Slashdot Mirror

← Back to Stories (view on slashdot.org)

How a Bad UI Decision From Microsoft Helped Macro Malware Make a Comeback (softpedia.com)

Posted by BeauHD on from the Rocky-Balboa dept.

An anonymous reader writes: Macro malware is a term to describe malware that relies on automatically executed macro scripts inside Office documents. This type of malware was very popular in the '90s, but when Microsoft launched Office 97, it added a popup before opening Office files that warned users about the dangers of enabling macros. Microsoft's decision had a huge impact on macro malware, and by the 2000s, this type of malware went almost extinct. Lo and behold, some smart Microsoft UI designers start thinking that users might get popup fatigue, so in Office 2007, Microsoft makes the monumental mistake of removing the very informative popup, and transforming the warning into a notification bar at the top of the document with only six words warning users about macros. Things get worse in Office 2010, when Microsoft even adds a shiny button that reads "Enable Content," ruining everything it had done in the past 10-15 years, and allowing macro malware to become the dangerous threat it is today. The U.S.-CERT team issued an official threat yesterday warning organizations about the resurging threat of malware that uses macro scripts in Office documents.

129 comments

  1. Stupid people by Anonymous Coward · · Score: 0

    You have to be retarded to click on "Run Content" if you don't trust the source..,.

    People are, and will be idiots, what is new?... ...and what do you propose as solution?
    Removing macros? Further dumbing down systems ala Apple?

    Fuck. That. Shit.

    1. Re: Stupid people by Anonymous Coward · · Score: 1, Insightful

      Nope you need to be retarded to use *any* m$ software...

    2. Re: Stupid people by dejitaru · · Score: 0, Troll

      Kind of hard to take you seriously since you reference microsoft as m$

    3. Re:Stupid people by Darinbob · · Score: 2

      Because the average user doesn't know what "Run Content" means. Meanwhile they're being told to never disable scripts, never enable adblock, always accept all defaults, and Microsoft is never wrong.

    4. Re: Stupid people by Anonymous Coward · · Score: 1, Insightful

      Kind of hard to give a shit what you think when you get butthurt over such a minor distinction, shill.

    5. Re:Stupid people by Ol+Olsoc · · Score: 0

      You have to be retarded to click on "Run Content" if you don't trust the source..,.

      People are, and will be idiots, what is new?.

      You have to be retarded to use an operating system and software where shit like this happens to a lot of people, and people like you claim that they are retarded.

      The mental retardation happened at purchase, not clicking on the self destruct buttons.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    6. Re: Stupid people by Ol+Olsoc · · Score: 1, Troll

      Kind of hard to take you seriously since you reference microsoft as m$

      M$ or Microsoft, or Redmond, it doesn't matter when the fact is that there are a lot of issues with Microsoft products, and that this is one of the more idiotic ones. Since they have a less than intelligent system that seems custom designed to allow anyone access to the computer, and since they make it so easy to happen. He isn't wrong, whether you automatically discount anyone's statement of fact when you see M$, or not.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    7. Re: Stupid people by twitnutttt · · Score: 1

      I wondered why I've been hearing about macros malware again! Granted, I haven't used office in a looong time. But I thought, wasn't that solved in like 1993... don't allow macros? Guess history does repeat itself.

    8. Re: Stupid people by dejitaru · · Score: 1

      Well, in most cases when you call microsoft as M$ instead of MS or such, it's like calling them "Microshaft" or similar, which makes it hard to take a comment seriously because the comment itself isn't written seriously.

      I am not arguing that a lot of microsoft's software has issues, but microsoft of course wants to appeal to the masses, this complaint about not having a pop-up and instead having a bar with an easy to find button isn't less safe, it still prevents the macro from instantly running, it's just more intuitive.

    9. Re: Stupid people by dotgain · · Score: 1
      When you write it as 'M$' it tends to give the impression one of the big issues you have with them is they've made a lot of money, and that you make a point of expressing that whether or not it is necessary or relevant. It may be that you actually want to give that impression, in which case power to you.

      You'll probably come across as juvenile, this may be right or wrong and again, this may be your intention.

      Fact is, some people are going to switch off when they see you write "M$", or refer to their company by the stock symbol, as if that's a reasonable thing to do outside the context of actually investing in that stock.

      When you're making an entirely valid and objective criticism of their company's behaviour / products (and I know you'll agree that's not difficult to do), you've nothing to gain by putting off a portion of readers by making them think you're a nutjob, even if you are.

    10. Re: Stupid people by Anonymous Coward · · Score: 3, Insightful

      The stock symbol is a convenient short identifier.

      MS deserve the moniker M$ due to patterns of behaviour that indicate they have no integrity. Some people don't understand that organisations have a persistent culture, some are simply stupid, some are going to switch off no matter what you do, and your managers don't bother reading your emails in full.

      That's life.

      It's also not particularly interesting or informative to keep pointing it out as if you have some kind of special insight, unless you want everyone to "join" them in a collaborative love-in of business bullshit and become part of the problem. You cannot change all people like that, and frankly fuck them if the alternative is to be co-opted into the church of the subpar.

    11. Re: Stupid people by Anonymous Coward · · Score: 0

      I was given USB stcik with auto-play virus on it.
      of course, the auto-play was turned off long time ago,
      but when I right clicked on the disk and I'm not sure today what was the first item in the context menu.
      maybe it was smth Microsoft's standard, like "Autoplay",
      or maybe smth configurable by INI file, like "Explore".
      so even being a programmer, I hesitated and chose the item that launched virus...

      "everybody falls first time..."

    12. Re:Stupid people by davester666 · · Score: 1

      How about just adding back the fucking warning popup that was so fucking effective.

      You still get to use macros, just like before.

      --
      Sleep your way to a whiter smile...date a dentist!
    13. Re: Stupid people by Anonymous Coward · · Score: 1

      When you write it as 'M$' it tends to give the impression one of the big issues you have with them is they've made a lot of money

      That is a completely legitimate issue to take considering how they made a lot of that money.

      Think "antitrust".

    14. Re: Stupid people by flyingfsck · · Score: 1

      Stuxnet doesn't even need autoplay to be enabled.

      --
      Excuse me, but please get off my Pennisetum Clandestinum, eh!
    15. Re: Stupid people by donaldm · · Score: 1

      Kind of hard to take you seriously since you reference microsoft as m$

      Well having installed Microsoft Windows 10 from ISO onto a virtual machine and having looked at the definition of Malware I do think people who install it are taking a huge risk. I actually have my virtual machine off and if I turn it on it is only for testing purposes however I actually switch off my virtual network. For those who want Windows 10 you could liken them to a frog put in lukewarm water then slowly turn up the heat and the frog won't notice until it's too late.

      Yes, I am aware that it is possible to turn off most of the intrusive parts of Windows 10 providing you know what you are doing with the registry (most user have no idea what this even is) or you trust third party software. Even then you won't be able to fully turn off snooping. Still those that think this does not matter have been pretty well parboiled anyway and it's utterly pointless saying anything to them.

      Looking at windows 10 it does have a pretty interface providing you don't mind a combination of Windows 7 and Windows 8.1. Comparing against my machine running Fedora 23 with KDE (Xfce is also great as well) Win10 has limited configuration ability although for most people that's fine. As for applications, I won't deny that Win10 has more but for most applications that run on Win10, I can find an equivalent, maybe not 100% equivalent but it will let me do what I want to do.

