the options that you want. These settings are not selected by default unless you work in an organization and your information technology (IT) administrator changed the defaults by using an administrator policy.
• Require Application Add-ins to be signed by Trusted Publisher Select this option if you want the Trust Center to check for a digital signature (digital signature: An electronic, encryption-based, secure stamp of authentication on a macro or document. This signature confirms that the macro or document originated from the signer and has not been altered.) on the dynamic-link library (.dll) (Dynamic Link Library: A set of routines that can be called from Visual Basic procedures and are loaded and linked into your application at run time.) file that contains the add-in. If the publisher has not been trusted (trust: Indicates whether you trust the individual or group to whom the certificate is issued. The default setting is Inherit Trust from Issuer, which means that the certificate is trusted because the issuer, usually a certificate authority, is trusted.), the Office program does not load the add-in, and the Message Bar displays a notification that the add-in has been disabled.
• Disable notification for unsigned add-ins (code will remain disabled) This check box is available only if you select the Require Application Extensions to be signed by Trusted Publisher check box. In some situations, the dynamic-link library (.dll) (Dynamic Link Library: A set of routines that can be called from Visual Basic procedures and are loaded and linked into your application at run time.) file that contains the add-in might be unsigned. In these cases, add-ins signed by a trusted publisher are enabled, but unsigned add-ins are disabled silently.
• Disable all Application Add-ins (may impair functionality) Select this check box if you don't trust any add-ins. All add-ins are disabled without any notification, and the other add-in check boxes are made unavailable.

 Note    This setting takes effect only after you exit and restart your Office program.

 Top of Page

Visio

1. On the Tools menu, click Trust Center.
2. Click Add-ins.
3. Click the options that you want. These settings are not selected by default unless you work in an organization and your information technology (IT) administrator changed the defaults by using an administrator policy.
• Require Application Add-ins to be signed by Trusted Publisher Select this option if you want the Trust Center to check for a digital signature (digital signature: An electronic, encryption-based, secure stamp of authentication on a macro or document. This signature confirms that the macro or document originated from the signer and has not been altered.) on the dynamic-link library (.dll) (Dynamic Link Library: A set of routines that can be called from Visual Basic procedures and are loaded and linked into your application at run time.) file that contains the add-in. If the publisher has not been trusted (trust: Indicates whether you trust the individual or group to whom the certificate is issued. The default setting is Inherit Trust from Issuer, which means that the certificate is trusted because the issuer, usually a certificate authority, is trusted.), the Office program does not load the add-in, and the Message Bar displays a notification that the add-in has been disabled.
• Disable notification for unsigned add-ins (code will remain disabled) This check box is available only if you select the Require Application Extensions to be signed by Trusted Publisher check box. In some situations, the dynamic-link library (.dll) (Dynamic Link Library: A set of routines that can be called from Visual Basic procedures and are loaded and linked into your application at run time.) file that contains the add-in might be unsigned. In these cases, add-ins signed by a trusted publisher are enabled, but unsigned add-ins are disabled silently.
• Disable all Application Add-ins (may impair functionality) Select this check box if you don't trust any add-ins. All add-ins are disabled without any notification, and the other add-in check boxes are made unavailable.

 Note    This setting takes effect only after you exit and restart your Office program.

