WordType Designs
Driven To Distractions©
The Sound of One Hand Clapping©

A rchive Date
[ 28-01-2001 ]
Category
[ Information Technologies ]
sub-Categoy
[ Microsoft ]
      [Microsoft's snafu helps spread the Melissa virus
      An alteration in the Word 2001 file format may have lead to the outbreak of Melissa-X.
      By Woody Leonhard and Peter Deegan
      January 24, 2001

      Despite what you may have read, the recently publicized round of macro viruses was not because this latest round of infections and mass-mailings was caused by a Mac Word document, but, specifically, that it was caused by a Word 2001 format document. The format should be the same as Word for Windows, but it now turns out that it isn't.

      Word 97, 98 and 2000 for Windows can all open Word 2001 for Mac documents. Macros in those documents will run properly on those platforms so long as they do not depend on features of newer versions of VBA (or operating system specific features / functions).

      So, why should a copy of a Word 2001 document infected with a year-old Melissa variant cause trouble in a Word 2001 document?

      In short, because Microsoft accidentally (and unknown to its own developers!) altered the document file format that Word 2001 was supposed to use.

      As we understand it, Word 2001 was supposed to use the "Word 8" (i.e., Word 97) document format. Microsoft, however, changed the compiler it uses to build Mac Office between the Office 98 and Office 2001 releases. This was responsible for a field changing in one of the many internal structures in the Word document format. Minute changes in the structure of Word documents are vital for anti-virus companies to be able to do their job.

      Unfortunately, many anti-virus products depend on the item that changed in Word 2001 for Mac to locate the compiled macro code in Word documents. Word 2001 happily reads its own files (because they are "self-consistently broken" if you like). Because there are different VBA versions between all those Word versions, the non-2001 versions of Word do not try to find the compiled macros. Instead, they unnecessarily re-compile the macro source code. Thus, non-2001 versions of Word do not "notice" the broken value in Word 2001 format documents. If the macro it compiles is a virus then it's an opportunity to spread.

      As you can imagine, this document format change meant virus scanners that depend on the changed file format structure would have to be updated so they could properly handle what is effectively a new document format. Few of the affected virus scanners have been updated, mainly because Microsoft has only recently revealed it's blunder to the people who need to know.

      When Melissa.W (which runs fine under Macintosh versions of Word) got onto a Mac, into a Word 2001 document and was sent to a Word for Windows user, there was a good chance it would not have been detected. If that user enabled macros, or had previously been infected with a macro virus and not re-enabled their macro virus protection (Word 97) or macro security (Word 2000) settings, they would have started a Melissa outbreak (assuming they had Outlook installed and configured for use).

      This isn't the first time a blunder by Microsoft has caused a spread of viruses, but, as usual, the company gets off lightly. Anti-virus companies are unwilling to get Microsoft off-side by going public with this information, so instead you get talk about "new" viruses without better information on the true culprit.

      Microsoft will say the error was unintentional, and we have no doubt that's true. But the fact that it wasn't deliberate doesn't mean that the company can totally disclaim responsibility. With the smart people, resources and large customer base that Microsoft has comes the highest duty of care. Any change can have consequences that reaches far beyond Microsoft's traditionally myopic view.

      The change of complier should have directly led to a scrupulous checking of document structures among many things—these checks were apparently not done or done incorrectly. The failure to notice the effect of the change demonstrates that Microsoft doesn't include in their testing any decent checks for compatibility with existing anti-virus products. It also demonstrates, yet again, that anti-virus issues have too low a priority at Microsoft.

      Copyright (c) 2001 ZD Inc. All Rights Reserved. ZDNet and ZDNet logo are registered trademarks of ZD Inc. Content originally published in Ziff Davis Media publications is the copyrighted property of Ziff Davis Media. Copyright (c) 2001 Ziff Davis Media. All Rights Reserved. Titles of Ziff Davis Media publications are trademarks of Ziff Davis Publishing Holdings Inc.]
      Cross-Indexed:

      New document Icon


Some pages may require Adobe Acrobat Reader


Copyright and Fair Use Information: The contents of this web site is protected by international copyright laws and may not be reproduced in any form or manner whatsoever, if for the purpose of resale or solicitation of a donation. The essays included here, may be reproduced only if: 1)They are not altered in any way; 2) reproductions must be accompanied by this copyright page ; and 3) it is given freely and without charge.
Fair use: The fair use of copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified in above sections, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright. In determining whether the use made of a work in any particular case is fair use the factors to be considered include : (1) the purpose and character of the use, including whether the use is of a commercial nature or is for nonprofit educational purposes; (2) the nature of the copyrighted work; (3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole, and; (4) the effect of the use upon the potential market value of the copyrighted work.
Home | About Narrative? |Contact
Copyright © 2025. All Rights Reserved
HAG122125 (1998 -2026)