      Games are probably one of the major issues which faces Linux today however you can get a huge amount of games that are native (please no TuX Racer references it only shows that you are ill-informed) either native, compatibility layer, SteamOS or on a virtual machine that is running Microsoft Windows if you can only get your gaming fix that way. You can even play web based games for those that like this sort of thing. Barring all that there are always consoles.

      Before anyone says "specialty applications", I am aware of those as well and all I can say is you are locked in and the water must be getting very hot now, not that you would notice anyway.

      --
      There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
    16. Re: Stupid people by lucm · · Score: 1

      When you write it as 'M$' it tends to give the impression one of the big issues you have with them is they've made a lot of money

      That is a completely legitimate issue to take considering how they made a lot of that money.

      Think "antitrust".

      Does you iPad come with a default browser made by Apple, or does your Nexus come with a default browser made by Google? Those are the kind of things that were at the center of the "antitrust" case against Microsoft.

      Both Apple and Google have made billions with their proprietary ecosystems but I don't see you calling them Apple$ or Google$.

      --
      lucm, indeed.
    17. Re: Stupid people by lucm · · Score: 2

      Yeah Stuxnet sucks. It totally screwed up my nuclear program infrastructure. That's the price I paid for letting the trial McAfee expire on my new cheap Asus laptop.

      --
      lucm, indeed.
    18. Re: Stupid people by allo · · Score: 1

      Look at the shape of the $ and you'll figure it out.

    19. Re: Stupid people by Anonymous Coward · · Score: 0

      It's useless trying to challenge the $lashdot groupthink.

    20. Re: Stupid people by Anonymous Coward · · Score: 0

      Geez, I wish I could use one of those magical systems like Linux or Mac OS that don't allow the user to deliberately run software they've deliberately downloaded from the internet, and have it modify user files on the system that they've deliberately given it permission to access.

    21. Re: Stupid people by hairyfeet · · Score: 1

      That is because when they write "M$" they come off as this guy and nobody is gonna take this guy seriously.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    22. Re:Stupid people by geekmux · · Score: 1

      You have to be retarded to click on "Run Content" if you don't trust the source..,.

      People are, and will be idiots, what is new?... ...and what do you propose as solution? Removing macros? Further dumbing down systems ala Apple?

      Fuck. That. Shit.

      The dumb part was attempting to "enrich" our documents with this bullshit when 99% need a damn word processor and that's it.

      Adobe Reader v5.x was less than 10MB in size. That program has now grown to obscene proportions, and for what justified reason? I still use Adobe Reader for the same fucking reason TODAY that I did 15 years ago, as do 99.999% of users. To read PDFs.

      Perhaps you think the stupidity light needs to shine both ways to enlighten us of this problem, but since I tend to favor root cause analysis, I tend to point the finger at who started this bloatware shit.

      All I want and need is a fucking hammer, not a pneumatic-powered, pressure-sensitive, electronic-triggered, app-powered driving device.

      TL; DR - K.I.S.S. principle is still valid no matter what century we live in.

    23. Re:Stupid people by Bert64 · · Score: 1

      People *Think* they trust the source too, when they actually have no actual proof of who the source is, for instance a spoofed email, or an email which actually came from the computer of someone they know (but that user had previously been infected with malware)...

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    24. Re: Stupid people by Anonymous Coward · · Score: 0

      According to our telemetry, Stuxnet had done its job before the first antivirus could detect it. It was necessary to go way out of the way to ensure that no pre-existing heuristic detectors could detect it either, but that's kind of a moving target. If you had your lab connected to the internet and your antivirus with maximum heuristics turned on and croud-sourced smart screen you might have had a chance. Smart screen is not easily defeated.

    25. Re:Stupid people by JustAnotherOldGuy · · Score: 0

      How about just adding back the fucking warning popup that was so fucking effective.
      You still get to use macros, just like before.

      ^^^ THIS.

      --
      Just cruising through this digital world at 33 1/3 rpm...
    26. Re:Stupid people by Latentius · · Score: 1

      Because there's more to Office than just Word, and having the ability to add custom code actually has a large benefit to programs like Excel and Access. And maybe someone wants Excel to generate an email in Outlook or a Word document as a report, or update a PowerPoint presentation? Just because you don't use a feature doesn't mean that someone else doesn't have a very legitimate use for it. There's a reason why macro support is often cited as a weakness of competing suites like LibreOffice.

    27. Re: Stupid people by Anonymous Coward · · Score: 0

      Lol you must not have been alive during this time. I think the fact that the browser was a critical system component and tied to the OS made it monopolistic. You couldn't use another browser, literally. Until Netscape came out, and then Microsoft still made it so you still had to use IE for certain things.

      Go read some history books or something.

    28. Re: Stupid people by Anonymous Coward · · Score: 0

      Live with your viruses then, don't complain to us to fix them then, unless you have $$$ to pay.

    29. Re: Stupid people by Ol+Olsoc · · Score: 1

      When you write it as 'M$' it tends to give the impression one of the big issues you have with them is they've made a lot of money, and that you make a point of expressing that whether or not it is necessary or relevant. It may be that you actually want to give that impression, in which case power to you.

      Keeping in mind that it wasn't me that typed M$, I wonder, do you give more veracity to pretty people because you think a pretty person is smarter than an ugly person? Because if you automatically reject a person because of a typed dollar sign you are going to be easily manipulable.

      I'll read the person's words, and decide the veracity of their statement, not this sort of find one word, and declare what was written was untrue.

      You'll probably come across as juvenile, this may be right or wrong and again, this may be your intention.

      When I use words like that, it's usually for shock value. It's all just noise on the internet.

      Fact is, some people are going to switch off when they see you write "M$", or refer to their company by the stock symbol, as if that's a reasonable thing to do outside the context of actually investing in that stock.

      I believe you - I believe that is a fact. I also believe that a person who does that is impressively shallow, and frankly, I'm not going to convince them of anything. Nor do I care. They have decided the truth based on one simple word. Sounds like your people could determine if something is truth or a lie just by performing a find on it, for M$, and not even read it. That sounds to me like exceptional intelligence, you agree? The way to get to the absolute truth.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    30. Re: Stupid people by Ol+Olsoc · · Score: 1

      That is because when they write "M$" they come off as this guy and nobody is gonna take this guy seriously.

      The neat part is, you can determine that they are lying without reading their post. Just skim it for the lying word, and you have the truth, from God's lips to your ears.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    31. Re: Stupid people by Ol+Olsoc · · Score: 1

      Geez, I wish I could use one of those magical systems like Linux or Mac OS that don't allow the user to deliberately run software they've deliberately downloaded from the internet, and have it modify user files on the system that they've deliberately given it permission to access.

      What on earth are you blathering about? You been drinking the Friends of Microsoft Koolaid again? Can't tell if you are being sarcastic, or baked - in any event, you are wrong.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    32. Re: Stupid people by Anonymous Coward · · Score: 0

      Does you iPad come with a default browser made by Apple, or does your Nexus come with a default browser made by Google?

