Excel Macros 简明教程

Excel Macros - Security

您在 Excel 中创建的宏将以编程语言 VBA(应用程序的可视化 Basic)编写。您将在后面的章节中了解 Excel 宏代码。如您所知,在存在可执行代码时,就会有病毒的威胁。宏也容易受到病毒的攻击。

The macros that you create in Excel would be written in the programming language VBA (Visual Basic for Applications). You will learn about the Excel macro code in later chapters. As you are aware, when there is an executable code, there is a threat of viruses. Macros are also susceptible to viruses.

What are Macro Viruses?

其中编写宏的 Excel VBA 可以访问大多数 Windows 系统调用,并且在工作簿打开时自动执行。因此,存在由宏编写并隐藏在 Excel 中的病毒,在打开工作簿时执行的潜在威胁。因此,Excel 宏可能在许多方面对您的计算机非常危险。但是,Microsoft 已采取适当措施来保护工作簿免受宏病毒侵害。

Excel VBA in which the Macros are written has access to most Windows system calls and executes automatically when workbooks are opened. Hence, there is a potential threat of the existence of a virus written as a macro and is hidden within Excel that are executed on opening a workbook. Therefore, Excel macros can be very dangerous to your computer in many ways. However, Microsoft has taken appropriate measures to shield the workbooks from macro viruses.

Microsoft 引入了宏安全性,以便您可以识别您信任的宏和您不能信任的宏。

Microsoft has introduced macro security so that you can identify which macros you can trust and which you cannot.

Macro Enabled Excel Workbooks

最重要的 Excel 宏安全功能是 - 文件扩展名。

The most important Excel macro security feature is - file extensions.

Excel 工作簿默认情况下将以 .xlsx 文件扩展名保存。您始终可以信任具有 .xlsx 文件扩展名的工作簿,因为它们无法存储宏并且不会携带任何威胁。

Excel workbooks will be saved with .xlsx file extension by default. You can always trust workbooks with .xlsx file extension, as they are incapable of storing a macro and will not carry any threat.

包含宏的工作簿将以 .xlsm 文件扩展名进行保存。它们被称为启用宏的 Excel 工作簿。在打开此类工作簿之前,您应确保它们包含的宏不是恶意的。为此,您必须确保您信任此类工作簿的来源。

Excel workbooks with macros are saved with .xlsm file extension. They are termed as Macro Enabled Excel Workbooks. Before you open such workbooks, you should make sure that the macros they contain are not malicious. For this, you must ensure that you can trust the origin of this type of workbooks.

Ways of Trusting Macro Enabled Workbook

Excel 提供了三种方法来信任已启用宏的工作簿。

Excel provides three ways to trust a macro enabled workbook.

  1. Placing the macro enabled workbooks in a trusted folder

  2. Checking if a macro is digitally signed

  3. Enabling security alert messages before opening macro enabled workbooks

Placing the macro enabled workbooks in a trusted folder

这是管理宏安全最简单、最有效的方法。Excel 允许您将文件夹指定为受信任位置。将所有已启用宏的工作簿放在该受信任文件夹中。您可以在不受警告或限制的情况下打开已保存到该位置的已启用宏的工作簿。

This is the easiest and best way to manage macro security. Excel allows you to designate a folder as a trusted location. Place all your macro-enabled workbooks in that trusted folder. You can open macro-enabled workbooks that are saved to this location without warnings or restrictions.

Checking if a macro is digitally signed

数字签名可确认作者的身份。您可以将 Excel 配置为在无警告或限制的情况下,运行来自受信任人员的经过数字签名的宏。如果自作者签名后工作簿已更改,Excel 也会向收件人发出警告。

Digital signatures confirm the identity of the author. You can configure Excel to run digitally signed macros from trusted persons without warnings or restrictions. Excel will also warn the recipient if it has been changed since the author signed it.

