Datasafexl: a Brief Overview of Microsoft ® Excel Vulnerabilities
Posted by admin in Microsoft on 12 19th, 2007 | no responses
Nikolas Petousis asked:
In this article, we will provide you with a brief overview of the Microsoft ® Excel security environment and examine in more detail the effectiveness of Microsoft ® Excel’s built-in protection features.
Undoubtedly, Microsoft ® Excel’s security environment can prove to be cumbersome even for experienced users. In addition, there are numerous methods which an intruder can use to bypass any security aspect of the Microsoft ® Excel application. Without a doubt, the general consensus is that Microsoft ® Excel’s security environment is weak.
The following protection measures can be employed in a Microsoft ® Excel spreadsheet
Password to open the workbook
Password to protect workbook structure
Password to protect VBA code
By using a password to open a Microsoft ® Excel file, you are effectively encrypting its contents. Thus, only individuals who know this password can access any of the workbook’s contents.
Even so, the default encryption standard in the Microsoft ® Excel application is very weak and commercial password crackers from websites such as Lastbit and LostPassword can be used to obtain the password and access the contents of the file.
In addition, there is nothing that prevents a user from sharing the password with other individuals.
Subsequently, a spreadsheet developer can decide to protect the sheet contents and workbook structure so that users cannot change any formulae or the names of the sheets for example. Again, a free utility can be obtained from a website by the name Straxx to bypass these protection features within seconds.
The abovementioned utilities can also be easily used to break the password for VBA projects and obtain access to the VBA source code.
Another common technique that Microsoft ® Excel developers like to use, is to hide all sheets when the Excel file is closed. This method forces the user to ‘Enable Macros’ when opening a file, in order to be able to view the hidden sheets.
However, the pitfall with this approach is that users can still open the Excel file by ‘Disabling Macros’ and use an ‘Add-in’ to unhide and manipulate all sheets presented in the workbook.
To summarise, users can obtain and modify all the data in a workbook, even in situations where they are required to use a password to access a Microsoft ® Excel file.
This is why DataSafeXL’s (http://www.DataSafeXL.com) innovative product, “XLSafe” is imperative for your business and your sensitive data.
In this article, we will provide you with a brief overview of the Microsoft ® Excel security environment and examine in more detail the effectiveness of Microsoft ® Excel’s built-in protection features.
Undoubtedly, Microsoft ® Excel’s security environment can prove to be cumbersome even for experienced users. In addition, there are numerous methods which an intruder can use to bypass any security aspect of the Microsoft ® Excel application. Without a doubt, the general consensus is that Microsoft ® Excel’s security environment is weak.
The following protection measures can be employed in a Microsoft ® Excel spreadsheet
Password to open the workbook
Password to protect workbook structure
Password to protect VBA code
By using a password to open a Microsoft ® Excel file, you are effectively encrypting its contents. Thus, only individuals who know this password can access any of the workbook’s contents.
Even so, the default encryption standard in the Microsoft ® Excel application is very weak and commercial password crackers from websites such as Lastbit and LostPassword can be used to obtain the password and access the contents of the file.
In addition, there is nothing that prevents a user from sharing the password with other individuals.
Subsequently, a spreadsheet developer can decide to protect the sheet contents and workbook structure so that users cannot change any formulae or the names of the sheets for example. Again, a free utility can be obtained from a website by the name Straxx to bypass these protection features within seconds.
The abovementioned utilities can also be easily used to break the password for VBA projects and obtain access to the VBA source code.
Another common technique that Microsoft ® Excel developers like to use, is to hide all sheets when the Excel file is closed. This method forces the user to ‘Enable Macros’ when opening a file, in order to be able to view the hidden sheets.
However, the pitfall with this approach is that users can still open the Excel file by ‘Disabling Macros’ and use an ‘Add-in’ to unhide and manipulate all sheets presented in the workbook.
To summarise, users can obtain and modify all the data in a workbook, even in situations where they are required to use a password to access a Microsoft ® Excel file.
This is why DataSafeXL’s (http://www.DataSafeXL.com) innovative product, “XLSafe” is imperative for your business and your sensitive data.
Random Posts
No Comments »
No comments yet.
RSS feed for comments on this post. TrackBack URL