How to protect against Macro Viruses?

Discussion in 'other security issues & news' started by Rasheed187, Nov 18, 2007.

Thread Status:
Not open for further replies.
  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,055
    Location:
    The Netherlands
    Hi,

    Is the only way to rely on a realtime scanner or is the MS Office "high/trust only MS add-ins" setting enough to stay protected? And which key do I need to add to my reg monitor to protect this setting? Also, can tools like Script Sentry really protect against this kind of stuff? :)
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
  3. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    You can see how many av programs perform against known macro viruses at the link below. Go to Comparatives-->15. On-demand comparatve, August 2007, Online Results which is a pdf.

    http://www.av-comparatives.org/
     
  4. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    The default settings of Office are good against untrusted macros.
    More info in these threads :)
     
  5. Terror_Eyez

    Terror_Eyez Registered Member

    Joined:
    Nov 22, 2007
    Posts:
    23
    Location:
    Your moms bed...
    I got a question, why not just keep the "Micro-Viruses" constricted to a sandbox, like with Sandboxie? Then you don't have to worry about this, just delete the sandbox, and the "micro-virus" is gone!
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    From the KB article mentioned by ronjor:
    The implications are,

    1) That the infected document needs to be viewed in an application that will run macro programing code.

    2) That the user has to view a document created or edited by someone else.

    It's assumed that one's own security policies include not opening documents from unknown sources via any of the media above.

    If you do view others' documents, receiving them from a trusted source is not an indication of a "clean" document. It could have been infected without the other person knowing it. This used to be very prevalent in education environments.

    Scanning documents may or may not catch the virus. The suggestion by Terror_Eyez to sandbox may be another way.

    Another solution is to view the document in an application that will not run programming code, thus, insuring preventions per 1) in the article.

    This was my solution in my years as an educator. Those of us that worked this way were able to say as did Terror_Eyez,

    ----
    rich
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,055
    Location:
    The Netherlands
    Thanks for the feedback everyone, the reason why I asked was because I refuse to run a realtime scanner, and malware might be able to change the "macro protection" setting in Office, so does anyone know which key to protect?
     
Loading...
Thread Status:
Not open for further replies.