f you use Microsoft Word, Excel, or Outlook you are vulnerable to one of the most common pests on the Internet today.
The pest is a macro virus - a little program that hides inside a word processor document or spreadsheet and that can do a world of damage to the computers of both beginners and sophisticated users.
The problem is that it is convenient to e-mail a Word file. Word makes it easy to send a complex document complete with fonts, pictures, and even embedded spreadsheets. Unfortunately, this common practice has also created an explosion of Word macro viruses that promise to be a growing threat to our information economy.
Last week, a friend of mine in California dropped me an e-mail saying that a pop-up window had appeared on his copy of Word 98. The error was apparently from a macro virus that had infected his computer. The virus was quite advanced: Besides infecting and replicating, it also kept a log file of every computer with the date of each infection and the name of the person who owned the infected computer. A copy of this log file was automatically sent to a repository somewhere on the Internet on the first of each month.
Macro viruses infect a computer in a manner similar to the way a retrovirus, such as the herpes virus, infects the human body. The macro virus starts running when your word processor, for instance, opens an infected file. Once it is running, the virus copies itself into the word processor, similar to the way that a retrovirus might insert itself into the DNA of a human cell. Once infected, the macro virus runs every time you open an existing document with your word processor or create a new one. When it runs, the virus makes a copy of itself into the file, infecting the new file.
Macro viruses didn't exist prior to the release of Microsoft 95. But with Word 95, Microsoft added the ability to store macros in files along with words.
As a result, one of the telltale signs of having an infected copy of Word 95 (or Word 6 on the Macintosh) was that the word processor would only save Word Template files, since this was the only way that the macro could propagate. Since then, newer releases of Microsoft Word and Excel have had the ability to store macros in ordinary document files. Microsoft called this modification an enhancement, but it significantly compounded the macro virus problem.
Being able to store macros inside a word processor is a powerful feature. For example, you can have a macro that computes the terms of an installment loan, or that automatically asks a few questions and then draws a graph. Many businesses have created whole applications that run inside Microsoft Word and Excel. By themselves macros aren't inherently dangerous. What is inherently dangerous, however, is the ability of Word and Excel to have macros that automatically execute when a file is opened.
Back in 1994 and 1995, many computer security professionals warned Microsoft that it was making a serious mistake, but the company decided to ignore those warnings. Legend has it that the first macro virus, called Concept, was created by a Microsoft programmer to demonstrate the dangers of the new macro features. The virus got out: Large parts of Microsoft were infected, and the company accidentally stamped infected Word files onto CD-ROMs that were distributed at a developer conference.
Unfortunately, the programmer forgot to include safety features, such as having the virus automatically kill itself after a particular date.
Commercial antivirus software protects against many of the most common macro viruses.
According to PC Data, the top-selling antivirus products last year were:
Norton Anti Virus, with more than 2 million copies sold. (average retail price of Norton Anti Virus 2000 is $34.50).
Network Associate's Virus Scan, with 1.1 million copies sold ($32.97).
Dr. Solomon's Anti-Virus, with 123,000 copies sold ($24.50).
Although antivirus software will fight the most common Word macro viruses, it's not a panacea. It's simply too easy for a computer programmer to take an existing Word macro virus, make a few changes, and create a new virus that won't be detected.
The safest way to avoid being infected by a macro virus is to disable them. You can do this under Microsoft Word 2000 by changing your macro security setting. On Word 2000, three settings are available. The ''low'' setting lets Word run any macro that it finds. Don't use this setting! Instead, specify ''high'' security, which disables all macros unless they are signed from a so-called ''trusted source.'' (The program lets you specify which signatures that it should trust; the rest are automatically ignored.) There is also a ''medium'' security setting. In this mode, you are warned each time you open a file if that file contains macros, and you're given a choice as to whether or not you want the macros enabled or disabled. I recommend that most people leave their security setting set to ''high,'' since there is no way to tell beforehand if a macro is going to be safe or not.
Technology columnist Simson Garfinkel can be reached at http://chat.simson.net /
Dow:
