Slashdot Mirror
How a Bad UI Decision From Microsoft Helped Macro Malware Make a Comeback (softpedia.com)
An anonymous reader writes: Macro malware is a term to describe malware that relies on automatically executed macro scripts inside Office documents. This type of malware was very popular in the '90s, but when Microsoft launched Office 97, it added a popup before opening Office files that warned users about the dangers of enabling macros. Microsoft's decision had a huge impact on macro malware, and by the 2000s, this type of malware went almost extinct. Lo and behold, some smart Microsoft UI designers start thinking that users might get popup fatigue, so in Office 2007, Microsoft makes the monumental mistake of removing the very informative popup, and transforming the warning into a notification bar at the top of the document with only six words warning users about macros. Things get worse in Office 2010, when Microsoft even adds a shiny button that reads "Enable Content," ruining everything it had done in the past 10-15 years, and allowing macro malware to become the dangerous threat it is today. The U.S.-CERT team issued an official threat yesterday warning organizations about the resurging threat of malware that uses macro scripts in Office documents.
Nope you need to be retarded to use *any* m$ software...
This is rooted in Microsoft culture. Security is never a primary concern. Imagine someone with a whiny voice saying "It's too hard, I don't wanna do it, it makes things no fun" etc, etc. From the outside that seems like how they behave.
And there is the little matter of loss of institutional memory, which is the senility part. That is because they consciously exclude people of long experience. They don't hire them, and if anyone is too long on the job they get flushed out. It's cheaper and keeps the workforce docile. But the long term result is making the same mistake over and over again. Not that Microsoft is a whole lot worse then any other big software organization, but they appear to do it even more then other big outfits.
Expect them to resurrect the BSOD any day now...
Why is Snark Required?
Kind of hard to give a shit what you think when you get butthurt over such a minor distinction, shill.
> and what do you propose as solution?
> Removing macros? Further dumbing down systems ?
The problem is that Microsoft dumbed it too much. They have one button where they should have two. The ONLY option is the new UI is "Run Content". There should be a "No Thanks" button.
As explained in the fine summary, the recommendation is something like the old warning, which actually worked, or least an option labeled "dismiss", "cancel", or "disable macros". Here's one MS UI that worked:
http://i1-news.softpedia-stati...
Microsoft traded that for a single button with the instruction "Enable Content". There is no more "disable macros" option anymore. Anyone who isn't sure what they should do will often click the one and only option Microsoft provides: run the macros. There should be a button to dismiss the message without running macros.
The stock symbol is a convenient short identifier.
MS deserve the moniker M$ due to patterns of behaviour that indicate they have no integrity. Some people don't understand that organisations have a persistent culture, some are simply stupid, some are going to switch off no matter what you do, and your managers don't bother reading your emails in full.
That's life.
It's also not particularly interesting or informative to keep pointing it out as if you have some kind of special insight, unless you want everyone to "join" them in a collaborative love-in of business bullshit and become part of the problem. You cannot change all people like that, and frankly fuck them if the alternative is to be co-opted into the church of the subpar.
...was when they decided that hiding the extension was a great idea and made it default in XP.
trojan.jpg.zip anyone?
Yes - but this appears even on files without any Macro content - just because the file came by e-mail. So files from internal recipients in a DOMAIN without Macros's have the SAME warning as an internet file with a Macro virus.
This is the stupidity.
Jason.