Are there security problems when implementing and using "add-ins" in VBA (Excel)?

Question

Are there security problems when implementing and using "add-ins" in VBA (Excel)?

Asked 7 years, 11 months ago

Viewed 84 times

-1

Due to security problems with macros in VBA/Excel, I was wondering if the same occurs (or something similar) when adding a supplement and use it later in projects of VBA.

This would impact a user who "runs" a system made in VBA with this supplement on your computer? It should activate some security procedures or it will not make a difference?

I have no way to test now, but this supplement, if applied in a system, it gets ready for use by this user not requiring any additional action? He wouldn’t have to activate the same supplement in his Excel?

There is the "Progressbar", a supplement that I activated and tested without having to activate anything related to security. So it is safe and indifferent the existence and activation of this supplement by the user?

1 answer

Browser other questions tagged excel vba security-guard

You are not signed in. Login or sign up in order to post.

by Leo • **2,002** points · Answer 1 · 2016-07-15T02:37:06+00:00

According to the support of Microsoft on "supplements from "Excel", there may be serious safety issues with their activation.

Privacy and Security for Office Supplements

https://msdn.microsoft.com/pt-br/library/office/fp161165.aspx

In this sense, there are several precautions that end users should take regarding this and not only the developer, which are similar to the care that should be taken with the activation of "macros".

View, manage and install add-ins in Office programs

https://support.office.com/pt-br/article/Exibir-gerenciar-e-instalar-suplementos-nos-programas-do-Office-16278816-1948-4028-91e5-76dca5380f8d

There are indications of care to be taken against "Hackers".

In the same way as for macros add-ons also feature "Security Settings", where both developer and end-users can activate or not some parameters in their Office.

File > Options > Reliability Center > Settings Reliability Center > Supplements

Still in the safety issues of supplements, one can request "signatures from trusted suppliers in these supplements". On the other hand, you can disable "security notifications", which is not recommended.

Regarding what needs to be done in the Offiice of end users, some supplements may "crash" as there is a compatibility check where the "Data Execution Prevention" of the Office will disable this add-in.

This may occur due to the internal policy of the TI of some organizations (internal security settings, for example).

Objectively (summarized), that’s it.