 Top of Page

Word

1. Click the Microsoft Office Button , and then click Word Options.
2. Click Trust Center, click Trust Center Settings, and then click Add-ins.
3. Click the options that you want. These settings are not selected by default unless you work in an organization and your information technology (IT) administrator changed the defaults by using an administrator policy.
• Require Application Add-ins to be signed by Trusted Publisher Select this option if you want the Trust Center to check for a digital signature (digital signature: An electronic, encryption-based, secure stamp of authentication on a macro or document. This signature confirms that the macro or document originated from the signer and has not been altered.) on the dynamic-link library (.dll) (Dynamic Link Library: A set of routines that can be called from Visual Basic procedures and are loaded and linked into your application at run time.) file that contains the add-in. If the publisher has not been trusted (trust: Indicates whether you trust the individual or group to whom the certificate is issued. The default setting is Inherit Trust from Issuer, which means that the certificate is trusted because the issuer, usually a certificate authority, is trusted.), the Office program does not load the add-in, and the Message Bar displays a notification that the add-in has been disabled.
• Disable notification for unsigned add-ins (code will remain disabled) This check box is available only if you select the Require Application Extensions to be signed by Trusted Publisher check box. In some situations, the dynamic-link library (.dll) (Dynamic Link Library: A set of routines that can be called from Visual Basic procedures and are loaded and linked into your application at run time.) file that contains the add-in might be unsigned. In these cases, add-ins signed by a trusted publisher are enabled, but unsigned add-ins are disabled silently.
• Disable all Application Add-ins (may impair functionality) Select this check box if you don't trust any add-ins. All add-ins are disabled without any notification, and the other add-in check boxes are made unavailable.

 Note    This setting takes effect only after you exit and restart your Office program.

 Top of Page

Excel > Security and privacy

Enable or disable macros in Office documents

Excel 2007

Tags  disable macro; enable macros; macro; macro button; macro security; security;signature;vba

What are tags?

This article is about macro security and explains the risks involved in enabling macros and how the Trust Center in the 2007 Microsoft Office system can help to mitigate these risks. In this article, the term "document" can mean any Microsoft Office file that can contain macros. The term "macro" means a macro created by using Visual Basic for Applications (VBA) (Visual Basic for Applications (VBA): A macro-language version of Microsoft Visual Basic that is used to program Microsoft Windows-based applications and is included with several Microsoft programs.).

In this article

What is a macro and what is the security risk?

How can the Trust Center help protect me from unsafe macros?

What should I do when a security warning asks if I want to enable or disable a macro?

How do you change macro security settings for all documents in the Trust Center?

What is a macro and what is the security risk?

The purpose of a macro is to automate frequently used tasks. Although some macros are simply a recording of your keystrokes or mouse clicks, more powerful VBA (Visual Basic for Applications (VBA): A macro-language version of Microsoft Visual Basic that is used to program Microsoft Windows-based applications and is included with several Microsoft programs.) macros are written by developers who use code that can run many commands on your computer. For this reason, VBA macros pose a potential security risk. A hacker can introduce a malicious macro through a document that, if opened, allows the macro to run and potentially spread a virus (virus: A computer program or macro that "infects" computer files by inserting copies of itself into those files. When the infected file is loaded into memory, the virus can infect other files. Viruses often have harmful side effects.) on your computer.

 Top of Page

How can the Trust Center help protect me from unsafe macros?

Before allowing a macro to be enabled in a document, the Trust Center checks for the following:

• The macro is signed by the developer with a digital signature (digital signature: An electronic, encryption-based, secure stamp of authentication on a macro or document. This signature confirms that the macro or document originated from the signer and has not been altered.).
• The digital signature is valid (valid: Refers to the status of a certificate checked against a certificate authority's database and found to be legitimate, current, and not expired or revoked. Documents signed by a valid certificate and not altered since signing are considered valid.).
• This digital signature is current (not expired).
• The certificate associated with the digital signature was issued by a reputable certificate authority (CA) (certificate authority (CA): A commercial organization that issues digital certificates, keeps track of who is assigned to a certificate, signs certificates to verify their validity, and tracks which certificates are revoked or expired.).
• The developer who signed the macro is a trusted publisher (trusted publisher: The developer of a macro that is trusted by you on your computer. The trusted publisher is identified by the certificate that they used to digitally sign the macro. Also known as a trusted source.).

If the Trust Center detects a problem with any of these, the macro is disabled by default, and the Message Bar appears to notify you of a potentially unsafe macro.

If you click Options on the Message Bar, a security dialog box opens, giving you the option to enable the macro. See the next section for how to make a secure decision before you click an option.

