Microsoft Will Block Office Macros By Default Starting July 27 - Slashdot

›

• Re:

  And you can still use them. This change is about *files from Internet* or other untrusted locations, such as a file share accessed through an IP address.

  For files retrieved from *trusted locations* this will not have any effect. Macros will still be able to run.

  • Re:

    Why do I have a hunch that "trusted location" means "some server on the internet with a valid certificate" or similar bullshit that won't keep a single infection from happening but causes heaps of headaches for legitimate users?

    • Re: Um, ok

      VS Code has something along these lines. You designate locations that are trusted and projects from a trusted location can do everything, but projects from other locations can't.

    • Re:

      The "from Internet" taint of files in Windows rely on the user agent. Mail clients and browsers are expected to "taint" files downloaded using the application. All browsers respect this, and I believe that all mail clients do so as well. But it really comes down to the program you use to download the file.

      This ability to "taint" a file has been in Windows since Vista (at least).

      • Re:

        In other words, if I download it using a PS script and don't "taint" it...

        C'mon, seriously?

  • Re:

    Except that MS is incapable of accurately determining where files come from, and frequently forgets that a yes, for fuck's sake I want to edit this document.

• Re:

  And? Continue using them like normal. If the document is from a trusted source, comes from withing your domain, is signed, is authored by someone from within your organisation, is manually permitted, or you set group policy to ignore this new change then they will run like they always have.

  What's being blocked is macros run within documents from an untrusted location (e.g. internet, or share accessed via ip address rather than network name).

• Re:

  The difference, as usual, is that Microsoft isn't actually taking the functionality away. Microsoft rarely does that. They do sometimes let things languish until they're not practical to use any more, but that's not the same thing. You'll be able to click to enable your macros. This is a good move that's going to reduce the number of dumbshits who are infected by email. It won't eliminate them, because a percentage of those dumbshits will enable the macros, but it should still help.

  Per link from TFA [microsoft.com], users

• Re:

  Oh, you can still "automate". This takes away the ability to run macros for *files from Internet*. It does not take away the ability to run macros in documents you have authored yourself or retrieved from within your organization.

  • Re:

    Trying to partition which bits of the internet are the organisation or partners to the organisation sounds like a nightmare since most things are hosted within three main outsourcing organisations.

    • Re:

      It's the browser or mail client that taints the file with it's "Internet origin" mark. Download a file using a browser or save a file received through an email and it will be tainted, unless you use some obscure mailclient or browser which does not follow the guidance.

• Re:

  While your critique is not really accurate, I do wonder why companies are still using VB for "business intelligence." There are so many easier ways today to manage data between the extremes of Excel and Oracle, why would you pick either dark end.

  • Re:

    Well indeed, but when all you have is a hammer, everything looks like a nail.

    Excel mostly gets in the way of automation, it is ok for displaying data but shouldn't be a producer in my view.

    • Re:

      Completely agree. It is a hard lesson to learn though; so many things only give you 80%, and for the balance you need to export to excel. The stuff that really sucks puts excell in the middle of the workflow to glue different systems together.

      Boy I wish there was an open source graphing engine that could functionally compete with Excel-- things like mixed-mode graphs and the level of customization!

• This isn’t that easy. VBA is much more powerful than just macros. The use of it is more akin to creating a stand alone application that happens to run through Office programs. The application may create, copy, scan or delete files, access data on the web, modify data, send emails, essentially do anything you can think of. I’ve written programs similar to windirstat within VBA and that only takes a couple hours to make. Entire accounting systems run on VBA and do things no doubt that could be considered a virus or malware were it a random file downloaded from the internet. Blocking certain macros would cause most programs not to work at all.

• Re:

  If we could identify malicious actions from intentional ones we wouldn't have malware. The problem is false positives. And no there are not other protection platforms that do this effectively, there are other platforms which are an outright fucking pain in the arse to legitimate users, or are useless to the point of irrelevance.

  This change won't matter anyway, the only macros being blocked are in untrusted files. Anything you or someone in your organisation authors will run just fine. And if you want to sho

• Re:

  Did you just write: "break macros everywhere" without realising it? The whole power of macros is that they have incredible access outside of the scope of the system they are running. I myself have many thanks to my employer a shitton of excel and word files which contain macros that generate powerpoint slides and write them to various places. I've seen organisations use macros to read and write data from remote servers.

  The whole reason MS is so delicate with the situation is they know that macros are used w

  • Re:

    Well, it is no surprise to see that you are one of the stupid morons that are at the root of this problem.