lotus

previous page: 7.7 Esperanto.4733 (Viruses and the Mac)
  
page up: Viruses and the Mac FAQ
  
next page: 8.2 Disinfectant (What's the best antivirus package for the Macintosh?)

8.1 Microsoft's Protection Tools (What's the best antivirus package for the Macintosh?)




Description

This article is from the Viruses and the Mac FAQ, by David Harley D.Harley@icrf.icnet.uk with numerous contributions by others.

8.1 Microsoft's Protection Tools (What's the best antivirus package for the Macintosh?)

Microsoft's Macro Virus Protection Tools originally detected
Concept (Nuclear and DMV were also mentioned in the documentation,
but were not identified specifically by the tools). Principally,
they merely warned users that the document they are about to open
contained macros and offered the choice of opening the file without
macros, opening it with macros, or cancelling the File Open. Later
implementations built into the application are better on
identifying a few specific viruses and on integration into Word
itself, but should not be relied on for 100% effective detection,
blocking and disinfection of macro viruses. More information from
Microsoft may be available at the addresses below.
<http://www.microsoft.com/office/antivirus/> (no longer accessible)
MSN: GO MACROVIRUSTOOL
AOL: the Word forum
CompuServe: the Word forum
Microsoft Product Support Services
206-462-9673 (WinWord)
206-635-7200 (Word Mac)
email: wordinfo@microsoft.com

NB The Protection Tool traps some File Open operations, but not
all. There are a number of ways of opening a document which bypass
it, some of which are rather commonly used (e.g. double-clicking or
using the Recent Documents list).

The Protection Tool can be used to scan for Concept-infected files,
but there are a number of possible problems with it.

* Earlier versions could only handle a limited size of directory
tree, and ran very slowly if a large number of files required
scanning. Speed is certainly still a problem: I can't say about the
overflow problem.
* Files created in Word for Windows won't be scanned until they've
been opened in Word 6 for Mac (this is a system issue, not a bug in
the code). However, Microsoft suggest that you open the file in
Word for the Macintosh and save it before scanning. This will do
the job, but will also infect your system, if the file is infected.
If it's infected with a virus -other- than Concept, this could
create problems if the Protection Tool is bypassed on a subsequent
file open.
* Infected files embedded in OLE2 files or e-mail files will not be
detected.
* The Microsoft tools are not useful on non-English Windows systems
(which may be run under Virtual PC or Real PC). SCANPROT cannot
handle non-English documents, and will hang during the scanning
process if it encounters a document created with a non-English
version of Word. Microsoft's Excel add-in for the Laroux macro
virus causes multiple file open buttons to appear in non-English
versions of Excel, and so it has worse effects than the macro virus
itself. Again this applies to Windows emulation; however, most
virus protection and detection products are only tested in an
English language environment, and may cause problems on non-English
systems. [Thanks to Eric Hildum for this information.]

Windows 95 users should be aware that SCANPROT is not recommended
for use with MS Word 7.0a for Windows with internal detection
enabled, as these two tools will cancel each other out.

The Excel add-in for Macs removes only Laroux A and B.
<http://www.microsoft.com/macoffice/laroux.htm>

Office 98 moves the goalposts again. This issue will probably be
addressed again here in more depth. In brief, Office 98 does a
better job of implementing a primarily generic approach [i.e. "If
it contains macros, it's suspicious: sort it out yourself...."],
but whether this is enough is a question demanding more space and
time than I have to spare right now. Office 97/98 include limited
detection of a handful of known viruses during upconversion of
macros. This is poorly implemented and in any case is only triggered
when macros are converted to VBA from WordBasic. Vesselin Bontchev
has considered macro upconversion at some length in papers for
Virus Bulletin and EICAR conferences.

Microsoft's home page has recommended using an ICSA-certified
antivirus utility and sidesteps any hint of responsibility for any
macro virus or SCANPROT related problems. However, ICSA does not
currently certify Mac products, though this is being looked at.

 

Continue to:













TOP
previous page: 7.7 Esperanto.4733 (Viruses and the Mac)
  
page up: Viruses and the Mac FAQ
  
next page: 8.2 Disinfectant (What's the best antivirus package for the Macintosh?)