 Note    In Microsoft Office Outlook 2007 and Microsoft Office Publisher 2007, security alerts appear in dialog boxes, not in the Message Bar.

 Top of Page

What should I do when a security warning asks if I want to enable or disable a macro?

When a security dialog box appears, you have the option to enable the macro or leave it disabled. You should enable the macro only if you are sure it is from a trustworthy source.

Important  If you are sure the document and macro are from a trustworthy source and have a valid signature, and you do not want to be notified about them again, instead of changing the default Trust Center settings to a less safe macro security setting, you can click Trust all documents from this publisher in the security dialog box. This adds the publisher to your Trusted Publishers list in the Trust Center. All software from that publisher is trusted. In the case where the macro doesn't have a valid signature, but you trust it and don't want to be notified again, instead of changing the default Trust Center settings to a less safe macro security setting, it is better to move the document to a trusted location. Documents in trusted locations are allowed to run without being checked by the Trust Center security system.

Depending on the situation, the security dialog box describes the specific problem. The following table lists the possible problems and offers advice on what you should or should not do in each case.

 Top of Page

How do you change macro security settings for all documents in the Trust Center?

Macro security settings are located in the Trust Center. However, if you work in an organization, your system administrator might have changed the default setting and prevented you from changing any settings.

 Note    When you change your macro settings in the Trust Center, they are changed only for the Office program that you are currently using. The macro settings are not changed for all your Office programs.

Which 2007 Microsoft Office system program are you using?

Access

Excel

Outlook

PowerPoint

Publisher

Visio

Word

Access

1. Click the Microsoft Office Button , and then click Access Options.
2. Click Trust Center, click Trust Center Settings, and then click Macro Settings.
3. Click the options that you want:
• Disable all macros without notification Click this option if you don't trust macros. All macros in documents and security alerts about macros are disabled. If there are documents with unsigned macros that you do trust, you can put those documents into a trusted location. Documents in trusted locations are allowed to run without being checked by the Trust Center security system.
• Disable all macros with notification This is the default setting. Click this option if you want macros to be disabled, but you want to get security alerts if there are macros present. This way, you can choose when to enable those macros on a case by case basis.
• Disable all macros except digitally signed macros This setting is the same as the Disable all macros with notification option, except that if the macro is digitally signed by a trusted publisher, the macro can run if you have already trusted the publisher. If you have not trusted the publisher, you are notified. That way, you can choose to enable those signed macros or trust the publisher. All unsigned macros are disabled without notification.
• Enable all macros (not recommended, potentially dangerous code can run) Click this option to allow all macros to run. This setting makes your computer vulnerable to potentially malicious code and is not recommended.
• Trust access to the VBA project object model  This setting is for developers and is used to deliberately lock out or allow programmatic access to the VBA object model from any Automation client. In other words, it provides a security option for code that is written to automate an Office program and programmatically manipulate the Microsoft Visual Basic for Applications (VBA) environment and object model. This is a per user and per application setting, and denies access by default. This security option makes it more difficult for unauthorized programs to build "self-replicating" code that can harm end-user systems. For any Automation client to be able to access the VBA object model programmatically, the user running the code must explicitly grant access. To turn on access, select the check box.

Tip  You can open the macro security settings dialog box from the Developer tab in the Ribbon, which is part of the Microsoft Office Fluent user interface. If the Developer tab is not available, click the Microsoft Office Button , and then click Access Options. Click Popular, and then select the Show Developer tab in the Ribbon check box.

