~~~~~ ~
More on the Melissa virus and what can be done.
This appears to only affect/infect MS Office 97/2000 users.
~~~~~ ~
--==>> WOW -- WOODY's OFFICE WATCH <<==--
(your own Microsoft Word & Office guru every week!)
28 March 1999 Vol 4 No 14
MELISSA MACRO VIRUS - SPECIAL EDITION
First, a word from this weeks sponsor ...
** SAVE ON MICROSOFT OFFICE & VBA SOLUTIONS CONF./LONDON
As a valued WOW reader, receive 50 pounds off the regular
price to
the world's best conference for Office & VBA. Join
Microsoft
and the world's leading experts at MOVS99,LONDON April
11-14
Register now! Discount code "WOWVIP" Tel.+44 (0)181 789
2250
Fax+44(0)181 789 2249
http://www.vbaconference.com/london99
IN THIS ISSUE: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
There's a virulent new Office 97 / 2000 virus called
Melissa out now and it could be waiting in your Inbox
right
now. So WOW is out early this week so you have all the
information you need. The Melissa virus is a real problem,
even at Microsoft! It infects Word and uses Outlook to
send
itself to other people.
Here in WOW we've closely examined the virus and have
details on exactly what it can do plus we stomp on some
rumors and misinformation that's already spreading.
HELP! This issue of WOW has help for you on:
- Protecting yourself from Melissa and other Office
viruses
- What to do if you get a message from the 'Melissa' virus
- Step by step advice if you get infected with the Melissa
virus.
JOIN WOW, hear the latest Office news FREE and FIRST send
blank email mailto:[EMAIL PROTECTED] or
http://www.woodyswatch.com/wow/ . And don't forget our
free
Windows newsletter http://www.woodyswatch.com/www/ or
mailto:[EMAIL PROTECTED]
* THE NOT SO LOVELY MELISSA VIRUS
- THE MAIN WARNING - PLEASE READ THIS
- A SPECIAL REQUEST FROM WOODY
* WHAT DOES THE MELISSA VIRUS DO?
* HOW TO PROTECT YOURSELF FROM MELISSA
- ANTI-VIRUS PROGRAMS
- FREE TRIAL ANTI-VIRUS SOLUTIONS
- ONGOING PROTECTION
- OPENING EMAIL ATTACHMENTS
- PROTECTING CORPORATE MAIL SYSTEMS
* IF YOU ARE INFECTED BY THE MELISSA VIRUS
* MELISSA RUMOR DEBUNKING
* KEEPING UP WITH MELISSA
* CREDITS
* 'PRANK MACROS' COME HOME TO ROOST
* ENTERTAINMENT NICHE
* BACK ISSUES?
* WOODY's CONTACTS in North America or Australia
* ADMINISTRIVIA, subscribing, unsubscribing etc
THE NOT SO LOVELY MELISSA VIRUS ~~~~~~~~~~~~~~~~~~~~~~~
The bombshell for Friday afternoon (US time) was a new
Word
97 and Word 2000 (currently being widely tested) virus
that
uses Microsoft Outlook (not Outlook Express) to send
itself
out to lots of people very fast and right under your nose.
As a result it's spread like wildfire in company email
systems and across the Internet - causing havoc in places
you would not expect like Microsoft and Intel among many.
See
http://chkpt.zdnet.com/chkpt/hud0007500a/www.zdnet.com/zdnn/
stories/news/0,4586,2233030,00.html
for Fridays report.
The virus is called 'Melissa' or more properly
W97M/Melissa.A (there's no official name and you'll also
see it called W97M_Melissa or W97M.Mailissa.A ) after the
name of class module that contains the macro virus. The
module is set to run each time an infected document is
opened and sometimes when closed too.
As usual there has been a lot of panicked and ill informed
reports about what this virus does so we've worked over
the
weekend to see what it really does, how you can protect
yourself and what to do if you've already been infected by
the Melissa virus. We'll also squash some of the rumors
and misunderstandings that are out there.
THE MAIN WARNING - PLEASE READ THIS ~~~~~~~~~~~~~~~~~~~
First the main and important warning in brief ...
If you receive a message from ANYONE at all - it doesn't
matter who it might be:
* with the subject line 'Important Message from <name of
sender>'
* and an Word document attached (of any name but probably
LIST.DOC)
Then DELETE THE MESSAGE, do NOT open the Word document.
