How to disable macros in Microsoft Office

Macros can be malicious.

How to disable macros in Microsoft Office

There are two fundamental truths that define our information society. First, computers can do some amazing things. And second, users don't share a common level of expertise when it comes to personal computing.

Let's reflect on the second point for a minute. Some people don't know how to code in HTML, debug a program, or navigate the many menus and tabs in Microsoft Word. That's not necessarily their fault. Think about it: most people just don't need technical skills to use their computers. Those users are completely satisfied by their access to a word processor, a web browser, and some other bits here and there. That's all they really need.

But there is one condition: they need it with the least amount of hassle possible.

A common shortcut in Microsoft Office for everyday users

Tech companies understand that most users want a hassle-free computing experience and have therefore designed their applications accordingly.

Take Microsoft Office, for instance.

In Word, someone can center align their text by following this set of steps:

  • Highlight the desired text.
  • Click Format in the menu bar.
  • In the drop-down menu, select Paragraph.
  • A dialog box pops up. Click the arrow next to Alignment and click Center.
  • Click OK to close out the dialog box.

But there's an easier way. Users can also just select their text and click on the text alignment buttons built into Microsoft Word. Each of those buttons is, in essence, a macro.

2010justification

What's a macro?

A macro is a computing shortcut that automates an oft-repeated task such as center aligning text in Microsoft Word.

Macros are clearly useful in that they make use of the mouse or the keyboard to save a user time with certain tasks. In that sense, they appeal to the vast majority of users who want computing to be as easy as possible.

The dark side of shortcuts

Unfortunately, not all macros are a user's friend.

There is such a thing as a malicious macro, where a bad actor creates a shortcut that when executed loads up malicious code on a computer. To prevent users from catching on, the actor usually disguises their shortcut as something seemingly mundane. Sometimes, they even use hidden macros that execute malicious code as soon as someone opens up an infected Microsoft Office document.

For example, the PowerSniff malware makes contact with its victims via a Word document that's disguised as a workplace incident report.

Malicious email 1

Once the user opens that document, the malware executes and eventually injects itself into the memory of a victim's computer.

And that's just PowerSniff. All kinds of malware, even ransomware, also use malicious macros embedded in Microsoft Office documents to make initial contact with potential victims.

Disabling macros in Microsoft Office

You never know what terrors a Microsoft Office document from an unfamiliar sender might contain. For that reason, many users may find it desirable to disable macros by default. Doing so won't block macros permanently, but in the very least, it will display a warning asking users to enable content every time they open up a document that contains macros. That gives users a choice of enabling macros if they trust the sender and keeping them disabled if they don't.

Microsoft Office disables macros by default on most of its new software versions (2016 and up). Here's where you can check to see if that's the case on a Macbook Pro.

  1. In an open Microsoft Office application, click on the name of the application and click on Preferences in the resulting drop-down menu.

Screen shot 2016 09 30 at 2.47.38 pm

  1. A dialog box pops up. Under the Personal Settings section, click on Security & Privacy.

Screen shot 2016 09 30 at 2.49.17 pm

  1. The very first item that displays is labeled Macro Security. It says it will warn the user if and when they open a document that contains macros. As I said before, macros are disabled (meaning this warning feature is enabled) by default, but it doesn't hurt to double-check.

Screen shot 2016 09 30 at 2.50.36 pm

The process for verifying whether macros are disabled on a Windows computer is similar to that which I outlined above. The only difference is Windows users have access to a Trust Center, where they can choose to enable macros for one time when the security warning appears or disable all macros by following these steps:

  1. Click File > Options.
  2. Click Trust Center, and then click Trust Center Settings.
  3. In the Trust Center, click Macro Settings, where you can make any changes you want and approve them by clicking OK.

Trust center

Legitimate macros are much less commonly encountered in MS Word and Powerpoint than they are in Excel (particularly in corporate environments). Depending on your use case, you may or may not choose to disable macros entirely. Whatever you do choose, always be cautious about opening unsolicited Microsoft Office attachments and be wary of social engineering tricks that may attempt to fool you into enabling macros.

Need more help with your macro settings? Please click here for a helpful resource page provided by Microsoft Office itself.

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Subscribe to the free GCHQ newsletter

, , ,