      You invalidated your own argument right there. The fact that both Apple and Google are major players in the tablet and smartphone area mean that there can't be a monopoly (MONOpoly, "mono" meaning "alone", "single" or "one").

    33. Re: Stupid people by dotgain · · Score: 1

      Keeping in mind that it wasn't me that typed M$

      I'd wondered if I should've clarified that in my post. In any event, it has been now. I'm really just responding to you because you're not an AC (I'll explain soon). Just looking to have conversation about it, not tell anyone off.

      do you give more veracity to pretty people because you think a pretty person is smarter than an ugly person?

      Not to the extent I can be aware of my own biases. Again, I chose to respond to you because you're not an AC. It's not because I think logging in lends veracity to your argument, it's just that engaging in conversation with a group of unknown number or reputation has proven to be very unrewarding in my experience. When I do make judgements like this, I like to at least be able to stand by them with reasons

      I don't write people off just because they write 'M$'. You have your reasons when you do, and it doesn't really bother me. As another poster said, I have to admit considering the company's abusive behaviour it's to criticise them - and it is. I don't look down on people who think and say MS are shady.

      All I'm saying is, coming from someone who used to write M$, and does no longer: as I've matured I've found it a lot easier to make my point heard when I don't decorate it with extra baggage that prompts your listeners to start making judgements about you.

      Whether the judgements are sound or not, people will make them. Sometimes people you're genuinely trying to sell yourself too, no randoms on Slashdot. All things being equal, the post without the dollar sign embellishment will be better received, in my opinion.

      Sounds like your people could determine if something is truth or a lie just by performing a find on it, for M$, and not even read it. That sounds to me like exceptional intelligence, you agree? The way to get to the absolute truth.

      I don't have a "people" that all think like I do. I'll forgive your snark on the basis I think you've misunderstood me a little.

    34. Re:Stupid people by andymadigan · · Score: 1

      You're sent a document from someone you interact often with. Maybe it's a business that might use odd security measures (like a lawyer, bank, or doctor's office).When you open the document it says:

      ------------------^
      Click to view document

      That's it, no more content.

      Now, I wouldn't click on it, you might not either. But there's enough people out there who will follow instructions, or will click on the most obvious button to make an annoying alert go away.

      --
      The right to protest the State is more sacred than the State.
    35. Re: Stupid people by beastofburdon · · Score: 1

      That is only because Apple and Google do not have an "S" in the name that can be easily swapped out for a "$" to symbolize our distrust for them. Don't worry, we'll come up with something for them too.

    36. Re: Stupid people by Anonymous Coward · · Score: 0

      Does you iPad come with a default browser made by Apple, or does your Nexus come with a default browser made by Google?

      You invalidated your own argument right there. The fact that both Apple and Google are major players in the tablet and smartphone area mean that there can't be a monopoly (MONOpoly, "mono" meaning "alone", "single" or "one").

      And even then, being a monopoly isn't actually a problem. It's when you leverage your existing monopoly (Windows operating system) to gain a competitive advantage in another market (including a browser in your product with the intent to take over that market). Before IE, there were several browsers available to buy all competing in the market. Microsoft destroyed that market by including IE for free with every copy of their OS and making it near impossible to replace with another browser.

  2. Good UI decisions? by Anonymous Coward · · Score: 0

    And what are the good UI decisions Microsoft ever made? Remember the "Start" button debacle?

    1. Re:Good UI decisions? by fred911 · · Score: 2

      allowing a pipe as in:

      Format C: | Y

      --
      09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
    2. Re:Good UI decisions? by Anonymous Coward · · Score: 0

      Bad command or file name.

      Did you mean this, maybe?
      echo Y|format c:

    3. Re:Good UI decisions? by Ol+Olsoc · · Score: 1

      And what are the good UI decisions Microsoft ever made? Remember the "Start" button debacle?

      I'm nominating the ribbon.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    4. Re: Good UI decisions? by Anonymous Coward · · Score: 0

      It's more fun if you can use deltree, that way the user can watch his computer flip him the bird one file at a time.

    5. Re:Good UI decisions? by Trax3001BBS · · Score: 1

      And what are the good UI decisions Microsoft ever made? Remember the "Start" button debacle?

      Autorun, default is still enabled.

      I have an old version of Heirn's bootdisk that the autorun.ini installs malware, I keep it as an example of autorun's bad side, and as a not so bright attempt at an attack - it's a boot disk (yet if placed in a drive when running Windows...).

    6. Re:Good UI decisions? by Anonymous Coward · · Score: 0

      They made damn good UI decisions on the GWX software, judging by the number of people who upgraded to Windows 10.

    7. Re:Good UI decisions? by Megane · · Score: 1

      ...which coincidentally was also in Office 2007 as well. I guess I'll be okay then, since I refuse to use ribbonized versions of Microsoft Orifice.

      --
      #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
  3. Gross UI and color decisions by Anonymous Coward · · Score: 0

    The one takeaway I had from reading the CERT article here: https://insights.sei.cmu.edu/c... is that the bad UI design decisions affect more than just the macros.

  4. I have a great idea by Anonymous Coward · · Score: 0

    They should revert Outlook's behavior too. Clicking on an email should automatically launch any associated attachments. I get user fatigue opening all these strange invoices that keep coming in from Russia!

  5. Re:Fuck BEAUHD stories!!! by Anonymous Coward · · Score: 0

    Did you forget to take your meds again, grandpa?

  6. Car Anology by Required+Snark · · Score: 4, Insightful
    If Windows was a car and Microsoft was the driver, it would be like someone who is senile and keeps running into the same tree over and over and over again. In both the real world and the analogy they always loose their memory of past failures, and the result is inevitable.

    This is rooted in Microsoft culture. Security is never a primary concern. Imagine someone with a whiny voice saying "It's too hard, I don't wanna do it, it makes things no fun" etc, etc. From the outside that seems like how they behave.

    And there is the little matter of loss of institutional memory, which is the senility part. That is because they consciously exclude people of long experience. They don't hire them, and if anyone is too long on the job they get flushed out. It's cheaper and keeps the workforce docile. But the long term result is making the same mistake over and over again. Not that Microsoft is a whole lot worse then any other big software organization, but they appear to do it even more then other big outfits.

    Expect them to resurrect the BSOD any day now...

    --
    Why is Snark Required?
    1. Re: Car Anology by Anonymous Coward · · Score: 0

      What? BSOD never went anywhere, what do you mean?

    2. Re:Car Anology by Ol+Olsoc · · Score: 4, Informative

      Expect them to resurrect the BSOD any day now...

      It never went away - still an integral part of the Windows experience. http://answers.microsoft.com/e...

      http://answers.microsoft.com/e...

      http://www.computerworld.com/a...

      W10, 8.1, and 7. BSOD - suposedly long gone.

      I've had zealots declare me a liar while cleaning "There is no BSOD any more!" with great conviction. It stil happens, even as documented on Microsoft pages.

      Watch me get marked as a troll for pointing out the truth.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    3. Re:Car Anology by mrprogrammerman · · Score: 1

      Of course it's still there. I am guessing OP was referring to the frequency of BSOD which has decreased as the code base gets more mature.

    4. Re:Car Anology by Anonymous Coward · · Score: 0

      Yo dawg, we heard you like analogies...

