Avoiding Macro Viruses

Antivirus Essentials

Antivirus Topics

Buyer's Guide

Avoiding Macro Viruses

Written by zhangyuan February 19, 2008 16:13

The #1 virus transmission method in recent years has been via exchanging Microsoft Office documents. This happens because MS Office documents can have "macros" (Visual Basic programs) attached, and these programs can be malicious. Many of the recent spate of e-mail worms have been transmitted as MS Office documents.

To help contain such problems, users should know that MS Word has an alternate native file format called "Rich Text Format" (RTF) that does not include the capability to attach macros. An RTF document contains almost all of the same formatting information as a standard native Word .doc file (except embedded hyperlinks). Word treats these documents completely normally. But RTF files cannot be infected with virii.

Organizations that want to reduce the costly overhead of virus spread may wish to mandate that Word documents are to be exchanged only in RTF form. To save a document as RTF, simply select "File -> Save as" and in the dialog box, select "Rich Text Format" from the "Save as type" field. Think of this as good hygiene: sending a .doc file should be considered about as appealing as sharing a used handkerchief with a friend.

However, users should also be cautioned that just because a file is named "something.rtf" does not mean that it is an RTF file. Users with access to a UNIX machine can verify the file type with the command "file something.rtf" and should get a response similar to "Rich Text Format data, version 1, ANSI".

Users limited to Windows platforms can use the Notepad program to manually inspect the file. If the file contains markup text similar to "{\rtf1\ansi\ansicpg1252\uc1" can be assured that it is indeed an RTF file. If, however, the file looks more like "ÐÏà¡±á" then the file is a native Word .doc file that has simply been re-named to end in ".rtf". Microsoft Word will open a native .doc file that has been re-named .rtf without complaint, and will proceed to run the attached macro/virus if so configured. Users are cautioned to be extremely wary of documents that are named .rtf but that contain .doc contents, as such documents have a very high probability of being infected.

Finally, users may be pleased to know that Word 2000 does not run attached macros/virii by default. This is a welcome change in the behavior of MS Office with respect to the security threat imposed by the Visual Basic macro architecture. It is hoped that future releases of Microsoft Office will contain further security enhancements, such as refusing to open documents that are .doc format but named .rtf, and virus-free RTF-like formats for the rest of the Office suite, because there is no secure way to exchange PowerPoint or Excel files.

Tags: Spyware Doctor, Spyware Removers, downloads, software, trial, free, free Spyware Doctor download, computer doctor, secure pc, spyware protection