First developed in 1993 by NASCA and included in some of the very first browsers like Mosaic, Netscape and Mozilla, JS has an illustrious history within the development of the World Wide Web, and it could be argued that it is one of the most important development languages around.
So, it was with some interest that Microsoft announced that Excel, the ubiquitous spreadsheet tool, was to have JS support. But what exactly does this mean, and why are some people worried by it? Firstly, the integration of JS into Excel means that a whole host of new functions can be added. Whilst most people use Excel for simply running the household finances or keeping track of things at work, it is actually a powerful and flexible tool, with a huge range of uses. The addition of JS means that users are able to write custom functions, whether that be to import bank feeds directly, stream live data or code complex maths operations. It makes what is already a powerful program much, much more powerful.
There are some wonderful examples of Excel errors, some both famous and costly, but the fear is that these simple mistakes could be overtaken by a more nefarious style of attack. One particular security researcher recently posted on Twitter that he had already managed to get the Coinhive attack (a bug that secretly utilises your CPU to mine cryptocurrency when certain websites are visited) to run through a custom JS function, and whilst this version of Excel is currently only in private Beta testing, it points the way of things to come.
So, despite the obvious benefits of having JS enabled Excel running on your machines either at home or at work, be careful out there, and make sure you’re both keeping your antivirus definitions up to date and not using compromised libraries online.