    5. Re:Car Anology by Anonymous Coward · · Score: 0

      Fuuniest thing I have ever seen is that in your first link the MS response is to apologise for the incontinence that Win10 has been giving....

    6. Re:Car Anology by thegarbz · · Score: 1

      I've had zealots declare me a liar while cleaning "There is no BSOD any more!" with great conviction.

      This is a good thing. I would really like it if we lived in a world where total system crashes were so rare that people actually believe that the BSOD doesn't exist anymore. We're getting there. BSOD is now very rare compared to the past. I haven't seen one in Windows 8, 8.1 or 10, don't even know what it looks like. I used to see them in Windows 7 but then I was running on flaky hardware for a while.

      It's certainly not like Windows 95, 98, Mistake Edition, or 2000 where they were an integral part of the experience.

      Watch me get marked as a troll for pointing out the truth.

      If you do get marked as a troll it will be for this obvious trollish and idiotic end to your post.

    7. Re:Car Anology by Anonymous Coward · · Score: 0

      If you do get marked as a troll it will be for this obvious trollish and idiotic end to your post.

      So ... kind of like you, then. Bravo.

    8. Re:Car Anology by gustygolf · · Score: 1

      I've had zealots declare me a liar while cleaning "There is no BSOD any more!" with great conviction. It stil happens, even as documented on Microsoft pages.

      Oh, but the BSoD went away with Windows XP.

      The default behaviour in the case of a BSoD for XP was to automatically reboot the computer, you see. People no longer saw any BSoDs, so Microsoft obviously must've fixed them.

      --
      "Slow Down Cowboy! It's been 58 minutes since you last successfully posted a comment" -- slashdot, driving users away.
    9. Re:Car Anology by IWantMoreSpamPlease · · Score: 1

      When Windows 10 first was released to the public (via the automatic updates fiasco) I put it on an older laptop to see how it handled older hardware. The laptop had a synaptic-powered touchpad. It would BSoD on a regular basis if I used the touchpad. Yes, it was a bad driver from Synaptic and MS did update the driver, but the point still stands. https://answers.microsoft.com/...

      --
      So rise up, all ye lost ones, as one, we'll claw the clouds.
    10. Re:Car Anology by gustygolf · · Score: 2

      It's certainly not like Windows 95, 98, Mistake Edition, or 2000 where they were an integral part of the experience.

      Win2k does not belong in that list.

      --
      "Slow Down Cowboy! It's been 58 minutes since you last successfully posted a comment" -- slashdot, driving users away.
    11. Re:Car Anology by Anonymous Coward · · Score: 0

      Most BSODs now are due to buggy drivers. A core OS one is exceedingly rare.

    12. Re:Car Anology by thegarbz · · Score: 1

      Yes it does, as does NT4 and XP. While they were a large step up from 95/98 they are still a long way from the stability that is offered by Windows 7 and 2008 Server. A lot of this has to do with the change of the driver model over the years. It's not significantly harder for a misbehaving driver or a hardware fault to bring down the entire system (remember BSOD and Kernel Panics are self protection mechanisms).

    13. Re:Car Anology by Anonymous Coward · · Score: 0

      Other companies do the same. Intel, for example, seems to have that "work for 10000 days and retire" recommendation. Effects of those policies would be interesting to measure cross industries over the past and coming decades.

    14. Re:Car Anology by Anonymous Coward · · Score: 0

      Expect them to resurrect the BSOD any day now...

      Hardware industry deserves some praise for pushing everyday system reliability back to the levels of tolerable, regardless of the occasional bad driver. All these multicore architectures and isolated, user space drivers can't still perform good enough to merit a fundamental change in the Windows kernel space..

    15. Re:Car Anology by Ol+Olsoc · · Score: 1

      Of course it's still there.

      I have had many people telling me that I was lying, that the BSOD did not happen any more - from Vista on. Even in here, IIRC

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    16. Re:Car Anology by Ol+Olsoc · · Score: 1

      Watch me get marked as a troll for pointing out the truth.

      If you do get marked as a troll it will be for this obvious trollish and idiotic end to your post.

      DIdn't get marked as troll, but someone that calls me an idiot when calling me a troll, is.....well Bless you, thegarbz, have a fine weekend.

      My point is that you should see my moderation email. I can send cited and well documented arguments to validate my assertions, and if they are not positive about Windows, I'm descended upon like a wildebeest by crocodiles with troll mods.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    17. Re:Car Anology by ToddInSF · · Score: 1

      Too bad your analogies suck and you don't know anything about what you're talking about. Not an MS fan here, but I at least know wtf I'm talking about when it comes to diagnostics of Windows systems, and the BSOD is still part of that system. Now give MS credit for BSOD's being so rare now that stupid people that repeat lies and never admit their own fuckups, like yourself, thought they no longer exist !

  7. Decisions? by Anonymous Coward · · Score: 1

    MS makes UI decisions? I thought they just delegated UI coding to the new hires, saying "Here's a project for you to learn coding on."

  8. Yeah, those evil macros. by Anonymous Coward · · Score: 0, Flamebait

    Ya those macros are really terrible. I hate automating complex and repetitive calcs in xcel. I really hate all the science that macros have facilitated.

    Yup, macros are evil.

    What kind of lobotomised twats do they have writing over there at softpedia. And why should I give a shit what they say? Been in the business over 20 years, never head of them. After having read this summary, I think I will never visit their site.

    1. Re: Yeah, those evil macros. by Anonymous Coward · · Score: 0

      Yes can do good and useful stuff with macros, but you can also mess things up royally. Now you can have someone else's evil macro run on your box with only a peripheral warning.

    2. Re:Yeah, those evil macros. by Anonymous Coward · · Score: 0

      The fact that this has been modded down indicates that mindless kiddies do the groupthink censorship here on slashdot. Fuck you, just fuck you.

    3. Re:Yeah, those evil macros. by Anonymous Coward · · Score: 0

      The fact that you end your post with "Fuck you, just fuck you" reminds me of a so-terrible-its-funny horror movie with Stephen King.

  9. Really? by dejitaru · · Score: 1

    You can only warn but you can't prevent stupid. It's not like the code gets executed right away. You have to PURPOSELY enable it. This is no different when people install whatever off the internet because they don't know better, while running an expired virus scanner that came with their computer when they bought it back in 2011. While I understand that Microsoft is a very user friendly OS compared to something like Linux, you can really only do so much without making it TOO user friendly where you can't do anything.

    1. Re:Really? by Anonymous Coward · · Score: 0

      Only 2011? Try 2001.

    2. Re:Really? by Anonymous Coward · · Score: 0

      I think that MS's long-term plan is a locked-down PC with only access to apps from the Windows Store. That will make it user-friendly and safe. But I see that Office is available from the Windows Store, so they will need to tighten their app submission checks first.

    3. Re:Really? by Joe_Dragon · · Score: 1

      and they will get sued and face anti trust issues with that idea.

    4. Re:Really? by tgv · · Score: 1

      > You can only warn but you can't prevent stupid. It's not like the code gets executed right away. You have to PURPOSELY enable it.

      Read it again. If you don't get it, here's the gist: a shiny "Enable Content" button does not make people think "Gotta be careful, this might be a virus". Instead, it makes people, who are indeed not very knowledgeable in such matters, think: Doesn't look harmful. I want the content enabled, right? I'll click it to make it go away. That is driven by automatism and sometimes mistakes.

