back to article No more macros? No problem, say miscreants, we'll adapt

Microsoft's decision to block internet-sourced macros by default last year is forcing attackers to find new and creative ways to compromise systems and deliver malware, according to threat researchers at Proofpoint. "The cybercriminal ecosystem has experienced a monumental shift in activity and threat behavior over the last …

  1. Lee D Silver badge

    It's almost like the macro stuff was SUCH an easy open door that they didn't need to care about finding obscure and new ways in.

    And when it was closed, they just focused their efforts more generally to a bunch of other glaring holes all over the place.

    Almost all of which, incidentally, are caused by "convenience" (e.g. opening files in associated apps by default for rendering a preview, etc.), opening untrusted files of unknown origin, and allowing things like spreadsheets to open / write to every file on your storage that your user has access to.

    If only there were a way to, say, actually stop programmes executing arbitrary code with blanket access to absolutely everything a user owns or does automatically with just one click when they are in fact - plucking a random example out of the air - just a spreadsheet.

    1. MiguelC Silver badge

      I'm sure that if the attack vector was a txt file saying "go to this website and download this program and run it", they'd still get some (or maybe even lots of) idiots to do it.

    2. sitta_europea Silver badge

      "If only there were a way to, say, actually stop programmes executing arbitrary code with blanket access to absolutely everything a user owns or does automatically with just one click when they are in fact - plucking a random example out of the air - just a spreadsheet."

      There is. Don't use Windows.

  2. Anonymous Coward
    Anonymous Coward

    Microsoft's decision to block internet-sourced macros by default LAST YEAR

    That shows you exactly just how much Microsoft cares about customer security. I don't know when they started with macros, but that should have been done from day one, not after, what? Two decades? It's taken that long to de-risk image viewing on the platform too, at least I assume it's safe now - you never know.

    Oh sure, it has engaged in a lot of camouflage like looking for bugs at OTHER companies and blaming the victims if they did not apply patches the very millisecond they were put online (making them thus choose between alleged security or a possible self-inflicted Denial of Service due to the quality of the patches which often mirrored the questionable quality of the platform they were to be applied to), but actually improving anything?

    Nah. Let's force a new UI on companies instead to keep them distracted.

    And use them as beta testers.

    1. IGotOut Silver badge

      Well they tried the.

      "Are you sure?'

      "This is untrusted,are you sure"

      Then finally

      " You've downloaded this random file from the internet. Are you sure? Yes we know you just asked, but this is probably a virus are you really fucking sure you dumb ass?

      Blocking was the only answer to human stupidity.

    2. katrinab Silver badge
      Alert

      A little over 3 decades. They talk about Excel 4 macros. Excel 4 launched in 1992.

    3. Captain Scarlet
      Coat

      After the change came in the Accountants all cried out in pain as their stupid Excel documents or forms no longer worked (I mean just press the button at the top or save the file in a trusted location, but no thats to hard).

    4. Michael Wojcik Silver badge

      I don't know when they started with macros

      The important date here is 1999, when Kwyjibo wrote the Melissa virus for Word and Smith released it. Melissa was a pretty major event, hitting ~1M users and making the national news.

      That it took Microsoft over two decades to properly restrict macro execution in Office products (after years of ineffective half measures) shows just how resistant the Office product-management team is to curtailing "features" that are actually serious security vulnerabilities.

  3. aerogems Silver badge
    Mushroom

    This is why we can't have nice things

    The sad reality is, inflexible business rules often mean that home grown macros are the only way to actually do your job because you're not given the proper tools to do it otherwise. I should know, because I authored one. The only way I would have ever been able to keep up with my workload was by automating a lot of the report generation. I'm sure it's only a matter of time before macros as a whole get the axe and then there's going to be a lot of people in a lot of companies all around the globe who suddenly aren't able to do their jobs because the macro they relied on for so long no longer works. And I'm sure the beancounters would rather just outsource the position to a third party company than actually provide the proper tools and support for the existing employees.

    1. CowHorseFrog Silver badge

      Re: This is why we can't have nice things

      No powerpoint and presentations has always been a problem. It seems when you mention reports your company is on that path of having large numbers of staff giving meetings with presentations where everyone pretends they are fabulous.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like