Open PPTX File

Information, tips and instructions

Macros and Security

Microsoft PowerPoint is a great tool to create rich and stylish presentations. But some users require even richer functionality from it. Certain enterprise scenarios require PowerPoint presentation to contain certain scripts which could be executed to perform specific actions on the presentation and other items on the computer. To facilitate this Microsoft introduced Visual Basic Scripting starting from PowerPoint 7.0 for Windows 95.

While Visual Basic Scripting significantly enhanced PowerPoint capabilities it also introduced potential attack vectors for hackers. Macro virus is a virus which uses macro capabilities of an application to replicate itself, infect other computers and perform malicious actions. Macro capabilities of Microsoft PowerPoint are based on Visual Basic programming which allows interaction both with file system and e-mail. This gives virus everything it needs to replicate (using file system) and spread (using e-mail).

Typical way for a virus to spread is by using user e-mail to send a message containing text which will trick a victim to open an attachment. This attachment will typically be a Microsoft Office file with a macro virus inside which will start its execution right after the user agrees to enable macros in the document. One of the ways which attackers use for this is to fill a document with gibberish and write a message on top of the document “To decode a document enable macros”. This tricks many users into enabling macros in a document and infecting their computers.

Macro virus problem became somewhat less prominent with changes Microsoft made in recent versions of Microsoft Excel. Macros are now disabled by default and confirmation messages to enable macros are clearer and contain notice about potential threats. Still hackers have some creative way to go around these messages and still trick users into agreeing to execute macro viruses. That is why it is still important not to download any files from the untrusted sources.