      If you still don't see it, please tell other people never to let you take UI decisions.

    5. Re:Really? by dejitaru · · Score: 1

      I am not arguing that it's easy to enable but it still warns you regardless if it is a "shiny button" to enable, but you'd think because it's a bad file you download from the net or a questionable email they would be smarter than to enable it. If you decide to enable it that's your fault. It's like going to some random questionable website "Oh I need a new codec to stream this video? sure i'll install it!"

      Does this mean you can blame the creator of javascript for creating pop-ups that allow you to install malware disguised as "codec downloads"? How about blaming your bank because someone set up a phishing site that looks just like the bank site. Yeah...

    6. Re:Really? by tgv · · Score: 1

      The problem is that they were, and still can be, embedded in documents in reputable sources. Consider it a form of social engineering. If you manage to infect one person's Excel document in an organization, chances are that it'll spread quickly throughout the organization, because you've got no reason to distrust the source. And UI has great influence on how people treat warnings.

    7. Re:Really? by jaseuk · · Score: 4, Insightful

      Yes - but this appears even on files without any Macro content - just because the file came by e-mail. So files from internal recipients in a DOMAIN without Macros's have the SAME warning as an internet file with a Macro virus.

      This is the stupidity.

      Jason.

    8. Re:Really? by Anonymous Coward · · Score: 0

      Sorry, but if they really called it "enable content" that is 100% Microsoft who is to blame here.
      "Enable" has nothing dangerous about it and it is a positive word. There is absolutely NOTHING about it that would be a warning, and it does in no way even suggest that something will be RUN when you click on it.
      Even just "run content" would be vastly better (as people are usually taught to be wary of running things), but the word "content" still is misleading, because content is passive and suggests this is only about VIEWING.
      Surprise: If you lable a button in a way that suggests that clicking on it is completely harmless, people will actually click on it, even for untrusted files, and even the ones that normally know better.

    9. Re:Really? by Registered+Coward+v2 · · Score: 1

      You can only warn but you can't prevent stupid. It's not like the code gets executed right away. You have to PURPOSELY enable it. This is no different when people install whatever off the internet because they don't know better, while running an expired virus scanner that came with their computer when they bought it back in 2011. While I understand that Microsoft is a very user friendly OS compared to something like Linux, you can really only do so much without making it TOO user friendly where you can't do anything.

      Very true, you can't fix stupid; to steal a line from Ron White. However, constantly canning how you present information in a UI is problematic and thus not a good idea. Users get used to seeing certain warnings and when they go away they assume whatever causes the warning is no longer occurring. Changing the wording of the warning can produce the same effect. Enable Content could be reasonably assumed to allow opening the file and seeing the content, not allowing it to Run Macros.

      As for your internet and virus scanner example, poor human factors design is a bit different from user ignorance. While both can result in negative outcomes, poor design often leads people to make mistakes without realizing the impact of their actions because the design is confusing or misleading.

      --
      I'm a consultant - I convert gibberish into cash-flow.
    10. Re:Really? by Registered+Coward+v2 · · Score: 1

      I am not arguing that it's easy to enable but it still warns you regardless if it is a "shiny button" to enable, but you'd think because it's a bad file you download from the net or a questionable email they would be smarter than to enable it. If you decide to enable it that's your fault. It's like going to some random questionable website "Oh I need a new codec to stream this video? sure i'll install it!"

      The problem is the warning is "Macros have been disabled" next to a button labeled "Enable Content" A reasonable interpretation is that if I click on Enable Content the macros will be disabled and I get to see the file's contents; not that it will enable macros to run. That button would say Enable Macros.

      Not every file with a malicious macro needs to come from a shady source directly; when I was doing some publishing we'd get files from writers that had been infected even though they were from a trusted source.

      Does this mean you can blame the creator of javascript for creating pop-ups that allow you to install malware disguised as "codec downloads"? How about blaming your bank because someone set up a phishing site that looks just like the bank site. Yeah...

      Very different scenarios. However, in reference to javascript; I would say the creator of javascript made a poor design decision if they decided to make the popup now have a button that says "Load Webpage" but actually installs the codec. The issue is not that MS developed a macro capability for Office; it's they've changed how they warn about running macros in a way that makes the protection less effective.

      --
      I'm a consultant - I convert gibberish into cash-flow.
    11. Re:Really? by Latentius · · Score: 1

      Read it again. The two first words in the notification, in all CAPS, are "SECURITY WARNING". If that doesn't make you think that, "Gee, maybe I should be careful," you really have no one to blame but yourself.

    12. Re:Really? by Anonymous Coward · · Score: 0

      Exactly. I get dozens of document emailed to me every day. I need to open them, edit them, print them. Every one gets a warning just on the basis of origin and I have to "trust" or enable content just to get basic functionality beyond viewing.

    13. Re:Really? by nine-times · · Score: 1

      Right, that's what I was going to bring up. Microsoft changed the popup to a banner, but I don't think that's really the problem. The problem is that they also have a nearly identical banner that pops up unnecessarily under different circumstances. So they spend a few years training people to just hit "Enable" whenever the banner pops up, meanwhile making that "Enable" button the only security against malicious macros.

      It's a perfect example of "what not to do". You'd think Microsoft would have learned by now.

    14. Re:Really? by Anonymous Coward · · Score: 0

      And you can't print it without enabling content.... OK, who prints things these days? But still... Why do you need to give an untrusted document complete control of your computer to get a hard-copy of it?

  10. Attack and Defense -- Smallpox by SeattleLawGuy · · Score: 1

    I wondered why I've been hearing about macros malware again! Granted, I haven't used office in a looong time. But I thought, wasn't that solved in like 1993... don't allow macros? Guess history does repeat itself.

    Defenses to threats that are not exploited become de-prioritized over time, especially when an "almost extinct" vector is the threat and you are asking hundreds of millions of people to click an extra dialog that they don't understand to begin with.

    It's like smallpox. It is basically eradicated, but if it comes back we'll have an issue because we're not strict about vaccinating for it, because it's basically extinct.

    --
    Real lawyers write in C++
  11. Go back to "Warning", not "Run". Allow disable by raymorris · · Score: 3, Insightful

    > and what do you propose as solution?
    > Removing macros? Further dumbing down systems ?

    The problem is that Microsoft dumbed it too much. They have one button where they should have two. The ONLY option is the new UI is "Run Content". There should be a "No Thanks" button.

    As explained in the fine summary, the recommendation is something like the old warning, which actually worked, or least an option labeled "dismiss", "cancel", or "disable macros". Here's one MS UI that worked:

    http://i1-news.softpedia-stati...

    Microsoft traded that for a single button with the instruction "Enable Content". There is no more "disable macros" option anymore. Anyone who isn't sure what they should do will often click the one and only option Microsoft provides: run the macros. There should be a button to dismiss the message without running macros.

    1. Re:Go back to "Warning", not "Run". Allow disable by Firethorn · · Score: 2

      Microsoft traded that for a single button with the instruction "Enable Content". There is no more "disable macros" option anymore. Anyone who isn't sure what they should do will often click the one and only option Microsoft provides: run the macros. There should be a button to dismiss the message without running macros.