This simple advice will remove the virus infected document
and stop it spreading. If everyone would follow that
advice the Melissa virus will be stopped dead in its
tracks.
See later in this issue of WOW for more detailed tips on
what to do if you receive any Word document or Melissa
virus created message.
A SPECIAL REQUEST FROM WOODY ~~~~~~~~~~~~~~~~~~~~~~~~~
Please. Take a few seconds to forward this article to
everyone you know who doesn't subscribe to WOW. Urge them
in no uncertain terms to read and heed the above advice -
doing so will save them and many other people trouble.
All I ask is that you keep this article intact - don't
change it - and that you send it in its entirety. If there
are any updates, we'll post them to http://www.wopr.com/
immediately.
Peter Deegan is also working with ZDnet on the Melissa
virus and he'll arrange for any new developments to be
posted there
http://chkpt.zdnet.com/chkpt/hud0007500a/www.zdnet.com/zdnn/
---->> LEARN FROM THE BEST <<----
Feel like you're learning Office with a certified guru
helping.
Make Office an easier and more effective tool for daily
use
" WOODY LEONHARD TEACHES MICROSOFT OFFICE "
available from good bookstores worldwide
>> http://www.wopr.com/books/woodyteaches.htm <<
---->> THIS COULD HAVE BEEN YOU <<-----
You could have told people about your product, web site,
event or service here in WOW.
Advertise in WOW - reach your audience for a few $$$
>> http://www.mcc.com.au/wow/ad.htm or
mailto:[EMAIL PROTECTED] <<
WHAT DOES THE MELISSA VIRUS DO?
~~~~~~~~~~~~~~~~~~~~~~~~~~~
When you open an infected Word document Melissa checks
which version of Word you have and changes some Word
settings depending on whether you have Word 97 or 2000.
WORD 97
- blocks access to the Tools | Macro menu item. This
effectively stops you from checking any macro that
may be present in a document or template.
- Some Word 97 menu settings are changed to make virus
spreading easier:
Tools | Options | General | Confirm Conversion at
Open - OFF
Tools | Options | General | Macro virus protection -
OFF
Tools | Options | Save | Prompt to save Normal
template - OFF
WORD 2000
- blocks access to the Tools | Macro | Security
settings. This effectively stops you from raising
your macro virus security to a level which prevents
macros from running or being checked before running.
- Set Word to the lowest macro virus security level -
then there's no protection from unsafe macros.
The virus adds a new registry entry
HKEY_CURRENT_USER\Software\Microsoft\Office\Melissa?\ with
a value "... by Kwyjibo". If you have this registry key,
then that machine has been infected by Melissa at some
stage.
If you have Microsoft Outlook (not Outlook Express) the
virus then grabs the first 50 entries each address list
you
have and sends a single message with an infected document
attached directed to each set of 50 addresses. There's a
separate message for each address book you have. The
message appears to come from you and even uses your name
in
the heading:
FROM: <shows your email name and address>
TO: 50 contacts from each address book you have in Outlook
SUBJECT: Important Message From <then inserts your name,
from Word's settings)
BODY: Here is that document you asked for ... don't show
anyone else ;-)
ATTACHMENT: the infected document is added to the outgoing
message.
This method of distribution only happens the first time
the
macro is run on a computer. Most people only have a
single
address list in Outlook (the Contacts folder), but if you
have more then the Melissa virus will grab 50 contacts
from
each of them. A contact can also include a group of email
addresses in a corporate mail system group or a group of
addresses created in Outlook 2000, so the infection
message
could go out to many more than 50 people.
The message could be sent every time an infected document
is opened in some cases. Paranoid (i.e. wisely cautious)
system administrators who have implemented Windows user
profiles with stringent security may have prevented write
access to the HKEY_CURRENT_USER part of the registry. In
these cases, the registry key will not be set by the
Melissa virus, so it will always trigger the 'send
infected
document from Outlook' part of the virus code.
Whether you have Outlook or not (but do have Word 97 or
Word 2000):
- your copy of Word is infected and any documents or
templates you open will get the virus added to them.
This
includes your normal template (NORMAL.DOT the basis for
all Word documents) and active document.
- On top of all that the virus plays a simple prank each
time it is run, but only if the minute it's run matches
the day of the week. For example if the macro is run
12:29 on the 29th of the month. When that happens it
will type " Twenty-two points, plus triple-word-score,
plus fifty points for using all my letters. Game's
over.
I'm outta here." into your document.
