With the current hullabaloo over the macro virus dubbed the "Love Bug", I thought this would be a good time to talk about macros. In light of recent events, it's wise to make sure your users understand that there's a world of difference between accepting a macro from the in- house development staff and accepting a macro from an unverified source. What may seem obvious to a developer is not at all obvious to the majority of computer users, as evidenced by the speed that "Love Bug" spread.
Here's what Ed Bott and Woody Leonhard have to say about macro security in their book
Macros can save time and energy, but an ill-conceived macro can (intentionally or unintentionally) destroy data and otherwise wreak havoc on your system or network. For example, a macro that automates file management tasks by deleting old files could inadvertently wipe out a whole folder full of files if you don't define its parameters carefully.
You can have a high degree of confidence in macros you write yourself, but should you trust a macro you receive from someone you've never met? Absolutely not. Thousands of macro viruses exist, and you run the risk of encountering one of them every time you open a document, workbook, presentation, or Access database.
What is a macro virus, and how likely are you to encounter one? Here are some simple facts every Office user should know:
- A computer "virus" is just a program that propagates. A macro virus
uses a macro language (such as VBA or VBScript) as the means of
propagating. A large percentage of macro viruses aren't harmful in any
- Some viruses corrupt data in subtle ways by rearranging words and
phrases in documents, or adding the word "not" in random locations.
These are the most insidious viruses because, without full and detailed
backups, it's nearly impossible to restore documents to their original
- Other serious macro viruses erase selected files or groups of files
from your hard drive. You can often recover from these destructive
viruses by using the Windows Recycle bin, well-maintained backups, or
third-party software such as Norton's Unerase.
- Some nasty macro viruses prevent you from using Office, or Windows
itself, by deleting key files or rearranging the Windows Registry.
Sometimes the cure is as simple as reinstalling the software, but a
well-written virus can make even this cure impossible.
- The most sophisticated virus-writing techniques often appear in Office
macro viruses before they show up anywhere else. Some use "stealth"
technology (for example, the virus may take over the Office components
that let you see macros, thereby hiding themselves), or "polymorphism"
(where the virus mutates each time it replicates, making it much harder
to identify and catch).
- Viruses can propagate from application to application. For example,
you may introduce a virus to your system by opening an infected Word
document, and then the infection can spread to Excel workbooks. Because
Outlook and other clients support scripting languages, it is
theoretically possible to spread viruses through email messages, even
without file attachments.
- You're far more likely to receive an infected file from a coworker, a
friend, or a network server than by downloading documents from the
Internet. Similarly, you are far more likely to lose data due to a dumb
mistake or a hardware problem than to a macro virus.
- Almost all virus scares are precisely that--scares, with little or no foundation in reality.
The vast majority of macro viruses rank as amateurish and poorly written, and can hardly survive in the wild. Some, however, have proven themselves robust--and destructive.
Related book Special Edition Using Microsoft Office 2000
Author : Ed Bott and Woody Leonhard
Publisher : QUE
ISBN/CODE : 0789718421
Cover Type : Soft Cover
Pages : 1520
Published : May 1999
Special Edition Using Microsoft Office 2000 is the premier Office Suite book for intermediate and advanced users. Focusing on intermediate and advanced skills and uses, this book features additional coverage of undocumented features, workarounds and practical (and unapologetic) advice for avoiding features that don't work well. You'll also see a writing style that crams in more information by not wasting step-by-step coverage on simpler tasks.
This was first published in August 2000