Microsoft beefs up defences against Office macros menace Microsoft has introduced a macros-blocking feature within Office 2016 in a move designed to collar a long-running malware threat. Macro-based malware is once again on the rise as a vector in the spread of various strains of malware including the Locky ransomware, BlackEnergy and the Dridex banking trojan. Microsoft’s stats …
. . . it does nothing for older editions of Office installed out there. After all, for basic functionality, ANY edition of Office will work for the vast majority of users. And there's really no incentive for general users to upgrade: hell, we use Office 2007 at home, and are fine with it.
Secondly, Group Policy ? REALLY ? So this is a fix aimed PURELY at Corporate users, with sufficient IT support to (1) HAVE Group Policies, and (2) have admins sufficiently clueful to correctly enable and configure the policy. And Group Policy requires a Domain and at least the Professional edition of Windows: Home versions don't support GPOs. . . So, again, Corporate love, but the heck with the rest of the users out there. . .
Lastly, was there EVER a good reason to embed macro functionality into documents ? I've been doing IT for 25+ years, and I have yet to see one . . .
"Lastly, was there EVER a good reason to embed macro functionality into documents ? I've been doing IT for 25+ years, and I have yet to see one . . ."
Well, you have a point. I can quite see why one may need macros in an complex XLS sheet, but Word and PPoint, seriously ? Why in $DEITY's name ?
"Home versions don't support GPOs. . . So, again, Corporate love, but the heck with the rest of the users out there. . ."
If you are stupid enough, to ignore the warning in the email about saving files, then stupid enough to ignore the warning about running files from the internet and then stupid enough to ignore the warning about running macros and then you fuck up your own machine, well that's your own problem.
If your stupid enough to do the same and take out a business pc and / or a whole lot of other systems, then that's a whole new level of pain.
Yeah those usually work well :) Feels like feeble marketing hype, besides didn't M$ try enterprise macro blocks before anyway and it just blew up in people's faces...
Only certain lines of macro code are capable of hijacking machine and downloading a payload anyway... So why not let the selectall.copy() edit-goto selectall.paste() lines execute, but always block 'shell' etc... Forcing macro writers to address that part while letting benign vba through...
Blocking macros at enterprise level is a non-solution imo. It'll lead to workplace rebellion forcing a rethink by sysadmins. Plus, notifications never work, after all this is the same low hanging fruit of users that welcomes ransomware!
Macros are very useful in a lot of situations.
I've written macros over the years, from simply applying new functions for spreadsheets (one that calculates hours worked and reports hours, not days, for example), selecting relevant boilerplate text when creating documents or complete sales invoicing and budgeting systems in Excel.
The latter is not so relevant today, given the number of open source and cloud based solutions, but "back in the day", such a system was quick and cheap to implement.
Didn't I see almost the exact same article in like? 1995? And didn't the default security settings for Office disable macros? And weren't there all kinds of problems with sharing documents containing macros? That must have been that other universe I crossed over from about that same time. The one where OS2 was the choice of business and Windows was for home use.
Macros are an obsolete idea that are hanging around because too many are familiar with writing them. They allow someone in Finance have a whiz-bang spreadsheet but this person probably has little knowledge of proper coding techniques. Coupled with a complete lack of knowledge about security and disaster lurks.
My preferred solution to this is to have an external script read the data, process it, then generate csv file for manual import into Excel. However many will find this tedious and think a macro is better solution. However the external script is never part of the Excel, it is just a prettied up csv file for most purposes.
I open them without macros and they look a mess, so I guess the macros are there to make them look pretty.
I fill them in and send them back, each time with a note to the effect that i will not enable their macros and they are being bloody stupid expecting anyone to do so.
Just imagine what could happen in a council whose staff are used to running macros on all docs and sundry. Oh yeah, it already did. (My council isn't that one).
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