If the Melissa virus has infected your global template
(usually NORMAL.DOT) then it run from there each time a
document is closed as well.
HOW TO PROTECT YOURSELF FROM MELISSA ~~~~~~~~~~~~~~~~~~~
If you receive an email message fitting this description
you should delete it immediately and advise the sender
that
they have been infected:
SUBJECT: Important Message From <then inserts your name,
from Word's settings>
BODY: 'Here is that document you asked for ... don't show
anyone else ;-)'
plus an attached Word document of ANY name.
The other advice for protection from Melissa is the much
same as any macro viruses. It is important and should not
be ignored. Since the level of protection supplied by
Microsoft within their products is rudimentary, you have
to
take your own precautions.
Firstly make sure the inbuilt macro guards (such as it is)
is turned on:
Word 97, go to the menu option Tools | Options | General |
Macro virus protection and check the box ON.
Word 2000, go to the menu option Tools | Macro | Security
and make sure the Security Level is set to MEDIUM or HIGH.
The dialog box explains what each of those settings means.
But this isn't complete protection - all it does it give
you a warning that any document or template you open has a
macro in it. The macro may, or may not, be a virus.
Word 97 gives you no idea what they are - just the choice
to Enable or Disable the macros. Unless you are absolutely
sure the document doesn't have a virus, you should click
on
"Disable Macros". This will open the document but not run
any macros, good or bad. Or you can click on the Cancel
button which closes the document, then run your updated
anti-virus software over the document to see if it has any
viruses.
ANTI-VIRUS PROGRAMS
Which brings us to anti-virus software - you do have an
anti-virus program running on all your computers right?
If
you don't then you're really asking for trouble. Just as
bad is having an anti-virus program but don't using it or
keeping the virus information (sometimes called signature
files) up to date. Don't rely on some older version of
anti-virus software - even with the latest virus updates,
older anti-virus programs can't recognize or remove the
newer types of macro viruses present in Office 97 and
Office 2000.
Any of the popular anti-virus programs are fine - they all
make claims about being the best or most comprehensive but
in reality they all cover the same territory. In the case
of Melissa, all the main anti-virus companies have updates
to their program covering this new virus within hours.
One
company has made the boast that they have the 'first and
only' Melissa virus protection - if that claim was true,
it
was only true by a matter of a few hours at best.
You can get updates from the anti-virus software's web
sites like:
Frisk Software / F-PROT
ftp://ftp.complex.is/pub/macrdef2.zip
Symantec / Norton Anti-Virus
http://www.symantec.com/techsupp/mailissa.html or choose
the LiveUpdate option to get the latest update. Symantec
calls it W97M_Mailissa.A
Network Associates / VirusScan
http://vil.mcafee.com/vil/vm10120.asp
TrendMicro
http://www.antivirus.com/vinfo/security/sa032699.htm
AVP AntiViral Toolkit Pro
http://www.avp.com/melissa/melissa.html
There's a comparison of two major anti-virus programs
(Norton Anti-Virus and McAfee VirusScan) at
http://chkpt.zdnet.com/chkpt/hud0007500a/www.zdnet.com/pccom
p/stories/all/0,6605,383037,00.html
Whichever software package you use make sure it includes
the Melissa virus (called W97M/Melissa.A or
W97M.Mailissa.A) - look in the list of viruses in the
software or check the web site to ensure that the update
explicitly includes this latest virus.
When you have up-to-date anti-virus software then you
must:
- Make sure it's set to check documents as you save, open
or download them. Most good anti-virus products offer
this option (i.e., one which checks files as soon as
they
are accessed for whatever reason) but you may have to
explicitly turn this option on.
- Do a scan over all your hard disk drives (this may take
sometime, maybe run it overnight or during lunch)
- Schedule regular automatic checks, most anti-virus
packages will offer to do this during installation.
FREE TRIAL ANTI-VIRUS SOLUTIONS
If you don't have any anti-virus software, this news
should
prompt you to get something fast. Here's two options that
were recommended by PC Computing magazine in their feature
on the 'Best 1,001 Downloads'.