 Top of Page

Excel

1. Click the Microsoft Office Button , and then click Excel Options.
2. Click Trust Center, click Trust Center Settings, and then click Macro Settings.
3. Click the options that you want:
• Disable all macros without notification Click this option if you don't trust macros. All macros in documents and security alerts about macros are disabled. If there are documents with unsigned macros that you do trust, you can put those documents into a trusted location. Documents in trusted locations are allowed to run without being checked by the Trust Center security system.
• Disable all macros with notification This is the default setting. Click this option if you want macros to be disabled, but you want to get security alerts if there are macros present. This way, you can choose when to enable those macros on a case by case basis.
• Disable all macros except digitally signed macros This setting is the same as the Disable all macros with notification option, except that if the macro is digitally signed by a trusted publisher, the macro can run if you have already trusted the publisher. If you have not trusted the publisher, you are notified. That way, you can choose to enable those signed macros or trust the publisher. All unsigned macros are disabled without notification.
• Enable all macros (not recommended, potentially dangerous code can run) Click this option to allow all macros to run. This setting makes your computer vulnerable to potentially malicious code and is not recommended.
• Trust access to the VBA project object model  This setting is for developers and is used to deliberately lock out or allow programmatic access to the VBA object model from any Automation client. In other words, it provides a security option for code that is written to automate an Office program and programmatically manipulate the Microsoft Visual Basic for Applications (VBA) environment and object model. This is a per user and per application setting, and denies access by default. This security option makes it more difficult for unauthorized programs to build "self-replicating" code that can harm end-user systems. For any Automation client to be able to access the VBA object model programmatically, the user running the code must explicitly grant access. To turn on access, select the check box.

Tip  You can open the macro security settings dialog box from the Developer tab in the Ribbon, which is part of the Microsoft Office Fluent user interface. If the Developer tab is not available, click the Microsoft Office Button , and then click Excel Options. Click Popular, and then select the Show Developer tab in the Ribbon check box.

 Top of Page

Outlook

1. On the Tools menu, click Trust Center.
2. Click Macro Settings.
3. Click the options that you want:
• No warnings and disable all macros Click this option if you don't trust macros. All macros and security alerts about macros are disabled.
• Warnings for all macros This is the default setting. Click this option if you want macros to be disabled, but you want to get security alerts if there are macros present. This way, you can choose when to enable those macros on a case by case basis.
• Warnings for signed macros; all unsigned macros are disabled This setting is the same as the Disable all macros with notification option, except that if the macro is digitally signed by a trusted publisher, the macro can run if you have already trusted the publisher. If you have not trusted the publisher, you are notified. That way, you can choose to enable those signed macros or trust the publisher. All unsigned macros are disabled without notification.
• No security check for macros (Not recommended) Click this option to allow all macros to run. This setting makes your computer vulnerable to potentially malicious code and is not recommended.

 Top of Page

PowerPoint

1. Click the Microsoft Office Button , and then click PowerPoint Options.
2. Click Trust Center, click Trust Center Settings, and then click Macro Settings.
3. Click the options that you want:
• Disable all macros without notification Click this option if you don't trust macros. All macros in documents and security alerts about macros are disabled. If there are documents with unsigned macros that you do trust, you can put those documents into a trusted location. Documents in trusted locations are allowed to run without being checked by the Trust Center security system.
• Disable all macros with notification This is the default setting. Click this option if you want macros to be disabled, but you want to get security alerts if there are macros present. This way, you can choose when to enable those macros on a case by case basis.
• Disable all macros except digitally signed macros This setting is the same as the Disable all macros with notification option, except that if the macro is digitally signed by a trusted publisher, the macro can run if you have already trusted the publisher. If you have not trusted the publisher, you are notified. That way, you can choose to enable those signed macros or trust the publisher. All unsigned macros are disabled without notification.
• Enable all macros (not recommended, potentially dangerous code can run) Click this option to allow all macros to run. This setting makes your computer vulnerable to potentially malicious code and is not recommended.
• Trust access to the VBA project object model  This setting is for developers and is used to deliberately lock out or allow programmatic access to the VBA object model from any Automation client. In other words, it provides a security option for code that is written to automate an Office program and programmatically manipulate the Microsoft Visual Basic for Applications (VBA) environment and object model. This is a per user and per application setting, and denies access by default. This security option makes it more difficult for unauthorized programs to build "self-replicating" code that can harm end-user systems. For any Automation client to be able to access the VBA object model programmatically, the user running the code must explicitly grant access. To turn on access, select the check box.

