MS Word Virus Alert

by Jerry Lawson

The "Melissa" virus that struck in late March, 1999, provoked news coverage by major T.V. networks.

Most of the earliest Word viruses were relatively harmless, but many of the newer ones can cause significant damage. A lead story in Federal Computer Week explains how an infection at NASA harmed all the personal computers used in support of the Mir mission, and even spread to Mir support computers in Russia (though it apparently did not affect any computers on board Mir; they probably don't use MS Word in space).

As computer security expert Yaro Charnot told the Los Angeles Times in an interview after the outbreak of the Melissa virus:

"It seems as if it is Microsoft policy not to care about security."

Why MS Word Viruses Are Particularly Dangerous

Word's unusual method of implementing macros makes it particularly vulnerable to viruses.

By comparison, older types viruses were comparatively easy to protect against, because they had to hide in a physical part of a computer disk (the "boot sector") or in an "executable file" (roughly speaking, a program, which usually ended in extension .com or .exe). There was little to worry about unless you exchanged diskettes or computer programs with others. Exchanging documents (i.e., data files, as opposed to programs) used to be safe, especially if done by e-mail instead of floppy disk.

Things have changed significantly. Microsoft Word viruses spread more easily than conventional viruses because they can hide in documents and automatically reproduce themselves or do damage when a Word document is opened. No other word processor on the market is as vulnerable to computer virus infection as MS Word. This is so important, it's worth repeating:

No other word processor on the market is as vulnerable to computer virus infection as MS Word.

By default, Word automatically executes macros with certain names when a file is opened. This is why Word viruses are now the most commonly reported type: the design of the program makes it extremely easy for them to reproduce and spread. The book Word 97 Annoyances is the best single reference I have found on the Word virus problem.

Keeping The Danger In Perspective

While anyone who uses a computer for serious purposes should still take some protective measures against conventional viruses, you probably don't need to worry about macro viruses unless you are using the Microsoft Word word processor. To avoid spreading unnecessary fear, it should be stressed:

You are unlikely to catch a macro virus if you are using any word processor except Microsoft Word.

One macro virus has been reported in Ami Pro, but because Ami Pro's basic design is safer it does not reproduce easily like the Word virus does, so it is rare. Versions of WordPerfect up to Version 8 are extremely safe. Versions higher than 8 contain the same virus-vulnerable technology (VBA) licensed by Corel from Microsoft. Further testing will be needed to determine whether WordPerfect implements VBA more securely than Microsoft has. In any event, remember that you are safe with versions of WordPerfect up through version 8.

Viruses like the Word viruses have also been discovered in MS Excel (most recently "Papa," apparently inspired by Melissa), which uses macros like Word. Experts believe the newest version of MS Powerpoint shares the same vulnerability as its corporate cousins, but I have seen no reports yet of Powerpoint viruses. Because Word viruses are by far the most common type, for convenience I will refer only to Word throughout this discussion, but the same principles apply to Excel, and possibly to Powerpoint and Access.

Protective Measures

There are many things you can do to protect yourself against Word viruses, but there is no single silver bullet that will make the problem disappear easily.

The most important thing is not to open up any document in Word unless you are confident it is safe. You can safely open up a suspect Word document in any other word processor except Word. This includes Ami Pro (now called Word Pro) and WordPerfect (at least WordPerfect up to Version 8). The macro will not be present when the file is saved.

Microsoft has some prophylactic software at their web site (go to http://www.microsoft.com and search for "macro virus"), but, as they acknowledge, it does not provide complete protection.

If you use Windows 95, one rough and ready partial solution is to open suspicious MS Word documents only in the Wordpad utility. When you save a file in Wordpad, the macros are eliminated, and the document is safe.

E-mail is generally safe, unless it has an "executable file" (a program, usually ending in .exe or .com) or MS Word document attached. According to Federal Computer Week, one of the measures taken by NASA and Russian scientists to slow the spread of the recent Word virus infections was to limit communications to faxes and e-mail without attachments.

If someone sends you an e-mail attachment in MS Word format, consider asking them to resend the document in a safer format.

An e-mail attachment alone can't spread the virus unless it's opened in Word. However, some e-mail programs can be configured to automatically open attachments and load them into the appropriate program. It is not a good idea to do this for Word documents, for obvious reasons.

It is smart to use anti-virus software. You can increase the efficiency of your antivirus software by regularly downloading new virus "signatures," usually at no cost, from the web site of the maker of your antivirus program. CNET has a link to virus updates that protect against the virulent "Melissa" virus.

Be aware that antivirus software does not make the problem go away. NASA, who was using Norton Antivirus when they were hit, learned this lesson all too well.

The FCW story about the (pre-Melissa) NASA outbreak is at:

http://www.fcw.com/pubs/fcw/1997/1020/fcw-mir-10-20-1997.html

More Information

Finally, here are some articles from the Microsoft web site. I encourage you to take them with a grain of salt, because in putting out information about this problem, Microsoft has generally been more concerned with public relations and marketing than the best interests of their customers:

Update, Dec. 1999: Is Microsoft finally beginning to "get" the seriousness of the problem? After years of being in denial, the newest information posted at the Microsoft web site about viruses does appear to take the threat somewhat more seriously. Of course, they are still not all that candid,  but at least they appear to be taking baby steps in the right direction. See, for example, the Macro Virus Alert issued about Melissa. Further, the digital signatures protection scheme in Word 2000 in theory provides a higher level of protection that Word 95 and Word 97. How well the protection works out in actual life remains to be seen.

Of course, any step in the right direction would be an improvement after Microsoft's past behavior, which includes: