Tech News

Microsoft Finally Pulls the Plug on Macros

Microsoft Finally Pulls the Plug on Macros


Microsoft Finally Pulls the Plug on Macros 2016 tech images

With great power comes great responsibility. Wait. How does Spider-Man fit into this? Microsoft gave Microsoft Office almost unlimited control over the system via macros otherwise known as visual basic for applications (VBA) in order to extend the capabilities of Office. This enabled Office to become the premier office suite for computers because it made the software ultra-flexible. Businesses had the option of programming MS Office instead of purchasing off-the-shelf or expensive business software.

This power came at a price. VBA had as much power over the system as Visual Basic itself did. VBA can update the Windows registry, scan a user’s Outlook contact list, connect to an internet website and execute a link. Malware programmers immediately took advantage of this and cooked up viruses, worms, Trojans and worse, ransomware. Macros don’t need to do all the work; they could just edit the Windows registry and download other components to complete a malicious system. I read a great Star Trek series of books called Double Helix wherein a combination of prions when put together created a lethal virus thus making the mode of transmission almost untraceable. Prions are infectious agents similar to viruses but made up of mostly protein. Mad Cow Disease is an example of prion infection. In short, an office macro can act as a component prion and download other components to create a virus virtually untraceable by security software.

Microsoft made a stop-gap solution by disabling macros by default. Office documents with macros ask the user whether or not to enable them. Sensible users ask their IT first before responding ‘Yes’ or sensible developers properly document their macro-enabled documents making users aware of the extra features of their documents. That is not true for many small to medium sized businesses and households. Busy workers won’t let some lousy yellow bar prevent them from seeing what’s inside their word document or spreadsheet and will always respond ‘Yes’ and open up the system like a can of worms. Many of the most dangerous malware out there are loaded and run by unsuspecting users through macro-enabled Office documents. Thankfully that era has finally ended as some genius in Microsoft finally thought to take the decision of running macros out of users’ hands and into the hands of system administrators who have the greater responsibility. Microsoft included the ability to run macros to system administrators as part of the network’s group policy.

Users often wondered why Microsoft haven’t removed its macros feature from Microsoft Office if it’s one of the major vectors of malware. Microsoft could instead create a poll of the top 500 functions macros are used for and incorporate them in Office and stomp out macros completely. That approach could probably leave out the bottom 9,500 reasons to use macros and piss off thousands of companies.

But Microsoft’s current approach is just as good. No user can enable any macro-laden documents without asking their system administrators who know better. And sensible administrators hopefully wouldn’t give their executives superuser/administrator status thus spreading malware from the top-down. After years and years of spreading malware through Office macros, malware authors will now have to phish in bluer waters.

However, this new feature only applies to Office 2016. Owners of earlier versions remain vulnerable to macro-based attacks until they upgrade. This could also be an income generating strategy for Microsoft to get their users to get the latest version of Office and even Windows 10. There are still holdouts of Office 2003 due to resistance to the ribbon interface.

“The enduring appeal for macro-based malware appears to rely on the likelihood to enable macros… Previous versions of Office include a warning when opening documents that contain macros, but malware authors have become more resilient in their social engineering tactics, luring users to enable macros in good faith and ending up infected.”

–Microsoft Blog post

Examples of clever macro attacks include the infamous “I Love You” virus which infected millions of computers worldwide and spread like wildfire. Who wouldn’t want to open an email with that subject coming from a friend or colleague? Just recently, millions of computers were infected by the macro-based Lockey ransomware which disguised itself as some kind of scrambled invoice to be paid. Business-centric users were likely to open the email and enable the macro of the attached word document promising a better view of the garbage displayed instead of an invoice. Victims ended up having their files encrypted and can only open them by paying the authors in bitcoin.

Hopefully, this new feature trickles down to earlier office versions if Microsoft is sincere in its malware-busting efforts or maybe until they reach some sort of quota.

Tech News

Our technology expert who knows a thing or two about the future, superheroes and Supernatural.

More in Tech News

google goes after uber for self driving theft 2017 images

Google goes after Uber for self driving theft

Jeffrey LangFebruary 25, 2017
Robots that Replace Skilled Labor Should Pay Taxes 2017 images

Robots that Replace Skilled Labor Should Pay Taxes

Marius MaronillaFebruary 23, 2017
Top 10 hottest tech and game changing innovations 2017 images

Top 10 hottest tech and game changing innovations

Jeffrey LangFebruary 22, 2017
The Ultimate Spy Gadget Samsung Galaxy S3 2017 images

The Ultimate Spy Gadget: Samsung Galaxy S3

Marius MaronillaFebruary 20, 2017
yahoo warns on more hack attacks 2017 images

Yahoo warns users on more hack attacks

Jeffrey LangFebruary 16, 2017
From Russia with Love, Take Edward Snowden 2017 images

From Russia with Love, Take Edward Snowden

Marius MaronillaFebruary 16, 2017
Nokia 3310 Memories and the Phone’s Rumored Return 2017 images

Nokia 3310 Memories and the Phone’s Rumored Return

Marius MaronillaFebruary 16, 2017
india online gaming big business 2017

India seeing the rise of online gaming leagues as big business

Jeffrey LangFebruary 16, 2017
samsung chromebook could change everything for google 2017 images

Samsung Chromebook could change everything for Google

Jeffrey LangFebruary 14, 2017

Subscribe to our Daily Newsletter

You will only receive one per day. You'll also get a free THE WALKING DEAD graphic novel with your subscription