Symantec offer a 30 day trial copy of Norton Anti-Virus
software available for download from
http://chkpt.zdnet.com/chkpt/hud0007500a/hotfiles.zdnet.com/
cgi-bin/texis/swlib/hotfiles/info.html?fcode=000SF4&b=pccomp
Thunderbyte Anti-Virus is also available from
http://chkpt.zdnet.com/chkpt/hud0007500a/hotfiles.zdnet.com/
cgi-bin/texis/swlib/hotfiles/info.html?fcode=000006&b=pccomp
F-Prot is a widely respected anti-virus tool and one of
their experts has kindly helped WOW with information
towards this issue.
http://www.complex.is/f-prot/f-prot.html
ONGOING PROTECTION
You MUST get regular updates to your virus information
from
the maker of the anti-virus software. The Melissa virus
isn't the first macro virus and it sure won't be the last.
New viruses are coming out all the time, though most don't
spread as fast as Melissa has.
Check your anti-virus software for any automatic updating
facility that's available. For example, Norton Anti-Virus
http://www.symantec.com/avcenter/ has the LiveUpdate
feature which can grab the latest virus information from
their web site and automatically update their program on
your computer.
You should also make sure you have the latest version of
Microsoft Word 97. The latest Service Release 2 for
Office
97 ( see
http://chkpt.zdnet.com/chkpt/hud0007500a/www.zdnet.com/zdhel
p/office_help/wow98/wow_sr/091998_01.html
) included some largely unheralded features to slow the
spread of macro viruses. It didn't stop the Melissa
virus,
but just having the SR-2 version of Word 97 can stop some
viral nasties.
OPENING EMAIL ATTACHMENTS
The most important protection you can provide for you and
other computer users (family, workmates etc) is knowing
how
to safely deal with incoming email attachments so you
don't
infect your computer or spread nasties to others.
Reading email usually isn't a problem, but attachments to
email (like any other document or program you receive) can
contain a virus.
Before opening ANY email attachment you should check it
for
nasties. That means ANY attachment from ANYONE. As the
Melissa virus has shown an innocent message from someone
you know and trust can be infected, not only because the
message was sent from their computer without their
knowledge or consent.
For ALL attachments you should save them to your disk,
scan
them for viruses before opening. Some anti-virus packages
will do this automatically if you open or save to disk a
file, but here's the slow, but cautious way if you're not
sure:
In Outlook click on the attachment icon and you'll get the
familiar Opening Mail Attachment dialog. Choose 'Save it
to disk' (NOT 'Open it') and select a temporary directory.
Then open Windows Explorer and locate the file you just
saved and run the anti-virus program over the file (most
of
them offer this as an option on the right mouse menu).
There are more automatic ways, but that's what you can do
today with any current anti-virus program. A properly
up-to-date anti-virus package which is properly configured
to check files as you access them should be enough for
desktop users. Other options include anti-virus packages
that integrate with email programs to automatically scan
incoming messages and attachments for virus nasties.
Remember that it's not just the Melissa virus you should
be
worried about. There are plenty of other Word and Office
macro viruses around that can be carried by any Office
document or spreadsheet and new ones are certain to appear
in the future.
---> JOIN WOW, hear the latest Office news FREE and FIRST
<---
Send blank email mailto:[EMAIL PROTECTED] or
http://www.woodyswatch.com/wow/
And don't forget our free WINDOWS newsletter
http://www.woodyswatch.com/www/ or
mailto:[EMAIL PROTECTED]
PROTECTING CORPORATE MAIL SYSTEMS FROM MELISSA
Corporate mail systems should have anti-virus packages
running on their mail servers in an effort to block virus
infected attachments before they reach staff. If your IT
manager doesn't have such protections in place you can bet
he/she will be when the story of the Melissa virus gets
around. Some makers of corporate mail anti-virus solutions
include: Network Associates http://www.nai.com/, Trend
Micro http://www.antivirus.com/, Symantec
http://www.symantec.com/avcenter/, Content Technologies
http://www.contenttechnologies.com/, Sybari
http://www.sybari.com/ and Data Fellows
http://www.datafellows.com/ .
If the mail system has email scanning software (either at
the Internet gateway or on a proprietary server) IT
managers should obtain updates immediately to intercept as
many of the infected messages as possible before they get
a
chance to spread.
Whether your organization has email scanners or not, they
should get the scanner updates out onto their desktop
machines right away so there's protection at that level
too
(remember infection can occur in any document, however
it's
delivered).
This is a good time to check that anti-virus scanners are
configured appropriately to detect the temporary files
extracted from the email program before opening
attachments.
Of course, all servers or workstations that contain shared
documents should be scanned with the latest anti-virus
program to make sure there's no virus infection already
present in other documents.
