Macros

Pure data files cannot propagate viruses, but with extensive macro languages in some programs the line between a “data” file and executable file can easily become blurred to the average user. While text E-mail messages can’t contain viruses they may have attachments that do, some will run active code in a message, and some E-mail programs will automatically load and run attachments. Don’t let them. Finally, be careful of programs that use other programs for reading E-mail.

As indicated throughout this tutorial, in order for a virus to do anything, first a program of some type must execute. A virus, no matter what type, is still a program and it must load into memory and run in order to do anything. Simply reading it into memory is not sufficient. Pure data files are not viruses simply because, by their nature, they do not execute.

The problem, however, is that many modern programs contain some form of macro language; in some cases a very powerful macro language with commands that include opening, manipulating, and closing files. More and more, these programs allow a user to extend their capabilities by writing powerful macros and then attaching these to data files produced by that program. In many cases, in order to make things easy for users, the macros are set up to run automatically whenever the data file is loaded. It’s in cases like this where the line between a data file and program starts to blur.

Note: There are many triggers (other than loading the document) that viral code can exploit. And, once running, various elements of the program’s macro language can be exploited so that all future data files produced by that program version could contain the viral macro code.

Most scanners have default settings that check the most common executable files and data files from programs that have a macro language. So, when using those programs it’s a good idea to not change the default extension so scanners can find the files they need to. Also, scanners can be set to check every file instead of just files that normally execute; but most do not do this by default–that would make the scanning process too long for most people.

In order to know when to turn full scanning on you need to know something about the software you use. In particular, you need to make yourself aware of any software that uses the sort of “automatic macro” feature described here. Never use a piece of software until you’ve explored its manual for some time just to see its full capabilities. If these include some sort of “programming” (macro) language, be aware there is an opportunity for problems. Common programs with macro capability that can be exploited by virus writers are Microsoft Word®, Excel® and other Office programs. Windows Help files can also contain macro code (but are rarely exploited because of the difficulty in doing so). And, at one time some macro code to be exploited existed in the full version of the Acrobat program which reads and writes PDF files (the free reader is not affected; only the full version).

A second vulnerability exists on the Internet. Some E-mail programs and Internet browsers allow you to click on a data file or program that might be attached to a message or displayed on a web page and have that file or program load and/or run automatically. You should not allow this to happen. Always save the file or program to disk and then check it with anti-virus software before loading or executing it (or have an anti-virus program that “attaches” to your programs such that it checks files before the program loads them or checks E-mail as it comes in).

And, even more insidious are newer E-mail programs that allow one to use programs like Microsoft Word to read and write messages. You may not even know you are using Word. But, since the E-mail program does use Word, macros can be encoded into the message and be made to run on your system when you open the message to read it. It is very important that you know the characteristics of programs you use! Only then will you be able to determine if you are at risk.

Summary

  • With macro languages the line between pure data files and executable files is blurring.
  • An infected file might be attached to an E-mail. Don’t automatically run attached files.
  • Be careful of E-mail programs that use other programs with macros to display or create incoming mail.
Up Arrow What Viruses Infect Up Arrow
Prior Page Next Page
Files Companion Files