News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Office as a malware delivery platform: DDE, Scriptlets, Macro obfuscation

    Home » Forums » AskWoody blog » Office as a malware delivery platform: DDE, Scriptlets, Macro obfuscation

    Author
    Topic
    #153301

    I thought we got over the Office macro malware blues back in the 90s. Nope. All of that high-powered native document intelligence is coming back to bi
    [See the full post at: Office as a malware delivery platform: DDE, Scriptlets, Macro obfuscation]

    4 users thanked author for this post.
    Viewing 1 reply thread
    Author
    Replies
    • #153311

      I guess if you have to run any MS Office products, don’t ever allow it to update links or run macros.

      Group "L" (Linux Mint)
      with Windows 8.1 running in a VM
    • #153313

      People here often say “Don’t enable editing”, but how else can you alter or print a document? If there’s a safer way of doing so without e.g. switching products (I personally found Open Office to be incompatible with my then work when I tried it) then perhaps someone could kindly put forward a brief guide? I’m sure it would make a useful article.

      • #153316

        Woody mentioned (in a previous but related post) that Office Online doesn’t have these vulnerabilities, which does make sense. (More sense than most things related to MS.)
        There is some free functionality with Office Online for anyone, even those without an active O365 subscription. You have to upload your files to OneDrive to then be able to open them in Office Online, but otherwise – you should be able to use that to ‘get around’ these vulnerabilities, if LO/OOo/GDocs do not meet your requirements.

        3 users thanked author for this post.
        • #153318

          Thanks for that Zero, but my immediate reaction is that copying all my files and documents to a separate MS storage site is kind of swapping one potential security concern for another! That’s only based on the briefest of Google research, however, so I’ll look into it a little more. Thanks again.

          • #153319

            I would give LibreOffice [Fresh] a shot; I’ve had better luck with LO keeping MS Office formatting intact than with Apache OpenOffice. (Other people swear by Kingsoft WPS Office, so that would be a second option if LO doesn’t fit the bill.)

            3 users thanked author for this post.
            • #153610

              Plus One for recommending WPS Office, formerly known as Kingsoft Office. Compatibility with native MS Office formats is better, though not perfect. It’s free for personal use, so there’s no risk in trying it.

              -- rc primak

          • #153320

            I’ve had better compatibility with Libre Office. One thing you have to watch is the fonts. MS doesn’t embed fonts unless you make a point in doing so (which makes the file bigger). So if you open a MS created document, the font may be different from the original.

            3 users thanked author for this post.
            • #153386

              I always use Calibri font when I type in MS Word; but this font is not available in Libre Office Writer.

              However, if I create a document in Word, then open it in Writer, the document remains in Calibri in Writer.

              I’m using Windows 7 / 8.1 and Linux Mint 18.2, if that means anything for this issue.

              Group "L" (Linux Mint)
              with Windows 8.1 running in a VM
              1 user thanked author for this post.
            • #153387

              Do you have Word set to embed fonts? If so, the Calibre font is stored in the document and will appear in Libre Office even if it is not available for creating a document.

              1 user thanked author for this post.
            • #153426

              I don’t know; maybe I do. If so, it was pure good luck on my part, not anything intentional. I say “good luck” because the Calibri font is my favorite font, and it’s not natively available in Linux Mint.

              Group "L" (Linux Mint)
              with Windows 8.1 running in a VM
            • #153611

              You might have better font compatibility in WPS Office. They try to stay in step with MS Office more than LibreOffice does, and fonts are one area where this shows up.

              -- rc primak

      • #153388

        I’m slowly moving everything possible over to Google Docs and Sheets.

        Starting in 2018, I hope to be doing all of my day-to-day writing in Docs. My books will have to stay in Word, for the editorial and composition compatibility.

        1 user thanked author for this post.
        • #153428

          I’m slowly moving everything possible over to Google Docs and Sheets.

          Starting in 2018, I hope to be doing all of my day-to-day writing in Docs.

          Well, that should increase your readership some — all of those folks at Google who scan through the docs and emails that people create and work on in Google Docs, Gmail, and other Google “free” products — they will now be reading what you are writing!

          Group "L" (Linux Mint)
          with Windows 8.1 running in a VM
    Viewing 1 reply thread
    Reply To: Office as a malware delivery platform: DDE, Scriptlets, Macro obfuscation

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.