If you run Exchange Server, administrators should consider
disabling users' access to mailing list addresses (i.e.,
local mailing lists maintained on their servers). The
reason for this is that if any of the first 50 addresses
the Melissa virus pulls from the Global Address Book (eg
from the server in an Exchange/Outlook setup), you get a
multiplicative effect. This is probably what has been
causing most of the problems resulting in the stories of
Exchange Servers "crashing".
Microsoft does have on its ftp site a set of utilities for
Exchange Server administrators
ftp://ftp.microsoft.com/transfer/outgoing/bussys/mail/meliss
a-virus.zip
(1.1MB) to remove and guard against Melissa messages. But
these utilities have probably not been fully tested and
you
should probably check with MS Support before using these
tools on your servers.
It has been reported that the makers of Sendmail - the
predominant tool for routing mail across the Internet -
has
a modification that will remove Melissa created email
messages. Check their web site http://www.sendmail.com
for
any further details.
There's more advice for network administrators on dealing
with the Melissa virus at
http://chkpt.zdnet.com/chkpt/hud0007500a/www.zdnet.com/zdhel
p/stories/main/1,5594,2233123,00.html
IF YOU ARE INFECTED BY THE MELISSA VIRUS
Firstly, don't panic. The Melissa virus is a nuisance but
it doesn't destroy any documents (some viruses do). It'll
take a little time to remove the virus from your computer,
but there's no lasting damage.
Second, clean all infected documents from your computers
hard disk drive. This is easy to do with any current
anti-virus program, it will scan all the documents saved
to
your drives and remove any known viruses it finds (since
Melissa is very new it's vital that you have the very
latest anti-virus update). Make sure the anti-virus
scanner checks all your disk drives, not just drive C,
including any folders you share with workmates. That also
includes any network / file servers you have access to
(though your network manager might check them separately).
Third, remove any infected documents from your email
program - both the Inbox, Sent Items and any other folder
you may have moved a message to. You are only concerned
with messages that have attachments and that normally cuts
down the possible messages quite a lot. In Outlook you can
see email messages with attachments by the little
paperclip
icon. If the message is junk (like a message created by
the
Melissa virus itself with the subject line "Important
message from <a name or your name>" ) then just delete it.
If it's a document you need to keep then save it to your
hard drive and scan it with anti-virus software to see if
its infected (if you have anti-virus software that works
within your email software then use that instead). Make a
note of whomever sent you an infected document and advise
them.
Fourth, reverse the Word settings that the Melissa virus
changed.
In Word 97 check the following menu settings:
* Switch Tools | Options | General | Confirm Conversion at
Open - ON
* Switch Tools | Options | General | Macro virus
protection - ON
* Switch Tools | Options | Save | Prompt to save Normal
template - ON
In Word 2000 check the following menu settings:
* Change your macro security level to MEDIUM (meaning you
can choose to run macros or not) or HIGH.
You may be tempted to remove the Melissa registry entry to
totally clean up, but don't because that entry will
prevent
the virus payload triggering another batch of outgoing
infected documents in the event of a re-infection and or
new, trivial variants on the original Melissa virus.
There are some other changes that are less easy to do.
Coming soon to ZDnet is a special utility to tidy up after
a Melissa infection made by our own VBA expert, Claude
Almer. Keep an eye on http://www.wopr.com/ or the other
ZDnet links for this 'Tidy Up' download.
Lastly, notify anyone who may have received an infected
document from you. Look in the 'Sent Items' folder in
your
email program and see if any documents have been sent out.
In Outlook you can see email messages with attachments by
the little paperclip icon. If any attachments have gone
out since, say Thursday 25th March 1999 (unless you know
exactly when you were infected) either sent by you
personally or part of the message that the Melissa virus
makes and sends - send a polite message to all the
receivers notifying them that they may be infected and
suggesting that they check their systems and delete any
infected files. You can point send them a copy of this
issue of WOW to give them Melissa virus details.
It's a bit embarrassing to admit that you may have
infected
others with a computer virus, but it's far better to give
other people a friendly warning than leave them in the
dark, at risk of virus infection and spreading a macro
virus even further. To stop rumors and unnecessary panic
do
not "broadband" warnings to lots of unaffected people
about
this or any other virus. Just warn the person/s who sent
the virus to you and the people who have received it from
you.
