After Decades of Abuse, Microsoft Adds an Anti-Macro-Malware Feature To Office

An anonymous reader writes: Microsoft is finally addressing the elephant in the room in terms of security for Office users and has announced a new feature in the Office 2016 suite that will make it harder for attackers to exploit macro malware. Sysadmins can now use group policies to disable the execution of macro scripts that retrieve content off the Internet, a tactic used by malware developers to trick users into allowing the download & automatic installation of malware on their PCs. "Macro malware" as this category is known, is the preferred method of distribution for most malware these days, especially ransomware.

Re:Sadly needed

[Z00L00K]

And Microsoft has also made this possible by hiding the extension of files in the UIs making it a lot easier for evil people to trick stupid people into clicking on files that they think are images but actually are an executable.

Software industry is a joke

[Solandri]

Manufacturing industry: Government says "Your product is dangerous. Come up with a fix and issue a recall at your expense to implement your fix in every product out there that you sold."

Toy industry: Government says "Your product is dangerous. Pull it off the market. Have the people who bought it return it, and give them their money back."

Software industry: "Our product is dangerous. I know! Let's fix it, but only put the fix in our latest version to force people to upgrade and pay us more money." Government says "Great! We'd like to buy a million copies of the new version."

Given Microsoft's history with free security updates, I thought they understood the difference between a bug fix and a feature upgrade. But between this and rolling out unwanted adware and spyware as "important updates" I guess not.