How a Bad UI Decision From Microsoft Helped Macro Malware Make a Comeback

An anonymous reader writes: Macro malware is a term to describe malware that relies on automatically executed macro scripts inside Office documents. This type of malware was very popular in the '90s, but when Microsoft launched Office 97, it added a popup before opening Office files that warned users about the dangers of enabling macros. Microsoft's decision had a huge impact on macro malware, and by the 2000s, this type of malware went almost extinct. Lo and behold, some smart Microsoft UI designers start thinking that users might get popup fatigue, so in Office 2007, Microsoft makes the monumental mistake of removing the very informative popup, and transforming the warning into a notification bar at the top of the document with only six words warning users about macros. Things get worse in Office 2010, when Microsoft even adds a shiny button that reads "Enable Content," ruining everything it had done in the past 10-15 years, and allowing macro malware to become the dangerous threat it is today. The U.S.-CERT team issued an official threat yesterday warning organizations about the resurging threat of malware that uses macro scripts in Office documents.

Car Anology

[Required+Snark]

If Windows was a car and Microsoft was the driver, it would be like someone who is senile and keeps running into the same tree over and over and over again. In both the real world and the analogy they always loose their memory of past failures, and the result is inevitable.

This is rooted in Microsoft culture. Security is never a primary concern. Imagine someone with a whiny voice saying "It's too hard, I don't wanna do it, it makes things no fun" etc, etc. From the outside that seems like how they behave.

And there is the little matter of loss of institutional memory, which is the senility part. That is because they consciously exclude people of long experience. They don't hire them, and if anyone is too long on the job they get flushed out. It's cheaper and keeps the workforce docile. But the long term result is making the same mistake over and over again. Not that Microsoft is a whole lot worse then any other big software organization, but they appear to do it even more then other big outfits.

Expect them to resurrect the BSOD any day now...

Re:Car Anology

[Ol+Olsoc]

Expect them to resurrect the BSOD any day now...

It never went away - still an integral part of the Windows experience. http://answers.microsoft.com/e...

http://answers.microsoft.com/e...

http://www.computerworld.com/a...

W10, 8.1, and 7. BSOD - suposedly long gone.

I've had zealots declare me a liar while cleaning "There is no BSOD any more!" with great conviction. It stil happens, even as documented on Microsoft pages.

Watch me get marked as a troll for pointing out the truth.

The worst offense...

...was when they decided that hiding the extension was a great idea and made it default in XP.
trojan.jpg.zip anyone?

Re:Really?

[jaseuk]

Yes - but this appears even on files without any Macro content - just because the file came by e-mail. So files from internal recipients in a DOMAIN without Macros's have the SAME warning as an internet file with a Macro virus.

This is the stupidity.

Jason.