Enabling security alert messages before opening macro enabled workbooks

当您打开工作簿时,Excel 会警告您该工作簿中包含宏,并询问您是否要启用它们。如果工作簿来源可靠,您可以单击“{s0}”按钮。

When you open a workbook, Excel warns you that the workbook contains macros and asks whether you wish to enable them. You can click the Enable Content button if the source of the workbook is reliable.

security

您可以在 Excel 选项中的“信任中心”中设置这三个选项中的任何一个。

You can set any of these three options in the Trust Center in the Excel Options.

如果您在组织中工作,系统管理员可能已经更改了默认设置,以防止任何人更改设置。Microsoft 建议您不要更改“信任中心”中的安全设置,因为后果可能是丢失数据、数据盗窃或您的计算机或网络上的安全泄露。

If you work in an organization, the system administrator might have changed the default settings to prevent anyone from changing the settings. Microsoft advises that you do not change security settings in the Trust Center as the consequences can be loss of data, data theft or security compromises on your computer or network.

但是,您可以在以下章节了解宏安全设置,并检查它们是否需要更改。您必须运用自己的直觉,根据上下文和您对文件来源的了解来决定这些选项。

However, you can learn the macro security settings in the following sections and check if they are to be changed. You have to use your own instinct to decide on any of these options based on the context and your knowledge of the file origin.

Macro Security Settings in Trust Center

宏设置位于 Excel 选项中的“信任中心”。要访问“信任中心”,请执行以下操作:

The macro settings are located in the Trust Center in the Excel Options. To access the Trust Center, do the following −

  1. Click the FILE tab on the Ribbon.

  2. Click Options. The Excel Options dialog box appears.

  3. Click Trust Center in the left pane.

  4. Click the Trust Center Settings button under Microsoft Excel Trust Center.

macro setting

这将显示“{s3}”对话框。

The Trust Center dialog box appears.

trust center

您将在左窗格中看到“Excel 信任中心”中提供的各种选项。您将在以下章节中了解与 Excel 宏相关的选项。

You will see various options available in the Excel Trust Center in the left pane. You will learn about the options related to Excel macros in the following sections.

Macro Settings

宏设置位于“信任中心”。

Macro settings are located in the Trust Center.

macro settings

在“宏设置”下,提供了四个选项。

Under Macro Settings, four options are available.

  1. Disable all macros without notification − If this option is chosen, Macros and security alerts about macros are disabled.

  2. Disable all macros with notification − Macros are disabled, but security alerts appear if there are macros present. You can enable macros on a case-by-case basis.

  3. Disable all macros except digitally signed macros − Macros are disabled but security alerts appear if there are macros present. However, if the macro is digitally signed by a trusted publisher, the macro runs if you trust the publisher. If you have do not trust the publisher, you will be notified to enable the signed macro and trust the publisher.

  4. Enable all macros (not recommended, susceptible to macro viruses) − If this option is chosen, all macros run. This setting makes your computer vulnerable to potentially malicious code.

您可以在“开发人员宏设置”下拥有一个带有复选框的附加安全选项。

You have an additional security option under Developer Macro Settings with a Check box.

  1. Trust access to the VBA project object model. This option allows programmatic access to the Visual Basic for Applications (VBA) object model from an automation client. This security option is for code written to automate an Office program and manipulate the VBA environment and object model. It is a per-user and per-application setting, and denies access by default, hindering unauthorized programs from building harmful self-replicating code. For automation clients to access the VBA object model, the user running the code must grant access. To turn on access, select the check box.

Defining a Trusted Location

如果你认为某个启用宏的工作簿来自可靠来源,最好将该文件移动到 Excel 识别的受信任位置,而不是将默认信任中心设置更改为安全性较低的宏安全设置。

If you think that a macro-enabled workbook is from a reliable source, it is better to move the file to the trusted location identified by Excel, instead of changing the default Trust Center settings to a less-safe macro security setting.

你可以在信任中心中找到受信任的文件夹设置。

You can find the trusted folder settings in the Trust Center.