      I agree, but as a security guy in a government position, one thing I learned is that if you disable *everything* by default and require them to manually click to enable, such that they end up doing so every day for legitimate work tasks, they get used to do so and will click even when they shouldn't. Same deal with barraging them with warning popups full of legalese. They stop reading pop-ups.

      As such, and while I understand it might be more complicated to implement, my suggest would be to sandbox everything. We're dealing with legacy code here, so here's what I'd do:
      1. Identify problematic commands and structure. Anything that modifies files other than itself, anything that modifies the macro itself, system or application settings, etc... Anything that activates the email or print functionality.

      So an application that only changes itself, like 99% of the stuff my users use, no warning, it's not a problem.
      For the rest, well, code signature. It pops up who made the code, that they have a valid code signing certificate signed by X organization, and they get to decide.

      So, to use an example I saw, an application that analyzes how changing gasoline prices will affect your budget that pops up a warning that it want to modify system files(danger danger!) might actually trip the security minded part of their brain, because it shouldn't need to.

      Fewer warnings = less likely to ignore them.

      --
      I don't read AC A human right
    2. Re:Go back to "Warning", not "Run". Allow disable by donaldm · · Score: 1

      Of course, no company would allow a popup request for installing an operating system with a dialog box that has the "Upgrade Now" next to the button marked "OK". If you got something like this then we would assume it was Malware and click the "X" button at the top. .... Oh! Wait! :-)

      --
      There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
    3. Re:Go back to "Warning", not "Run". Allow disable by Latentius · · Score: 1

      Actually, there are two buttons: there's the one on the left, next to the warning, asking if you want to enable, and there's the "X" on the right, which allows you to dismiss the warning without enabling anything.

  12. Tutorial = off by Kjella · · Score: 1

    Well, that's one way of looking at it. The other is that Microsoft had to cater to the lowest common denominator with big scary warning dialogs when you did something potentially stupid. And that they did that because it was new and people were ignorant, but that as a computer literate generation grew up they thought they could start taking off the training wheels. I mean, it's not like Linux gives you much warning when you break shit, yeah you might have to invoke sudo but that is the universal "trust me, I know what I'm doing" code word. And of course you'll take the shit in the forums if you don't know what you're doing, but reality is people use computers despite that. Personally I think the current button is fine, I need a choice not a lecture.

    --
    Live today, because you never know what tomorrow brings
  13. Re: Stupid people - Mandatory Access Control by flyingfsck · · Score: 1

    The trouble is that the inadequate security design of MS Windows gets blamed on the users. The real trouble is that MS Windows doesn't have adequate access control and allows any program to do anything and erase or overwrite anything.

    --
    Excuse me, but please get off my Pennisetum Clandestinum, eh!
  14. The fix by Anonymous Coward · · Score: 0

    I notice that if you accidentally install Windows 10 by mis-answering the OS prompt, you get the proper Office prompt.

  15. Enable by default by nachtelfjeiu · · Score: 1

    I'm too lazy for MS's shenanigans. I just enable macros by default in outlook to run an auto-bcc vba script without being bothered all the time.

  16. Re: Stupid people - Mandatory Access Control by Pentium100 · · Score: 3, Interesting

    Linux has the same problem.

    A limited user (even without sudo rights) launches a buggy application and opens an infected document. The virus can then proceed to encrypt all the files that the user can modify.

    The system files will stay intact.
    The documents of the user will get encrypted.

    The user usually cares about being able to access his documents, so the damage is done even without root access. If this happens on a single user desktop, then the damage is the same as if the virus had root access. In both cases you have to restore the PC from backups (if you have them).

  17. The worst offense... by Anonymous Coward · · Score: 5, Insightful

    ...was when they decided that hiding the extension was a great idea and made it default in XP.
    trojan.jpg.zip anyone?

  18. MS Office jumped the shark nearly 15 years ago by Anonymous Coward · · Score: 0

    MS Office peaked in 2002, and that's the version I'm still using. The Office UI has been an amazing series of increasingly idiotic disastrous design decisions, culminating in the current situation where one must navigate through three different screens to save a file. And I'm not talking about saving to a new location, I'm talking about versioning the currently open file into the same location. It's just idiotic, it's as if they are trying to sabotage productivity.

    1. Re:MS Office jumped the shark nearly 15 years ago by Anonymous Coward · · Score: 0

      The old Office is still there underneath and keyboard shortcuts still work. This is what I find most frustrating about it - they just skinned it. The actual Office XP product is still there underneath all the new cruft. The kids who ruined the office UI and performance haven't completely destroyed it (yet). I agree Office peaked in 2002, I still use Office 2002 at home, it completely eclipses the newer versions in usability and performance.

    2. Re:MS Office jumped the shark nearly 15 years ago by WheezyJoe · · Score: 1

      I think you mean 2003, but in all other ways yes. 2003 was the last version before they decided to ditch the menu bar for their precious "ribbon". I think it's because OpenOffice was reaching a point of being a reasonable replacement, almost indistinguishable on the surface, so Microsoft felt like they had to make Office... different.

      The sad thing is they took away some really useful advanced features from 2003... like being able to create your own custom buttons with a little pixel editor and assign them to macros you write for automating repetitive tasks. Gone with the coming of the wretched, unbidden ribbon, the solution for a problem that didn't exist. There are some improvements and bug-fixes that come along with 2007 and 2010, but at the cost of having to train employees on a custom ribbon with the collection of buttons they used to rely on on a toolbar (because with the ribbon, you only get one toolbar... just because). If this included a custom button, you're out of luck.

      I just can't think of how dumb this is, because all the customization capability of 2003 was effective product lock-in for Microsoft, making OpenOffice a less-than-ideal alternative for shops with a lot of time-saving macros (no, not the kind of macros that travel with documents as malware). Microsoft traded this for a fucking ribbon, because... I don't know, pick one:

      1. unless it looks different, nobody will buy it
      2. all the pre-ribbon developers were either retired or promoted to management, and new-hire young developers didn't want to read old code
      3. some VP wanted to make her mark, droning: out with the old, in with the new, change is good, you see that? I did that! Promote me!
      4. some focus group mistook OpenOffice for Microsoft Office, and that's got to stop
      5. copyright/trademark the ribbon, thereby put a stop to free software coming up with same-looking turnkey replacements

      None of the above have anything to do with creating a better, more useful or productive product for the customer, but with proper focus groups Microsoft can astro-turf their way into promoting the ribbon as an improvement. If there weren't a stack of less-visible but important features in Microsoft Office that Open/LibreOffice still haven't replicated (here's an incomplete list), my organization would have shimmied out of Microsoft's shackles long ago.

      --
      Take it easy, Charlie, I've got an Angle...
  19. News? by mcfedr · · Score: 1

    How is there news about Office 2010, which was presumably released 6 years ago. Who even uses Office these days, Google docs all the way... or a Markdown editor.

  20. Clearly They Need An App Store by Anonymous Coward · · Score: 0

    In order to protect users from malicious scripts and spreadsheets that insult religion, the next version of Excel will not execute any scripts or formulae not cryptographically signed with MS's key. A developer license will only be $99 a year and all reviews are conducted expeditiously, usually less than a week.

