To,Mr.Jensen Harrisn and Mr.Savraj Dhanjal @MSoft.com

[BEETAL]

Dear Sirs,
Thank You for doing a great job as far as Ribbon's UI is concerned. I have a
simple question which might not be directly related to your work with excel,
but, I would request you to find out a reply to the following question.

Why Microsoft does not bother with the security of MS Excel? Why it is
possible that all security measures taken to protect a workbook and the VBA
projects etc. can be compromised in seconds. Just wanted to know the reason.
Is it a policy or just an oversight? It shall be kind of you folks to reply
back.

 

[Shane Devenshire]

It's probably the same reason Google was hacked by China and almost every
government agency in every country has been hacked by someone.

If your real question is how to make your Excel files secure - don't put
them anywhere anyone can get to them. In other words if you are connected to
the internet anyone might get to your files regardless of how secure they
are. If you leave them on a computer then the computer needs to be stored in
a secure location such as a vault or safe (and never connected to the
internet).

 

[John]

Hi Beetal
This is my defination:
Defining "security" in Excel. In a generic sense, security is "freedom from
risk or danger." In the context of MsExcel security, it's the prevention of, or
protection against someone altering your workbooks or worksheets by accident.
It's not protection against malicious intent.
HTH
John

 

[ker_01]

FWIW...

On the VBA side, I dont think Excel VBA was intended to be an application
development platform, just a method for users to enhance the functionality of
their workbooks. If so, then security might only be necessary to the extent
that it is possible to verify whether code has been altered (digital
signatures, to detect the unwanted intrusion of viruses and the like). When
you buy Excel off the shelf, the average user doesn't take that to imply a
robust, secure development suite for building custom applications. If you
need a higher level of code security, search posts in this forum for ways to
create Excel applications using VS.Net or VB6, as those are designed to
provide the level of security you are asking about (arguably, maybe VB6 is
more secure?)

As for the security of workbooks themselves, that isn't a software issue,
that is a user/process issue. The absolute most secure method of making sure
someone doesn't see your data is to make sure they don't get a copy of your
workbook in the first place.

 

[Mike H]

BEETAL,

I guess this is a follow up to yesterday's thread on making your code
secure. While I understand your frustration; generally , I think there's a
tendency to be a little hard on Microsoft regarding Excel security.

Excel is a powerful and affordable tool and because of this it gets used to
develop very costly utililities; and by that I mean costly in terms of the
authors time. The Author then sometimes goes on to want to distribute that
content while retaining intellectual exclusivity to the code behind it and
only then realises the shortcomings of the inbuilt security.

My main criticism of Excel security is not the lack of robustness but the
failure to make that clear up front. Microsoft imply by ommision that the
security is better than it is but if we want more then we are going to have
to pay for it in a premium on the product price.

Me, I wouldn't start with Excel if security was an issue.
--
Mike

When competing hypotheses are otherwise equal, adopt the hypothesis that
introduces the fewest assumptions while still sufficiently answering the
question.