If you're on a network don't forget to warn anyone that
you
share documents with and notify your network administrator
/ IT manager or Help Desk so that know to scan any
documents on file servers and perhaps update anti-virus
scanning on the organizations mail system. Only
appropriately authorized staff should send any kind of
"security warning" or "alert" message within an
organization. End-users should only be sending such alerts
TO the appropriate security managers, Help Desk, IT Staff,
etc - let them handle passing the news to the rest of the
company in a systematic way.
MELISSA RUMOR DEBUNKING TIME
As usual there's some false stories surrounding the
Melissa
virus and we'd like to debunk some of these:
- Any Word 97 / 2000 document can be infected. Most
commonly to date the Melissa virus is found in a
document
called LIST.DOC which has a list of pornographic web
sites (it came from the alt.sex newsgroup) Contrary to
some reports the infected document does not have to be
of
that name or content.
- The virus is mainly spread by email (because of the
action it takes) but you can be infected by ANY Word 97
or Word 2000 document, however you receive it. Any
document you open in Word could be infected - regardless
of its source or how it's delivered to you.
- Just reading an email message won't hurt in this case -
the virus is in the Word document attached to the email
message and you have to open the document and enable the
macros to be infected.
- Not using Microsoft Outlook isn't a protection against
this virus - Outlook just enables speedy distribution of
infected Word documents. Other email programs are just
as capable of sending infected documents - just not
automatically and en masse. Anyone using Word 97 or
Word
2000 can be infected by this - or anyone of a range of
macro viruses.
- The virus does not directly infect corporate mail
systems
- i.e. Exchange Server, cc:Mail etc are not 'infected'
directly. The virus's ability to grab 50 or more
addresses and send a potentially large document to many
people quickly (and for the receivers to send the
infection on to others) acts like a chain reaction. It
can quickly overload a mail system with so many large
messages. Add to that the 'I didn't send that'
follow-up
messages etc and even the best corporate mail systems
can
be brought to its knees. If you think it can't happen to
you, think again. Already Microsoft, Intel and other
organizations have been swamped with infected email.
- The virus doesn't work in Word 95 (Office 95) or Word 6
(Office 4), this is a virus written in VBA only.
- The Melissa virus does NOT (repeat NOT) use Outlook
Express, the email program that comes with Internet
Explorer or Windows 98, to send out infected documents.
Contrary to some incorrect media reports, only Microsoft
Outlook can be called by the Melissa virus.
- There have been some reports of a Microsoft patch for
this problem already released. As at publication there
had been little comment at all from Microsoft - in fact
the silence is deafening. Certainly there's no fully
tested patch available - the links we've seen to the
supposed patch have actually been for a known 'Word 97
Template' problem that, while serious, has nothing to do
with the Melissa virus. Keep an eye on
http://officeupdate.microsoft.com/ for any comments
from Microsoft.
- Microsoft does have on its ftp site a set of utilities
for Exchange Server administrators
ftp://ftp.microsoft.com/transfer/outgoing/bussys/mail/meliss
a-virus.zip
(1.1MB) to remove and guard against Melissa messages.
It
includes a small macro to 'clean' up the Melissa virus
from Word - but the utility doesn't do a complete job
and
could give users a false sense of security. None of the
contents of this file has been publicly announced at the
time of writing which suggests that it's a temporary
download that has not been fully tested.
- Not so much a rumor as Melissa virus trivia. The
Scrabble reference in the text inserted by the virus is
actually a quote from 'The Simpsons' animated TV show.
In the episode 'Bart the Genius', Bart says those words
after 'winning' a game by creating the word 'Kwyjibo'.
KEEPING UP WITH MELISSA ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The best place to keep up with any more news about the
Melissa virus is on the ZDnet web site. ZDnet and ZD News
have been working all through the weekend to provide
detailed coverage of the problem ready for the potential
problems of the coming week.
http://chkpt.zdnet.com/chkpt/hud0007500a/www.zdnn.com/
WOW's own editor, Peter Deegan, was asked to contribute to
the ZD effort and you'll see his article (based on this
issue of WOW) already available at
http://chkpt.zdnet.com/chkpt/hud0007500a/www.zdnet.com/zdhel
p/stories/main/0,5594,2233116,00.html
There's special advice for network administrators on
dealing with the Melissa virus
http://chkpt.zdnet.com/chkpt/hud0007500a/www.zdnet.com/zdhel
p/stories/main/1,5594,2233123,00.html
WOW editor, Peter Deegan will also be hosting a special
web
forum on the Melissa Word/Outlook virus on ZDnet this week
- you can join in at
http://chkpt.zdnet.com/chkpt/hud0007500a/f5.dejanews.com/fra
meset/frameset.cgi?channel=cc&forum=news
look for the thread called 'ALERT: E-mail virus attacking
Outlook/Word'.
