Logo
  About Us     ExcelShield     MailShield   Deutsch 
   

Contact Us
Recommend
Newsletter

How ExcelShield Solves These Security Problems

Insufficient security capabilities of Excel
You invested time, efforts, and knowledge into your Excel workbooks. This knowledge is your capital. To protect your knowledge against unauthorized access, you use Excel's workbook protection, sheet protection, hiding of formulas, VBA module protection, and password protection of the file. If you now think that your knowledge is protected effectively, you are wrong: "In reality, that data can be exposed by any end user who can execute a simple copy-and-paste procedure. It takes fewer steps to reverse the security than it does to set it up."1

Hacker programs that are freely available in the Internet crack any Excel password as well as any workbook and sheet protection within a few minutes. Go and see for yourself: Enter in Google the search words "Excel password crack" - about 5,050,000 results are found.

"The method of password-protecting data in Excel [...] is like putting a password on a document while also supplying a Post-It Note revealing the password. It's as potentially damaging as some of these recent viruses that have spread around the world."
Rick Sturm, Präsident von Enterprise Management Associates1

The protection that Excel promises is only an illusion: "Excel cannot protect any information, although the program gives the illusion that it can. [...] The result for large corporations is that millions of Excel documents shared between co-workers and business partners could become a security breach for confidential data."1

The weaknesses of Excel are the strengths of ExcelShield
ExcelShield has been developed as a security addition to Excel and compensates the weaknesses of Excel in this area. The weaknesses of Excel and the security needs of the users have been analyzed and formulated into three security requirements which must be met by any security software.

First security requirement: protection of the intellectual property

The core of any Excel workbook are the formulas. They represent the underlying knowledge and expertise and were created with large investments of time and efforts. That is why they also form the preferred target of any unauthorized access, theft of information, and industrial espionage. For example, it may be called usual that dismissed employees take copies of all important Excel workbooks with them to their new employer. In other cases, employees sell important Excel workbooks to competitors. This not only causes huge indirect financial damages but may also endanger the market position and the competitive advantage of the damaged company. An image loss is unavoidable if such an incident becomes public. Thus, protection of the intellectual property has the highest priority.

ExcelShield achieves this protection by encrypting all formulas in the Excel workbook using one of the strongest encryption methods that exist. As a result, the user sees only the calculation results in the cells but not the formulas anymore. Nevertheless, the workbook remains fully functional and the user is not restricted in the usage of the workbook because ExcelShield works in the background. For example, the user is still able to perform new calculations, to enter new formulas, to overwrite old formulas, to insert and delete sheets, to rename sheets, etc.

The protection of ExcelShield can be compared with the development of a software program, where a readable and modifiable source code is compiled to a software program that cannot be read or modified anymore but remains executable on every computer. By installing the free ExcelShield Client-Add-In, the encrypted functions of a workbook protected with ExcelShield can be used on every computer.

Because all formulas (and thus the problem solution algorithm) have been encrypted, the intentional as well as the unintentional (e.g., by error or carelessness) manipulation possibilities are considerably reduced. This fact is especially important for those Excel workbooks that are very important (e.g., for legal or financial reasons) or that offer the possibility of personal enrichment.

The utilized encryption method
ExcelShield uses the encryption method AES (Rijndael) with 128 bit keys. AES is said to be the encryption standard for the coming years and is also used officially by US authorities to protect confidential data. As of today, it is the best encryption method available.

Second security requirement: restriction of user rights
By encrypting the formulas, they are protected effectively against espionage and modifications. Thus, encryption prevents the theft of the intellectual property but not the unauthorized use of the Excel workbook because the file can simply be given to other people who then use the encrypted workbook for their own purposes.

Once again, comparing this situation with the software development industry illustrates the problem: After the source code has been compiled to a software program, the source code cannot be seen anymore by anyone, but the resulting program can be executed on any computer by any user including those who should not be authorized to do so. The software industry solves this problem either by using copy protected disks or by using registration and activation methods.

ExcelShield provides similar methods in order to make it possible for the author of an Excel workbook to specify exactly who is authorized to use the workbook:

  • Password protection: The protected workbook can only be used by entering the correct password.
  • Activation: The protected workbook can only be used on specific computers. Each computer is identified by its hardware parameters and be activated for each workbook. The activation process is completely informal and can be done by e-mail, phone, or any other medium. It takes only a few seconds and no Internet or network connection is required. To activate a workbook, only a short sequence of numbers and characters must be entered once.
  • Time limit: The protected workbook can only be used for a specified time period. The author of the workbook can decide whether the workbook should remain useable until a specific fixed date (e.g., December 31, 2007) or for a specified time period after its first use (e.g., 60 days).

These protection methods are optional and can be combined with each other to achieve the security level that is optimal for your needs and your environment.

Third security requirement: removal of hidden sensitive data
Excel automatically saves hidden sensitive data in all workbooks. Examples of such data are the name of the author and her company, the name of the person who last edited the workbook, a history of all changes made, email addresses of the people to whom the workbook has been sent, and much more. These so-called meta data can give external people (e.g., hackers, journalists, competitors) important insights into structure, organization, and staff of your company.

For this reason, ExcelShield offers an anonymization function that reliably removes these hidden sensitive data from your workbooks. The user of ExcelShield can specify exactly which data she wants to have removed and which not.

Ideally, for security reasons, all workbooks that are going to be published or given to external person should be anonymized. Of course, the anonymized workbooks remain fully functional.

------
1 Fontana, John: "Exposing Excel's Dirty Little Secret", in: PC World, 12/17/2001.

 Back   Next 
 

 

Copyright © 2004-2006 Praetorians Information Security. All rights reserved.
Terms and Conditions - Privacy Policy - Impressum