“With great power comes great responsibility.”
If you’re considering creating and using macros in Microsoft Office, this is what should be in the back of your head. A macro is a chunk of code that lives in a Microsoft Office file – and chunks of code can be incredibly valuable, or incredibly dangerous. If you’re going down this road, here are the things you need to know:
What, Exactly, is a ‘Chunk of Code?’
Office macros are written in a language called Visual Basic for Applications, an old Microsoft language that was built specifically to talk to the programs of the Office suite. This code is a series of commands, which can include things like changing the background color of a cell, adding a page break between chunks of text, or things like emailing files to others.
A macro can be executed when a file opens, closes, saves, when you change from one tab of a spreadsheet to another – basically any action in your program could be the ‘trigger’ for the code to do its thing.
Can Something Bad Happen?
Macros saved into Microsoft Office files have been the source of some famous viruses and malware. The Melissa mass-email virus was connected to Microsoft Word and Outlook macros – when the macro ran, it invaded other files on your PC, and emailed itself to 50 people in your Outlook address book.
More recently, virus experts have found malware that, when a macro is run, downloads files from a web location, and runs the executable.
What Protection do we Have?
With the new .DOCX, .XLSX, and .PPTX files that were introduced in 2007, macros aren’t permitted at all! In fact, you must save your file as .DOCM, .XLSM, or PPTM (M for Macro-Enabled, of course) file types, which lets the person who opens the file know that there might be macros within.
Then, if you do open a macro-enabled file, the default security settings in Office products disables macros with notification.
The New Hacking is Social Hacking
When the world of computers was brand-new, there were plenty of vulnerabilities in the code software companies wrote. A good hacker could find a hole in the security, and write a virus to attack the hole. These days, software is fairly mature, and it’s more difficult to find something to attack.
Instead, people with bad intent are targeting people. The Stuxnet worm that was used to attack Iran’s nuclear development programs, for example, was put on a USB thumb drive and left in a public place. A curious worker picked up the USB drive, and plugged it into a computer, allowing the worm into that secure network.
With VBA viruses, a file will open with information missing, and the message in the document will be ‘enable macros to see the rest of the content’. So, the unsuspecting recipient of the virus pushes the button, allowing macros to execute without knowing what they do.
Sounds Scary. Should I Just Not Use Macros?
Some IT staffs and small companies respond to this by not permitting macros anywhere. However, with the right internal culture – cautious and well-informed – macros can automate an incredible amount of work, guaranteeing it is done the same way each time. This can basically print money for a business, cutting down on hours required to do work, and making the final product cleaner and more professional.
One More Thing – You Can’t Undo
This is an important one to remember. If your macro deletes things, you CAN’T un-delete them with the Undo button! A macro can easily create a saved copy of a file before doing the deletion, however, so you can definitely work with this.