  21. Re: Stupid people - Mandatory Access Control by Anonymous Coward · · Score: 1

    Not if SELinux or AppArmor is enabled

  22. Can't blame Microsoft for everything by Anonymous Coward · · Score: 0

    I generally don't blame Microsoft when this problem resulted probably from so many users complaining they had no easy way to run it. So Microsoft brought it back. But as someone else noted, here it is 2016 and were talking about Office 2010? Slow news day?

  23. Why can a macro even become malware? by swilver · · Score: 1

    The real issue here is that macros and scripts should always run in a very well designed and hardened sandbox. No matter what your script does, it won't be able to do more than screwing up the spreadsheet it came embedded with. It really is insane that a macro could harm your computer, except in Microsoft's world.

    The culprit is simply bad design. Nobody in their right mind would allow arbitrary scripts from unknown sources to be run freely in an environment where they can affect things outside that environment.

    1. Re:Why can a macro even become malware? by Anonymous Coward · · Score: 0

      Go figure, it comes from Microsoft, Mr ActiveX.

      Microsoft have always been too trusting in people, like everyone that creates software for some reason.
      Every input from a user should be treated as an attack vector.
      Even invisible data like referrers, OS type or any other information based on a persons software or hardware profile.
      All of them can be used to attack servers if they are improperly configured. (like when WordPress was hilariously shit on because of storing referrers in a DB, in raw form. Of course, PHP was to blame as always)

      But likewise, it is an even bigger problem when you allow macros.
      VBA, VBScript and practically everything Microsoft has ever made to enhance something else has always come with full access to the system. (and permissions were easily overcome most of the time, until actual whitelisting was added)

      Even things like Autohotkey can do insanely damaging things.
      Autohotkey even has a command to change the time-slicer for the whole of Windows, which can be disastrous if you don't understand how it works.
      People think it is just a simple hotkey macro system, it is much more.
      So many people blindly install AHK scripts all the time. (especially to cheat in games)

      The fact sandboxing isn't a default feature of the OSes that you can turn on for any program with a right-click -> Run In Sandbox is nuts.
      Sandboxing is so useful for untrusted code.
      0-days will likely still escape sandboxes, but the majority of code won't.

    2. Re:Why can a macro even become malware? by Anonymous Coward · · Score: 0

      MS Office documents can include embedded VBA code, essentially an Office-specific dialect of classic VB. This use-case (MSO documents created with the intent of being standalone "applications") is most common with MS Access files, somewhat less common with Excel files, and rare with Word and other MSO files. One of the macros in a document can be designated to automatically run upon opening the file, which is the feature most abused by macro malware. However, it's also the feature used to make an Office VBA "application" behave similarly to a real application on startup; the macro simply forwards to a VBA entry point. You might be surprised at just how common internal corporate LOB VBA "applications" like this are. It's important to note that the bundled VBA code can do nearly anything that an application written in C can do. You're essentially recommending that an entire species of application be sandboxed. That's not infeasible - the JVM does it. But it's not trivial, and MS didn't start out with that design constraint in mind.

      The softpedia article misses a few critical points, which makes me wonder if the author really knows MSO all that well[1]. While the modal warning dialog was introduced in MSO 97, it could be configured to never appear, allowing macros by default. Practically speaking, that's pretty much what everyone did. In MSO 2003, the macro warning dialog (which was still modal) could no longer be disabled by configuration, which was not received enthusiastically by corporate MSO users, in large part because their VBA LOB applications no longer behaved like ordinary applications. You'd think that just one click at startup wouldn't be such a big deal, but then consider desktop users' negative reaction to the unavoidable Metro startup screen on Win8. MS mitigated the reaction to the MSO 2003 approach with the intrinsically non-modal MSO 2007 warning banner, which didn't force the user to click something merely to view the document.

      I question the premise and conclusions in the article. The difference between the MSO 2007 banner and the MSO 2013 banner is essentially that in MSO 2007, the end-users had to click at least twice (first click on "Options..." button to get to a dialog) to run their freshly downloaded malware. So, apparently the author thinks one extra button click is going to give end users time to reconsider their haste, or that they are likely to actually read the detailed dialog warning text in prior versions after the first half-dozen times they go through the process. I've met end-users; he's wrong, or at least statistically wrong and hopelessly optimistic. End-users have to deal with deadlines and the distracting cube farm environment. They don't think they have the time to read warning paragraphs, even small ones with parts in bold or all-caps. They become accustomed to rote button-clicking in quite short order; throwing more button-clicks in their way solves nothing and needlessly annoys the users who know what they're doing. The MS GUI devs probably understand that better than anyone. The author goes on to blame the recent resurgence of macro malware on a UI change which first appeared nearly a decade ago in MSO 2007, albeit in a pointlessly less convenient form. That conclusion can only follow from a shallow analysis, or if the author has little understanding[1] of MS Office, how it's used in business environments, and how end-users interact with GUIs with which they have become very familiar.

      FWIW, I actually came to prefer the MSO 2003 approach once I discovered the undocumented workaround. The documented way to avoid the dialog was to sign the MSO file; I never saw a company do this for an internal VBA LOB application. The undocumented workaround was to configure end-users' systems (e.g. via the installer for the VBA "application") to instead run a trivial script that opened the VBA application in a specific way that avoided the security dialog while allowing macros (I forget the details; Google should still find it for the curious). IMHO,

  24. Hold the SHIFT key down as you open 'em by Anonymous Coward · · Score: 0

    See subject: Office compound documents (OLE) won't execute macros if you hold the SHIFT key down as you open them - stops macros running automatically.

    APK

    P.S.=> Or does THAT not work anymore too? Last I knew of, it did from the very 1st 16-bit versions of Office, into the 32-bit models like Office 2003 (I think that was the name of the last model I used regularly @ home)... apk

  25. What kind of head injury do they have?? by JustAnotherOldGuy · · Score: 1

    Seriously, what kind of head injuries do the people at Microsoft have?? This is an enormously STUPID decision made by enormously STUPID people.

    Ask technically-savvy people about this and 99.99999% would say, "Don't do this", but the wizards at MS in their infinite wisdom do it anyway?

    WTF, Microsoft?? Do you want your users to be fucked over?

    --
    Just cruising through this digital world at 33 1/3 rpm...
    1. Re:What kind of head injury do they have?? by phantomfive · · Score: 1

      Seriously, what kind of head injuries do the people at Microsoft have??

      It's called "product management." It results in diminished quality everywhere it is used, because it relieves the developers from the responsibility of thinking about the quality of what they are building.

      Here's an example of the special Microsoft version of this disease:

      So just on my team, these are the people who came to every single planning meeting about this feature:

      1 program manager
      1 developer
      1 developer lead
      2 testers
      1 test lead
      1 UI designer
      1 user experience expert
      --
      8 people total

      These planning meetings happened every week, for the entire year I worked on Windows.

      The advantages of this system are: better top-down control, and you can hire less competent developers (who have not the skillset of thinking about what they are building).

      --
      "First they came for the slanderers and i said nothing."
    2. Re:What kind of head injury do they have?? by JustAnotherOldGuy · · Score: 1

      So just on my team, these are the people who came to every single planning meeting about this feature:

      Yep. I've worked (as a contractor) at Microsoft, and yes, the meetings are constant, unproductive, and often litle more than dick-waving contests.