Tip  You can open the macro security settings dialog box from the Developer tab in the Ribbon, which is part of the Microsoft Office Fluent user interface. If the Developer tab is not available, click the Microsoft Office Button , and then click PowerPoint Options. Click Popular, and then select the Show Developer tab in the Ribbon check box.

 Top of Page

Publisher

1. On the Tools menu, click Trust Center.
2. Click Macro Settings.
3. Click the options that you want:
• Disable all macros without notification Click this option if you don't trust macros. All macros in documents and security alerts about macros are disabled. If there are documents with unsigned macros that you do trust, you can put those documents into a trusted location. Documents in trusted locations are allowed to run without being checked by the Trust Center security system.
• Disable all macros with notification This is the default setting. Click this option if you want macros to be disabled, but you want to get security alerts if there are macros present. This way, you can choose when to enable those macros on a case by case basis.
• Disable all macros except digitally signed macros This setting is the same as the Disable all macros with notification option, except that if the macro is digitally signed by a trusted publisher, the macro can run if you have already trusted the publisher. If you have not trusted the publisher, you are notified. That way, you can choose to enable those signed macros or trust the publisher. All unsigned macros are disabled without notification.
• Enable all macros (not recommended, potentially dangerous code can run) Click this option to allow all macros to run. This setting makes your computer vulnerable to potentially malicious code and is not recommended.
• Trust access to the VBA project object model  This setting is for developers and is used to deliberately lock out or allow programmatic access to the VBA object model from any Automation client. In other words, it provides a security option for code that is written to automate an Office program and programmatically manipulate the Microsoft Visual Basic for Applications (VBA) environment and object model. This is a per user and per application setting, and denies access by default. This security option makes it more difficult for unauthorized programs to build "self-replicating" code that can harm end-user systems. For any Automation client to be able to access the VBA object model programmatically, the user running the code must explicitly grant access. To turn on access, select the check box.

 Top of Page

Visio

1. On the Tools menu, click Trust Center.
2. Click Macro Settings.
3. Click the options that you want:
• Disable all macros without notification Click this option if you don't trust macros. All macros in documents and security alerts about macros are disabled. If there are documents with unsigned macros that you do trust, you can put those documents into a trusted location. Documents in trusted locations are allowed to run without being checked by the Trust Center security system.
• Disable all macros with notification This is the default setting. Click this option if you want macros to be disabled, but you want to get security alerts if there are macros present. This way, you can choose when to enable those macros on a case by case basis.
• Disable all macros except digitally signed macros This setting is the same as the Disable all macros with notification option, except that if the macro is digitally signed by a trusted publisher, the macro can run if you have already trusted the publisher. If you have not trusted the publisher, you are notified. That way, you can choose to enable those signed macros or trust the publisher. All unsigned macros are disabled without notification.
• Enable all macros (not recommended, potentially dangerous code can run) Click this option to allow all macros to run. This setting makes your computer vulnerable to potentially malicious code and is not recommended.
• Trust access to the VBA project object model  This setting is for developers and is used to deliberately lock out or allow programmatic access to the VBA object model from any Automation client. In other words, it provides a security option for code that is written to automate an Office program and programmatically manipulate the Microsoft Visual Basic for Applications (VBA) environment and object model. This is a per user and per application setting, and denies access by default. This security option makes it more difficult for unauthorized programs to build "self-replicating" code that can harm end-user systems. For any Automation client to be able to access the VBA object model programmatically, the user running the code must explicitly grant access. To turn on access, select the check box.

