Why would someone send a malicious macro?
This is my response to the above question on TechNet. The user had set his
system to accept all macros. This is not a good idea.
- Vba macros are very powerful. They can take over your entire system or
lurk in the background.
- Malicious macros can steal your passwords and potentially your banking
- Malicious macros can turn your computer into a slave being used for
malicious purposes against others, tracing back to you. This can be a
- Malicious macros can get other confidential information from your
- There are people out there who enjoy demonstrating their skills by
messing with others.
- Search Google for "Ransomware." Here is the
I am a big user of macros, both my own and those written by others. Just as I
use software developed by others, I use macros developed by others. However, I
want to know who is responsible. I want to know what it does. By allowing all
macros to run, I turn control of my computer over to unknown others. Because
Word has incorporated good security and it is applied by default, Word macros
are not really a problem if the user exercises ordinary prudence.
I am a lawyer and my computer contains confidential information. I also do
transactions online, both for myself and for my clients. I do not want unknown
others to have access to that.
What are best practices going forward?
These are personal opinions. This page is not based on industry
standards nor has it been vetted by anyone else.
I set my Trust Center Settings as follows:
This is misleading. This does NOT really stop all macros. It stops all
unauthorized macros. If macros are not otherwise authorized (i.e. if they
come in on a file from someone else) then you are asked if you want to allow
them to run.
Even the box saying Disable all macros without notification does not
truly disable all macros. It simply means that if a document comes in with
macros and you have not already given permission for using those macros,
they will be disabled and you will not be asked about it or told about it.
If they are from trusted publishers or you put them in a trusted location,
they will run, also without notification.
All of my own macros are in templates stored in trusted locations.
The three in the Red Box above are trusted by default. They are the
Templates folder (the location where your normal.dotm template is stored),
the default Word Startup
Folder, and the folder holding templates that come with Word. Those may
be the only locations you need. Your own macros, stored in any of those
locations will be able to be run without any warnings or messages.
I currently have only one Trusted publisher listed: Bill Coan, an MVP
with whom I
have personally dealt. I do have code from many other MVPs in my Trusted
I find these sufficient because I am the only one who has physical
control over my computer. I suspect that they would be sufficient for you as
Another level is to require that macros be digitally signed. I used to
digitally sign my macros but decided I did not need that.
The screenshots are from Word 2013. They would be similar in Word 2007
and later. Similar protections were in Word 2003. These are Windows
versions. Word for the Mac has similar settings. Again, the default
installation will be to Disable All Macros Without Notification, which means
all except those in the default trusted locations.
These are my personal opinions. You need to exercise your own judgment. If
you allow no macros, period, you are cutting yourself from one of Word's most
powerful features. You may need to do this, just as you may need to have your
computer isolated and with no Internet access.