Peter Coffee from PC Week explains why we should not be
surprised at this turn of events. "The result ... has been
a collection of breakthrough power tools that are notably
lacking in elementary safety features."
http://chkpt.zdnet.com/chkpt/hud0007500a/www.zdnet.com/zdhel
p/stories/main/1,5594,2233128,00.html
Rob Rosenberger's Computer Virus Myths web site is always
a
good place to look for the straight scoop on the latest
virus scares. http://kumite.com/myths/
Of course, Woody's Office Watch will continue to watch the
situation and let our readers know of any developments
plus
Microsoft Office news / virus alerts in the future.
CREDITS
Many thanks to Vesselin Bontchev from FRISK Software
International http://www.complex.is/, Nick Fitzgerald from
Virus Bulletin http://www.virusbtn.com/ and Claude Almer
(Woody's Office Watch's regular VBA columnist) for their
help and advice at very short notice. Of course, any
errors are WOW's responsibility entirely.
---->> WOPR -- SUPERCHARGE WORD -- WOPR <<-----
Woody's Office POWER Pack is THE way to make Word better
Better Enveloping, document management, toolbars,
duplex and other fancy printing - plus lots more!
Available for Word 2, 6, 95 and 97 (for Windows)
>> FREE TRIAL: http://www.wopr.com/ <<
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Y O D A - Y O D A - Y O D A - Y O D A -
Y O D A
"Your Office Devil's Advocate" is an independent column
from a long time computer user. As his pseudonym
suggests,
Yoda takes a contrary position.
'PRANK MACROS' COME HOME TO ROOST ~~~~~~~~~~~~~~~~~~~~~~~~
There's a certain amount of poetic justice in seeing
Microsoft's own systems being crippled by an Office virus.
For years Microsoft has done the absolute minimum about
macro viruses even though the problem is entirely of their
making in the first place.
When Redmond first put programming capabilities into Word
and later Office it totally ignored the possibility of
malicious use. Practical measures could have been taken
from day one, instead Microsoft did nothing.
Later, macro viruses first appeared for Word 6 and
Microsoft tried to ignore and belittle the problem. They
insisted in calling these viruses 'prank macros' in an
effort to spin doctor the problem away. But no amount of
media management could change the fundamental technical
problem that Microsoft had created. Microsoft itself has
posted infected documents on its web sites and on company
CD's - WOW has had to publish warnings to the public on
several occasions!
It took until Office 97 for Microsoft to put some
so-called
'Macro Virus Protection' into their products. But, as WOW
has mentioned many times, this 'protection' is just a
warning about the existence of macros with no details
given
about what the macros are. You're given a blind choice
'all or nothing'.
To make matters worse, Word 97 had a new document format.
The technical details of that format were not made
available to anti-virus software makers until months after
Word 97 was released. This made it impossible for the
anti-virus developers to provide proper detection and
removal tools for Office 97 from the start. And to add
insult to injury, the Word 97 wide beta test actually
'evolved' some existing viruses into new forms that worked
under VBA and Word 97!
The new 'digital signature' system for 'trusted' macros in
Office 2000 is so full of holes as to be almost useless.
In fact it's worse than useless because Microsoft's
foolish
boasts about the new product could give customers a false
sense of security.
If it wasn't such a serious problem, it would be funny to
watch Microsoft try to spin doctor the Melissa virus in
the
coming week. Given the trouble it's caused directly to
them, it'll be amazing to see how they will try to pretend
the problem isn't as serious as it really is.
The staff of companies like Microsoft, Intel and Lucent
have been caught by this simple virus, presumably these
people have above average computer skills and they should
not have been suckered in. But they were and that shows
how poor the virus safeguards really are in Microsoft
Office. If their well trained, knowledgeable staff can get
caught, what chance does the average user have?
Microsoft is already saying that people should be
responsible for what they run on their computer - the
standard Microsoft cop out - blame the customer. In
truth,
Microsoft has provided a loaded gun to their customers,
the
gun has gone off for thousands of customers and now it has
blown up spectacularly in Microsoft's own hands.