 Top of Page

Word

1. Click the Microsoft Office Button , and then click Word Options.
2. Click Trust Center, click Trust Center Settings, and then click Macro Settings.
3. Click the options that you want:
• Disable all macros without notification Click this option if you don't trust macros. All macros in documents and security alerts about macros are disabled. If there are documents with unsigned macros that you do trust, you can put those documents into a trusted location. Documents in trusted locations are allowed to run without being checked by the Trust Center security system.
• Disable all macros with notification This is the default setting. Click this option if you want macros to be disabled, but you want to get security alerts if there are macros present. This way, you can choose when to enable those macros on a case by case basis.
• Disable all macros except digitally signed macros This setting is the same as the Disable all macros with notification option, except that if the macro is digitally signed by a trusted publisher, the macro can run if you have already trusted the publisher. If you have not trusted the publisher, you are notified. That way, you can choose to enable those signed macros or trust the publisher. All unsigned macros are disabled without notification.
• Enable all macros (not recommended, potentially dangerous code can run) Click this option to allow all macros to run. This setting makes your computer vulnerable to potentially malicious code and is not recommended.
• Trust access to the VBA project object model  This setting is for developers and is used to deliberately lock out or allow programmatic access to the VBA object model from any Automation client. In other words, it provides a security option for code that is written to automate an Office program and programmatically manipulate the Microsoft Visual Basic for Applications (VBA) environment and object model. This is a per user and per application setting, and denies access by default. This security option makes it more difficult for unauthorized programs to build "self-replicating" code that can harm end-user systems. For any Automation client to be able to access the VBA object model programmatically, the user running the code must explicitly grant access. To turn on access, select the check box.

Tip  You can open the macro security settings dialog box from the Developer tab in the Ribbon, which is part of the Microsoft Office Fluent user interface. If the Developer tab is not available, click the Microsoft Office Button , and then click Word Options. Click Popular, and then select the Show Developer tab in the Ribbon check box.

 Top of Page

See Also

• Create or delete a macro
• Digitally sign a macro project
• Edit a macro
• Run a macro

Excel > Security and privacy

Enable or disable security alerts about links to and files from suspicious Web sites

Excel 2007

This article explains the risks involved when a document that you are working in contains a link to a suspicious Web site or when you try to open a file from a suspicious Web site. The 2007 Microsoft Office system helps to mitigate these risks to help protect you from homograph attacks used in phishing schemes.

In this article

What is a homograph attack?

How can the Trust Center help protect me from homograph attacks?

Enable or disable security alerts about links to and files from suspicious Web sites

Disable security alerts for a Web site by marking it as a Trusted site

What is a homograph attack?

A homograph is a word with the same spelling as another word but with a different meaning. In computers, a homograph attack is a Web address that looks like a familiar Web address but is actually altered. This occurs when the domain name (domain name: The address of a network location that identifies its owner in this specific format: server.organization.type. For example, www.whitehouse.gov identifies the Web server at the White House, which is part of the U.S. government.) was created by using alphabet characters from different languages, not just English. For example, the following Web address looks legitimate, but what you can't see is that the "i" is a Cyrillic character from the Ukrainian alphabet.

www.microsoft.com

Phishers spoof the domain names of banks and other companies in order to deceive consumers into thinking that they are visiting a familiar Web site. Special software is needed to detect these kinds of spoofed domain names in Web addresses. See the next section to learn more about how The 2007 Office release helps protect you from links that attempt to lead you to suspicious Web sites.

 Top of Page

How can the Trust Center help protect me from homograph attacks?

By default, the 2007 Office release displays security alerts in the following situations:

• You have a document open and you click a link to a Web site with an address that has a potentially spoofed domain name.
• You open a file from a Web site with an address that has a potentially spoofed domain name.

The following is the alert that appears when you click a link to a Web site that uses a potentially spoofed domain name.

You can then choose whether to continue to visit the Web site. In this situation, we recommend that you click No. If you don't want to receive these alerts, you can disable them. For more information, see the next two sections.

