Software Macros: the Good and the Bad

Software macros allow you to automate repetitive tasks, saving time and simplifying workflows. But they have commonly been an easy way for attackers to spread viruses too. Earlier this year Microsoft began blocking Office macros in internet files by default (and then temporarily back-tracked, and then blocked once again) in order to protect against this vulnerability. So what’s the deal—should you use macros or not? Here’s a guide on how they can help or hurt your work, and the smartest ways to make use of them.

What Are Macros?

Macros are automated shortcuts that replay custom commands in given contexts, so that you don’t have to repeatedly do these actions manually. Think of keyboard shortcuts: a couple pressed keys get you a result much faster than scrolling to the menu bar and navigating to the desired action—especially if it’s an action you do a lot.

More technically, a macro is a line of code embedded inside a document that tells the software to run those commands. In Microsoft Office applications, this code is written in a programming language called Visual Basic for Applications (VBA). You can use this code to configure a macro to do just about anything you want.


Screenshot shows how to record a macro in Excel: go to View > Macros > Record Macro.

Sometimes it’s possible to create a macro without doing any actual coding. Excel is an example of an application that will allow you to record a series of steps simply by pressing a button to record, going through the workflow steps, and then stopping the recording. Your actions are then translated into the VBA code so that the macro is created. After you save the file in a macro-enabled file format, those steps will be automated the next time they need to be done.

Convenience for Workflow

As you can imagine, macros can save a lot of time once they are set up. Tedious tasks such as entering data can be made much more streamlined. Some common actions that are good to automate are styling & formatting, data & text entering, and communication between data sources. A macro can even be configured within another macro—for example, one might be set up to create a new document that contains another one to run a data sequence. This way, you can sit back and enjoy your coffee while the automation does the work.

Software Macros: the Good and the Bad 1

A Common Attack Method

The problem with macros is that they are an easy and common way to spread viruses. Just as macro code can instruct the software to perform time-saving tasks, it can also tell it to inject malware. When macros were first added to Office in the 1990s, computer technology was just burgeoning, and the exchanges (and threats) of the internet had yet to come about. As communications and file sharing expanded, malicious actors quickly realized the potential for harm in embedding automatic instructions into a file.

Image of a person checking his email

A document infected with a malicious macro can use features such as “AutoExec” to automatically start when Word does, or “AutoOpen” to automatically run anytime a document is opened. That way it integrates itself throughout Word, infecting more than just the original document. One example of an early macro attack that snowballed into a disaster was the Melissa virus in 1999. When a recipient opened a file infected with this virus inside a macro, it would gather 50 contacts in the target’s address book and forward the file to them through Outlook. When new recipients opened it, the forwarding continued exponentially, wreaking havoc and costing a lot of money like email viruses do.

When and How to Use Macros

You can see that macros can be very helpful and, under the wrong conditions, very harmful too. A good rule of thumb is to only use the macros that you configure yourself, so you know what its instructions are. This is why Microsoft has blocked files with macros by default when they’re sent online—there’s too much of a chance that someone has slipped malicious code into them. If you do get a file that you know is safe and you want to unblock it, you can go to the file properties, and under security, click unblock. (And, should Microsoft change this default again, you can set your own auto-blocking of internet files by following these directions.)

As an interesting side note, macros can also be created in video games—but this is usually not a good idea since most gamers consider this cheating, and players can even be banned for doing it.

So: use macros with discretion, created by and for yourself.


Also see:


Leave a Comment