Understanding and Avoiding Office Viruses
You can unknowingly unleash a virus from almost any Microsoft Office application. From Outlook, you can set a virus loose by opening a dangerous e-mail attachment, from Excel, by running an unsafe macro, and from any other application through a security hole (that could have been patched with a simple Office update). However you get the virus is not necessarily the point here though, once you have a virus, you have no choice but to deal with it. Here we want to talk about avoiding viruses in the first place.
Beware of Attachments
The most common virus threats come via e-mail in the form of attachments. Attachments you receive from people you know are generally harmless. They are usually forwarded e-mails, videos, pictures, Word documents, or PowerPoint presentations. If you know the person who sent the attachment, and are expecting something from them, it is usually safe to open it. It is doubly safe if you have antivirus software running that scans all attachments before they are opened.
However, viruses can and do replicate themselves without a user's knowledge. Even if the user knows they were affected, viruses replicate so quickly through e-mail programs that that person may not have time to let you know a virus is coming your way in time anyway. That being the case, the best thing you can do is to never open e-mail attachments that contain suspicious extensions such as .exe (an executable file), .bat (a batch file), and .vbs (a Visual Basic file). There is more information on this:
Suspicious E-Mail Attachment Extensions
A file that contains a program (executable). Almost all executable files in e-mail attachments are viruses. Legitimate executable files are used to install software such as Microsoft Office or Adobe Photoshop.
A file that contains instructions (commands) that tell your computer to do something specific. COM files are created for DOS-based systems and usually run faster than executable files, and thus can cause problems very quickly. Almost all COM files in e-mail attachments are viruses.
A file that contains a Visual Basic script. Scripts are executed code that can access and modify data on your computer. Unless you work with Visual Basic in a work setting, consider all Visual Basic files in e-mail attachments as viruses.
A screen saver file in Microsoft Windows. Screen savers are safe as long as they come from valid sources. However, almost all screen saver files in e-mail attachments are viruses and should be deleted immediately.
A batch file that contains a sequence of commands for DOS based systems. Consider all batch files that come as e-mail attachments as viruses.
A program information file that contains information about how Microsoft Windows should run a non-Windows application. Consider all PIF files that come as e-mail attachments as viruses.
A compressed file and a common format for sending data via e-mail attachments. If you know the sender and are expecting a large amount of data, the attachment is probably safe. If you do not know the sender, do not open the attachment.
Another way to protect yourself from viruses that come through attachments is already configured in Microsoft Outlook by default. Outlook automatically blocks attachments that contain file types it deems dangerous. If you try to forward one of these e-mails, you will be prompted regarding the security threat as well.
Just because a filename says it is one thing does not mean it is. While many ZIP files are safe and do not contain viruses, if you are not expecting a ZIP file you should not open it. Once unzipped, it could contain and run any other file type, such as an EXE or a VBS program. In other instances, attachments ending in .doc may not be a simple Word document. In reality, it may be a macro virus. Again, the warning stands: Only open attachments from people you know and trust.
Microsoft Office helps you protect against macro viruses by using the High macro security setting as the default. It is wise to leave this security setting alone, as you will be prompted to enable macros anytime a macro is detected within a document. With this setting, you can run only those macros that are digitally signed from trusted sources, and macros you create yourself. You cannot, by default, run harmful macros. If you choose the Low setting for macros, you will not be prompted to enable or disable macros, they will run automatically.
Macros, if you are not familiar with them, are programs created to perform often-repeated steps, and are initiated with a specified key sequence such as Ctrl+A. For instance, if you insert your name, address, city, state, phone number, and e-mail address often in the Word documents you create, you can construct a macro to do it for you. Once the macro is created, you simply click a user-defined key combination to run that macro and insert the information at any time and at any place in the document.
Sophisticated and malicious macros can also be created and sent via e-mail to unsuspecting recipients. These macros attach themselves to Microsoft Office programs and can run every time you open the program or each time you hit a specific keystroke. While these macro viruses are generally more annoying than harmful (a specific keystroke may cause something "comical" to happen), they may also replicate by using your Outlook contact list, thus continuing their destruction via the Internet.
The best way to avoid macro viruses is the same way you'd avoid any other virus. Do not open attachments from people you do not know, do not install programs from suspicious sources, and do not borrow macros from people you know or download from Web sites offering free ones. Macro viruses are the most common type of Office viruses, they are becoming increasingly prevalent with the free exchange of documents, templates, and data over the Internet.
Patch Security Holes
Some viruses are specifically written to attack a computer through known vulnerabilities in software. It is therefore extremely important to protect Microsoft Windows, Windows Vista, and Microsoft Office with security patches and updates. All updates are free and can be installed automatically with little or no intervention on your part, or manually, so you stay in control.
Windows Update in Microsoft Windows
There are two ways to install updates in Microsoft Windows operating systems and Office 2007: manually and automatically. To install an update manually, in Microsoft Windows, click Start> All Programs> Windows Update. You will need to be connected to the Internet, and once at the Microsoft Update Web site, you will follow the directions listed.
Installing updates manually is not generally a good idea though, that is, unless that is the way your network administrator wants you to do it. That is because you have to remember to get the updates yourself, and most people won't remember to do that. The best way is to configure Microsoft Windows to perform the updates automatically. To configure your computer to obtain Windows Updates automatically:
- Click Start, right-click My Computer, and select Properties.
- From the Properties dialog box select the Automatic Updates tab and then configure the updates to occur automatically. Make sure the time configured for downloading is a time when the computer will be turned on and connected to the Internet. Note that if the computer is turned off at the specified time, the updates will occur the next time the computer is booted and in the end click ok.
It is generally best to configure Windows Update to download and install updates automatically.
WINDOWS UPDATE IN WINDOWS VISTA
There are two ways to install updates in Windows Vista operating systems and Office 2007: manually and automatically. To install an update manually in Windows Vista, click Start> All Programs> Windows Update. In the resulting window, you are informed if updates are available. As mentioned earlier, it is best to configure the updates to occur automatically with Vista too.
Windows Vista informs you if any updates are available, and you can download and install them manually. To configure your computer to obtain Windows Updates automatically:
- Click Start> All Programs> Windows Update and then click Change Settings.
- Configure the updates to occur automatically. Make sure the time configured for downloading is a time when the computer will be turned on and connected to the Internet and in the end click OK.
But It is generally best to configure Windows Update to download and install updates automatically.
Office Update in Microsoft Office 2007
You can use Automatic Updates to get updates for Microsoft Office 2007. If you have already done that, you do not need to gather the updates manually. However, the only way to update the suite is to do so manually. To update Microsoft Office manually:
- Click the File button in the top-left corner of any application and choose the application's Options button and then click Resources.
- Click Check for Updates.
All Office programs have an Options dialog box where updates can be manually obtained.
After getting all necessary updates, sign up for Microsoft Security Bulletins at www.microsoft.com. Perform a search for Security Bulletins and select the alerts for your operating system and Office product. You will receive alerts via e-mail.