Protecting Office Documents from Macro Viruses

  • Article

This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release.

In recent years, a new kind of computer virus has emerged that uses application macro languages, such as VBA, to produce viruses that are associated with documents. For example, one of the first macro viruses was the Word Concept (also called Prank) macro virus that forced documents to be saved as templates. In Word, macro viruses typically transmit themselves by adding code to Word's default template, Normal.dot, which then copies code to each document you open or create to continue the replication process. Excel macro viruses perform similar operations, copying themselves to Personal.xls or some hidden location and replicating themselves to other workbooks when they are opened or created. At their most benign, a macro virus may perform a "prank" such as altering the text on the application title bar or displaying a message, but a macro virus is capable of doing anything that can be performed from VBA, such as renaming and deleting files.

For more information about macro viruses and anti-virus software, see the International Computer Security Association (ICSA) Web site at http://www.icsa.net/. Microsoft recommends using anti-virus software that is certified by this association. For information about anti-virus products that are certified by the ICSA, see https://www.icsalabs.com/icsa/main.php?pid=b31a$6140dfe3-4a851ebd$eaa4-72b.

For more information about macro viruses, see the Microsoft Office Anti-Virus Center Web site at http://officeupdate.microsoft.com/Articles/antivirus.htm.

In Office 97, Word, Excel, and PowerPoint provide the ability to a display a dialog box that warns users before opening a document that contains macros. The dialog box allows the user to enable or disable macros before opening the document. Because the effectiveness of this dialog box depends on the user's familiarity with the document being opened, an unfamiliar Office solution that depends on macros will be effectively broken if the user chooses to disable its macros when it is opened.

In Office 2000, Word, Excel, PowerPoint, and Outlook provide the following additional anti-virus features:

  • Support for third-party anti-virus software. (This feature does not apply to Outlook.)

  • Microsoft Authenticode technology to allow developers to digitally sign the VBA projects in their solutions by using a digital certificate.

These features aren't available in Access and Microsoft FrontPage because solutions developed for these products typically must be installed in some formal fashion before they are run. For example in corporate sites, an Access or FrontPage solution is typically distributed by installing from an IT group-approved network share. This form of installation implies a trust relationship between users, developers, and administrators. Additionally, in Access, you can create an .mde or .ade file that contains compiled VBA code without the source code, thus making it impossible for malicious users to add or alter code in these types of files.