 Top of Page

Enable or disable security alerts about links to and files from suspicious Web sites

Detection of potentially spoofed domain names is on by default. You can turn detection off so that you don't get security alerts, but we do not recommend this. Do the following in these 2007 Microsoft Office system programs:

Which 2007 Microsoft Office system program are you using?

Access

Clip Organizer

Excel

InfoPath

OneNote

PowerPoint

Project

SharePoint Designer

Visio

Word

Access

1. Click the Microsoft Office Button , and then click Access Options.
2. Click Trust Center, click Trust Center Settings, and then click Privacy Options.
3. Clear the Check Office documents that are from or link to suspicious Web sites check box.

 Top of Page

Clip Organizer

1. On the Help menu, click Customer Feedback Options.
2. Under Web Link Privacy, clear the Check Office documents that are from or link to suspicious Web sites check box.

 Top of Page

Excel

1. Click the Microsoft Office Button , and then click Excel Options.
2. Click Trust Center, click Trust Center Settings, and then click Privacy Options.
3. Clear the Check Office documents that are from or link to suspicious Web sites check box.

 Top of Page

InfoPath

1. On the Tools menu, click Trust Center, and then click Privacy Options.
2. Clear the Check Office documents that are from or link to suspicious Web sites check box.

 Top of Page

OneNote

1. On the Help menu, click Customer Feedback Options.
2. Under Web Link Privacy, clear the Check Office documents that are from or link to suspicious Web sites check box.

 Top of Page

PowerPoint

1. Click the Microsoft Office Button , and then click PowerPoint Options.
2. Click Trust Center, click Trust Center Settings, and then click Privacy Options.
3. Clear the Check Office documents that are from or link to suspicious Web sites check box.

 Top of Page

Project

1. On the Help menu, click Customer Feedback Options.
2. Under Web Link Privacy, clear the Check Office documents that are from or link to suspicious Web sites check box.

 Top of Page

SharePoint Designer

1. On the Help menu, click Customer Feedback Options.
2. Under Web Link Privacy, clear the Check Office documents that are from or link to suspicious Web sites check box.

 Top of Page

Visio

1. On the Tools menu, click Trust Center, and then click Privacy Options.
2. Clear the Check Office documents that are from or link to suspicious Web sites check box.

 Top of Page

Word

1. Click the Microsoft Office Button , and then click Word Options.
2. Click Trust Center, click Trust Center Settings, and then click Privacy Options.
3. Clear the Check Office documents that are from or link to suspicious Web sites check box.

 Top of Page

Disable security alerts for a Web site by marking it as a Trusted site

If you think that a particular Web site is trustworthy, you can disable the alerts by adding the Web site to your Trusted sites zone in Windows Internet Explorer. The Trusted sites zone contains Web sites that you consider to be safe, such as sites that are located on your organization's intranet or sites that you learned about from established sources in whom you have confidence. When you add a Web site to the Trusted sites zone, you indicate that you think any files that you download or run from that Web site will not damage your computer or data. By default, no Web sites are assigned to the Trusted sites zone, and the security level for the Trusted sites zone is set to Low.

Assign a Web site to the Trusted sites zone

1. In Internet Explorer version 5, 6, or 7, on the Tools menu, click Internet Options.
2. On the Security tab, click Trusted sites, and then click Sites.
3. In the Add this Web site to the zone box, type or select the address of the Web site, and then click Add.
4. If you want Internet Explorer to verify that the server for each Web site in this zone is secure before you connect to any Web sites in this zone, select the Require server verification (https:) for all sites in this zone check box.
5. Click OK twice.

 Top of Page

See Also

• How Office helps protect you from phishing schemes
• View my security settings in the Trust Center

Excel > Security and privacy

Enable or disable security alerts on the Message Bar

The Message Bar displays security alerts when there is potentially unsafe, active content in the document you open. For example, the document might contain an unsigned macro or a signed macro with an invalid signature. In such cases, the Message Bar appears by default to alert you about the problem.

If you don't want to be alerted, you can disable the Message Bar.