Other than that, Microsoft has been conspicuously silent
since
this problem arose last Friday. While they may have been
working
on Exchange Server matters privately -- there's been a
reprehensible failure by Microsoft to alert their
customers
quickly. Presumably we'll see some announcements as the
week
goes on, but that will be after many more Office customers
have
been caught in the Melissa trap. Redmond will probably
wait
until Monday in the US -- hours after most of the world
has
returned to work (with Melissa messages waiting for them).
But don't expect any great change in corporate attitude to
macro viruses now. Microsoft will ignore this problem,
just like they've ignored all the other virus problems.
They'll keep putting in piecemeal, half-baked fixes aimed
more at winning the public relations battle instead of the
anti-virus war.
Agree? Disagree? Address your responses to
mailto:[EMAIL PROTECTED]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*** THE FONT PHAROS has packed his bags and moved to
Woody's WINDOWS Watch - WWW , WOW's companion newsletter
on
Microsoft Windows. To join at the same address as you use
for WOW click on this link
http://lists.dundee.net/www/wow2www.cgi?email=RangerTP@bigfo
ot.com
ENTERTAINMENT NICHE ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
As this issue of WOW was prepared we amused ourselves
with:
Music: 'Island Life' - Grace Jones
BACK ISSUES? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Did you miss the first issues of WOW? Drop by
http://www.wopr.com/wow/wow.htm#SubServ where all back
issues are stored. You can also download self-extracting
archives of back issues and search the WOW issues online.
If you don't have Web access, send mailto:[EMAIL PROTECTED]
for instructions on how to get back issues via email.
WOODY's CONTACTS in North America or Australia ~~~~~~~~~
WOODY products are available from authorized outlets:
North America:
Advanced Support Group,
11900 Grant Place, Des Peres, Missouri 63131
Ph:(314)965-5630 Fax:(314)966-1833
mailto:[EMAIL PROTECTED]
Australia, New Zealand, Asia:
My Computer Company
1 Allen St (PO Box 114)
Glebe NSW 2037 Australia
Ph: (02) 9692-9322 mailto:[EMAIL PROTECTED]
Fax: (02) 9692-9485 http://mcc.com.au/
All Woody's books and software are available from his
Aussie outlet.
Sales of Woody's books and software help support the
considerable costs of writing and distributing WOW as a
free bulletin each week. Help keep WOW alive and free by
buying Woody's products.
ADMINISTRIVIA, subscribing, unsubscribing etc ~~~~~~~~~~
This copy of WOW was originally sent to:
[EMAIL PROTECTED]
Join, Leave or change address from our Web site
http://www.woodyswatch.com/wow/
Note: replying to any issue of WOW to unsubscribe or
comment will NOT work and your message will not be read by a
human. Use the appropriate address or web page above
instead.
Back issues : http://www.wopr.com/wow/wowarch.shtml and
also at the ZDnet Help Channel
http://chkpt.zdnet.com/chkpt/hud0007500a/www.zdnet.com/zdhel
p/filters/office/wow/
WOW reader comments: to the appropriate columnist or
mailto:[EMAIL PROTECTED]
ADVERTISING:
Reach Office and Windows users throughout the world at
very reasonable rates ... http://www.mcc.com.au/wow/ad.htm
mailto:[EMAIL PROTECTED]
WOODY's WINDOWS WATCH
is our companion FREE newsletter that gives you all the
skinny on Windows. To join at the same address as you use
for WOW
http://lists.dundee.net/www/wow2www.cgi?email=[your_email_ad
dress.com]
Visit our web site http://www.woodyswatch.com/www/ or
mailto:[EMAIL PROTECTED]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOODY's OFFICE WATCH - Copyright 1999, ISSN 1328-1674
Pinecliffe International and Peter Deegan. All rights
reserved.
REDISTRIBUTION is allowed only with permission. You may
circulate copies of WOW by _manually_ forwarding it,
providing (1) you forward the issue in its entirety, (2) no
fee is involved, and (3) you forward no more than three
issues to any one individual.
After that, please encourage your correspondents to send
e-mail to [EMAIL PROTECTED] to get their own *free*
subscription.
Everyone is welcome! Tell your friends about WOW!
=======================================================
W-O-O-D-Y-S--O-F-F-I-C-E--W-A-T-C-H
---
You are currently subscribed to wow as:
[[EMAIL PROTECTED]]
_______
To unsubscribe, send "unsubscribe rangernet" to [EMAIL PROTECTED]
"Eat the hay & spit out the sticks!" RTKB&G4JC!
Autoresponder: [EMAIL PROTECTED] http://rangernet.org
