The point of many viruses, macro or otherwise, is to annoy people, waste time, and generally eat bandwidth of various sorts. That’s ironic, given the amount of space the topic consumes whenever it appears in the press (see TidBITS-383). But, since numerous readers made useful comments and suggestions, we wanted to pass along the information to help everyone understand more about the macro virus problem. This will be it for virus coverage in TidBITS for a while, but you can find a great deal more information about viruses on the Macintosh (including macro viruses) on David Harley’s Viruses and the Macintosh FAQ at:
If it hurts… Of all the responses I received, the simplest (and often presented with tongue firmly planted in cheek) solution offered to the Word macro virus problem was simply to avoid using Microsoft Word 6 or other programs that suffer from macro viruses. That of course won’t work universally, because people don’t always have much choice about the programs they use.
Auto-running Macros — Others suggested turning off auto-running macros in Word 6, which prevents some macro viruses from replicating or performing other anti-social acts. Unfortunately, many macro viruses use alternate methods of activation, including deceptive names, co-opted common command key shortcuts, and captured menu items. So, although turning off auto-running macros in Word 6 might help slightly, it’s not a reliable solution.
Locked Normal Template — One intriguing solution for preventing the spread of Word macro viruses, from Tyler Stewart <[email protected]>, was to lock the Normal template file, which lives in the Templates folder in the Word folder. Select it in the Finder and choose Get Info from the File menu, then click the Locked checkbox. Locking the Normal template prevents any macro virus from infecting it, but macro viruses could also transfer themselves to other open documents or run without replicating. More problematic is the fact that Word 6 seems to cache the Normal template in RAM, so the RAM copy can be infected (and thus pass on the infection during that session) even with the Normal template locked. In other words, this solution won’t always work and might prove irritating if you need to change the Normal template.
File Conversions — A number of readers suggested variants on file conversion techniques. Microsoft Word 5 can’t run macros of any sort, so it’s safe from Word 6 macro viruses. Some people thought that macros could be carried in a file that Word 5 had converted, opened, saved, and which was then re-opened in Word 6. Datawatch’s Mike Groh reported that they’ve had no reports of macros surviving the conversion process, either via Word 5 or via translators such as DataViz’s MacLinkPlus. In both our and Datawatch’s testing, conversions stripped the macros.
Eliminating Macros Entirely — Some folks suggested techniques that might work for eliminating all macros in Word documents. But, macros are not inherently evil, and anything that blindly removes all macros could easily destroy useful or even necessary macros. Tools like Microsoft’s MVTOOL aren’t so destructive, since they offer the choice of opening documents without macros on a per-file basis. However, don’t trust MVTOOL’s protection (accomplished via a macro called SCANPROT, which confused some readers), because it works only if you use the Open command in Word’s File menu to open the files. If you double-click a Word file in the Finder or use other methods of opening files from outside Word (like the Recent Files hierarchical menu, or Now Super Boomerang), MVTOOL won’t work. Read the documentation with MVTOOL carefully before relying on it.
Other Anti-virus Utilities — Just to be complete, Datawatch’s Virex and Symantec’s SAM aren’t the only commercial anti-virus programs available for the Mac that can detect and eliminate macro viruses. Also available are McAfee’s VirusScan and Dr. Solomon’s FindVirus, and others may exist as well. I have no recommendations here other than to note that Datawatch’s Mike Groh was voluntarily helpful in checking and commenting on these articles. Viruses affect everyone, so I’d lean toward companies who participate in the communities their software protects.
Eternal Vigilance — This entire topic came up because of my warning in TidBITS-381 that the Macintosh community was becoming complacent about viruses. Several readers alerted me to infected CD-ROMs that have recently been distributed to numerous people, including Apple’s Official May 1997 Marketing ToolKit, which goes to dealers and the media. There are two lessons to be learned. First, don’t trust even seemingly innocuous sources, because even CD-ROMs and disks from reputable companies can become infected. Second, if you’re in charge of mastering CDs or creating master disks, check the disks with anti-virus software! It’s simply unacceptable for any widely distributed CD-ROM or floppy to carry infected files.
Design a Sandbox — I believe that the eventual solution to these macro viruses is for the companies producing software with macro capabilities to take the responsibility of designing their programs in such a way to eliminate macro viruses. Although Sun’s Java language undoubtedly isn’t perfect, it was designed to prevent malicious uses. Even if someone finds a way around that design, it won’t be as easy as it is with macro languages. I won’t pretend to know if it’s even possible to create a macro language that doesn’t suffer from macro viruses, but with the number of macro viruses that appear every day, it’s clear that the problem is very real.