Which 2007 Microsoft Office system program are you using?

Access

Excel

PowerPoint

Visio

Word

Access

1. Click the Microsoft Office Button , and then click Access Options.
2. Click Trust Center, click Trust Center Settings, and then click Message Bar.
3. Click the options that you want:
• Show the Message Bar in all applications when document content has been blocked This option is selected by default so that you get Message Bar alerts whenever potentially unsafe content has been disabled. The option is not selected if you clicked the Disable all macros without notification option on the Macros pane of the Trust Center. If you click Disable all macros without notification, you won't get Message Bar alerts when macros are disabled.
• Never show information about blocked content This option disables the Message Bar. You do not receive alerts about any security issues, regardless of any security settings in the Trust Center.

 Top of Page

Excel

1. Click the Microsoft Office Button , and then click Excel Options.
2. Click Trust Center, click Trust Center Settings, and then click Message Bar.
3. Click the options that you want:
• Show the Message Bar in all applications when document content has been blocked This option is selected by default so that you get Message Bar alerts whenever potentially unsafe content has been disabled. The option is not selected if you clicked the Disable all macros without notification option on the Macros pane of the Trust Center. If you click Disable all macros without notification, you won't get Message Bar alerts when macros are disabled.
• Never show information about blocked content This option disables the Message Bar. You do not receive alerts about any security issues, regardless of any security settings in the Trust Center.

 Top of Page

PowerPoint

1. Click the Microsoft Office Button , and then click PowerPoint Options.
2. Click Trust Center, click Trust Center Settings, and then click Message Bar.
3. Click the options that you want:
• Show the Message Bar in all applications when document content has been blocked This option is selected by default so that you get Message Bar alerts whenever potentially unsafe content has been disabled. The option is not selected if you clicked the Disable all macros without notification option on the Macros pane of the Trust Center. If you click Disable all macros without notification, you won't get Message Bar alerts when macros are disabled.
• Never show information about blocked content This option disables the Message Bar. You do not receive alerts about any security issues, regardless of any security settings in the Trust Center.

 Top of Page

Visio

1. On the Tools menu, click Trust Center.
2. Click Message Bar.
3. Click the options that you want:
• Show the Message Bar in all applications when document content has been blocked This option is selected by default so that you get Message Bar alerts whenever potentially unsafe content has been disabled. The option is not selected if you clicked the Disable all macros without notification option on the Macros pane of the Trust Center. If you click Disable all macros without notification, you won't get Message Bar alerts when macros are disabled.
• Never show information about blocked content This option disables the Message Bar. You do not receive alerts about any security issues, regardless of any security settings in the Trust Center.

 Top of Page

Word

1. Click the Microsoft Office Button , and then click Word Options.
2. Click Trust Center, click Trust Center Settings, and then click Message Bar.
3. Click the options that you want:
• Show the Message Bar in all applications when document content has been blocked This option is selected by default so that you get Message Bar alerts whenever potentially unsafe content has been disabled. The option is not selected if you clicked the Disable all macros without notification option on the Macros pane of the Trust Center. If you click Disable all macros without notification, you won't get Message Bar alerts when macros are disabled.
• Never show information about blocked content This option disables the Message Bar. You do not receive alerts about any security issues, regardless of any security settings in the Trust Center.

 Top of Page

See Also

• Block or unblock external content in Office documents
• Enable or disable ActiveX controls in Office documents
• Enable or disable add-ins in Office programs
• Enable or disable macros in Office documents
• Enable or disable security alerts about links to and files from suspicious Web sites
• View my security settings in the Trust Center

Excel > Security and privacy

View my security settings in the Trust Center

The Trust Center is where you can find security and privacy settings for the 2007 Microsoft Office system programs. The Very High, High, Medium, and Low security levels that were used in earlier versions of Office are now replaced with a more streamlined security system.

Which 2007 Microsoft Office system program are you using?

Access

Excel