      I rarely left a meeting feeling like we'd accomplished anything useful. Most of the decisions made were done in such a way so that no one could/would be blamed for anything that happened as a result of the meeting. Half the people there had no input and no stake in the subject at hand, but they had to come so they could "show the flag" and rack up meeting points.

      The other thing that Microsoft does (including many of the contracting companies attached to MS) is reporting, reporting, reporting.

      I spent ridiculous amounts of time every week detailing what I'd done that week (i.e. "tell the work story") rather than actually DOING anything. This was done to make ourselves visible to the higher-ups who had to justify their existence to their superiors.

      So it got to be this reporting-fuckfest done mainly to plump up the work logs to make it appear we were doing something. And we were doing something: we were filling out shitloads of "what I did" reports, which took away from the time we needed to actually accomplish our goals. Fucking insane.

      --
      Just cruising through this digital world at 33 1/3 rpm...
    3. Re:What kind of head injury do they have?? by phantomfive · · Score: 1

      So it got to be this reporting-fuckfest done mainly to plump up the work logs to make it appear we were doing something. And we were doing something: we were filling out shitloads of "what I did" reports, which took away from the time we needed to actually accomplish our goals. Fucking insane.

      Did anyone read them?

      --
      "First they came for the slanderers and i said nothing."
    4. Re:What kind of head injury do they have?? by JustAnotherOldGuy · · Score: 1

      Did anyone read them?

      Theoretically the higher-higher managers did, but who knows.

      They probably got a stack of these combined reports every week and said, "Not another load of this shit again!" and tossed them in the shredder.

      --
      Just cruising through this digital world at 33 1/3 rpm...
    5. Re:What kind of head injury do they have?? by phantomfive · · Score: 1

      It's actually kind of amazing Microsoft held together at all, considering how bad their management style is.

      --
      "First they came for the slanderers and i said nothing."
    6. Re:What kind of head injury do they have?? by Anonymous Coward · · Score: 0

      >Did anyone read them?

      No; they were rejected for having the wrong TPS report covers.

    7. Re:What kind of head injury do they have?? by JustAnotherOldGuy · · Score: 1

      It's actually kind of amazing Microsoft held together at all, considering how bad their management style is.

      Yep. I'm surprised the company survived the decade-long "stack ranking" clusterfuck, which was an egregious, self-inflicted wound perpetrated by clueless management retards.

      It just goes to show that inertia in a large company can keep them rolling along, even when the treads are coming off and smoke is pouring from the turret.

      --
      Just cruising through this digital world at 33 1/3 rpm...
  26. I have to say it by raymorris · · Score: 1

    Of course, we all know that in Windows, clicking the X on the right now means "go ahead and do it". :)

    Somebody had to say it.

    1. Re:I have to say it by Latentius · · Score: 1

      I have to admit, I really don't get that particular scandal. When you have a notification, the X has always just been a dismiss button. When the notification is informing a user about a scheduled operation, why on earth would anyone think that simply dismissing the notification would magically un-schedule the operation? Now, if there were a button inside the dialog box that said "Don't Install" and it did anyway, now we'd have a legitimate scandal.

  27. Super Annoying by Anonymous Coward · · Score: 0

    By attempting to ratchet up security they have interestingly reduced it. Now it seems that ever document from any source results in some sort of restriction that prevents printing, editing or doing anything else useful. Choices to deal with it often are limited to "trust" or not. I need to print stuff, I need to edit it, but I don't want to trust it! Why do I have to trust documents to print them?? I need to be able to easily disable potentially malicious macros while still retaining functionality.

  28. Enable Button by Christopher+Fritz · · Score: 1

    Often times at work, one co-worker e-mails an Office document to another. The recipient opens the document from their e-mail, clicks the Enable button on that yellow notification bar to switch from read-only mode to editing mode, and then views the document without making any changes. Whenever I see this, I point out to the person that they should not click that button unless they're read what the notification says (click to enable editing), and they should only click it if they need (and know they need) what it enables.

    Supposedly things are set up at work where macros can't run from the C: drive, which is where Outlook stores files opened from an e-mail, so many it won't be an issue if a document with a malicious macro comes in from the outside. Nonetheless, I'll continue my quest to try to get everyone to be just a little more careful about what they're enabling.

  29. Microsoft DLL Hijacking Vulnerabilities by khz6955 · · Score: 1

    I think the worst decision was putting security functions in dynamically loaded libraries and allowing them to be dynamically hijacked

  30. Re:Fuck BEAUHD stories!!! by Anonymous Coward · · Score: 0

    Did you forget to take your meds again, grandpa?

    Being that stupid you are in grave danger, kid.

    https://en.wikipedia.org/wiki/Edward_Snowden

  31. Inside job by Anonymous Coward · · Score: 0

    Someone knew someone.

    1. Re:Inside job by Anonymous Coward · · Score: 0

      Then they died and you too. Microsoft sold shit to you then sold you out.

  32. Re: Stupid people - Mandatory Access Control by Anonymous Coward · · Score: 0

    A limited user (even without sudo rights) launches a buggy application and opens an infected document.

    What application would that be?

    Linux bugs happens, and gets fixed quickly. The problem with ms office is not a 'chance bug', but a design bug. Meaning it is buggy as intended by people who possibly did not think this through. And therefore it won't be fixed at all until serious problems have reigned for some time. (Like the last time this happened.)

  33. Re: Stupid people - Mandatory Access Control by Anonymous Coward · · Score: 0

    Eh. Why would that help anything?

  34. Re: Stupid people - Mandatory Access Control by Anonymous Coward · · Score: 0

    Linux has the same problem.

    A limited user (even without sudo rights) launches a buggy application and opens an infected document. The virus can then proceed to encrypt all the files that the user can modify.

    The system files will stay intact.
    The documents of the user will get encrypted.

    The user usually cares about being able to access his documents, so the damage is done even without root access. If this happens on a single user desktop, then the damage is the same as if the virus had root access. In both cases you have to restore the PC from backups (if you have them).

    Marked up 4, Interesting for what is total bullshit. Microsoft pays for stories here and people to bullshit the comments. The comments since day one of Slashdot are what anybody even cared about. You don't even read this shit for the stories, its the comments because it is tech-minded aka like-minded people. Well, it was. Until everybody bought into the Myspace then Facebook bullshit then Reddit etc.

    Linux does not have the same problem. There are no "Macro Malware" problems in Linux dickhead. You can right now go download LibreOffice or LibreOffice portable and run it on Windows as well. If you are having malware problems it is literally because you are using Windows. Windows is not only malware now but also adware and most importantly spyware. How they pushed it on the public with sneak after sneak is the epitome of corporate liars.

    Fuck Microsoft and fuck people sticking up for asshole companies. Linux's only real problem is systemd being pushed as if it is the new "registry" of Linux. One thing to control your whole operating system. You should also disable Akonadi and Nepomuk upon any install of desktop Linux in my opinion. They are the desktop search that doesn't want to go away when you want it to. It is thus far a small hassle to disable it in KDE preferences. Every where you turn somebody wants to control your PC and for what? Average Joe doesn't care about hacking his peers PC's it's the government infiltrating corporations like Microsoft and Google and of course Facebook.