单击“信任中心”对话框中的“受信任位置”。由 Microsoft Office 设置的受信任位置显示在右侧。

Click the Trusted Locations in the Trust Center dialog box. The Trusted Locations set by Microsoft Office appear on the right side.

trusted location

你可以添加新位置、删除现有位置和修改现有位置。Microsoft Office 将把识别的受信任位置视为打开文件的可靠位置。但是,如果你添加或修改位置,确保该位置是安全的。

You can add new locations, remove the existing locations and modify the existing locations. The identified trusted locations will be treated by Microsoft office as reliable for opening files. However, if you add or modify a location, ensure that the location is secure.

你还可以找到 Office 不推荐的选项,例如 Internet 上的位置。

You can also find the options that office does not recommend, such as locations on internet.

Digitally Signed Macros from Reliable Sources

Microsoft 提供了一个用于适应经过数字签名的宏的选项。但是,即使宏经过数字签名,你也需要确保它来自受信任的发布者。

Microsoft provides an option to accommodate digitally signed macros. However, even if a macro is digitally signed, you need to ensure that it is from a trusted publisher.

你可以在信任中心找到受信任的发布者。

You will find the trusted publishers in in the Trust Center.

  1. Click Trusted Publishers in the Trust Center dialog box. A list of certificates appear on the right side with the details – Issued To, Issued By and Expiration Date.

  2. Select a certificate and click View.

trusted publishers

将显示证书信息。

The certificate information is displayed.

正如你在本章前面学到的,你可以设置一个仅在你信任发布者时才运行经过数字签名的宏的选项。如果你不信任发布者,系统会通知你启用已签名的宏并信任发布者。

As you have learnt earlier in this chapter, you can set an option to run a macro that is digitally signed only if you trust the publisher. If you do not trust the publisher, you will be notified to enable the signed macro and trust the publisher.

Using Warning Messages

当你打开带有宏的文件时,消息栏会显示安全警告。带有盾牌图标的黄色消息栏会警告你宏已禁用。

The Message Bar displays security alert when there are macros in the file that you are opening. The yellow Message Bar with a shield icon alerts you that the macros are disabled.

warning messages

如果你知道宏或这些宏来自可靠来源,你可以在消息栏上单击“启用内容”按钮以启用宏。

If you know that the macro or macros are from a reliable source, you can click n the Enable Content button on the Message Bar, to enable the macros.

你可以禁用消息栏选项,如果你不希望收到安全警告。另一方面,你可以启用消息栏选项以提高安全性。

You can disable the Message Bar option if you do not want security alerts. On the other hand, you can enable the Message Bar option to increase security.

Enabling / Disabling Security Alerts on the Message Bar

你可以按照以下方式启用/禁用带有消息栏的安全警告:

You can enable / disable security alerts with Message Bars as follows −

  1. Click the FILE tab on the Ribbon.

  2. Click Options. The Excel Options dialog box appears.

  3. Click Trust Center.

  4. Click the Trust Center Settings button.

  5. Click Message Bar.

会出现所有 Office 应用程序的消息栏设置。

The Message Bar Settings for all Office Applications appear.

message bar

  • Showing the Message Bar 下面有两个选项。

There are two options under - Showing the Message Bar.

Option 1 − 当处于活动内容(例如宏)被阻止时,在所有应用程序中显示消息栏。

Option 1 − Show the Message Bar in all applications when active content such as macros is blocked.

  1. This is the default option. The Message Bar appears when potentially unsafe content has been disabled.

  2. If you had selected - Disable all macros without notification in the Macro Settings of the Trust Center, this option is not selected and the Message Bar does not appear.

showing message

Option 2 − 永不显示有关被阻止内容的信息。

Option 2 − Never show information about blocked content.

如果此选项被选择,它将禁用消息栏,并且不出现关于安全问题的任何警报,无论信任中心中的任何安全设置如何。

If this option if selected, it disables the Message Bar and no alerts appear about security issues, regardless of any security settings in the Trust Center.

blocked