How a Bad UI Decision From Microsoft Helped Macro Malware Make a Comeback

An anonymous reader writes: Macro malware is a term to describe malware that relies on automatically executed macro scripts inside Office documents. This type of malware was very popular in the '90s, but when Microsoft launched Office 97, it added a popup before opening Office files that warned users about the dangers of enabling macros. Microsoft's decision had a huge impact on macro malware, and by the 2000s, this type of malware went almost extinct. Lo and behold, some smart Microsoft UI designers start thinking that users might get popup fatigue, so in Office 2007, Microsoft makes the monumental mistake of removing the very informative popup, and transforming the warning into a notification bar at the top of the document with only six words warning users about macros. Things get worse in Office 2010, when Microsoft even adds a shiny button that reads "Enable Content," ruining everything it had done in the past 10-15 years, and allowing macro malware to become the dangerous threat it is today. The U.S.-CERT team issued an official threat yesterday warning organizations about the resurging threat of malware that uses macro scripts in Office documents.

Re: Stupid people - Mandatory Access Control

[Pentium100]

Linux has the same problem.

A limited user (even without sudo rights) launches a buggy application and opens an infected document. The virus can then proceed to encrypt all the files that the user can modify.

The system files will stay intact.
The documents of the user will get encrypted.

The user usually cares about being able to access his documents, so the damage is done even without root access. If this happens on a single user desktop, then the damage is the same as if the virus had root access. In both cases you have to restore the PC from backups (if you have them).