Microsoft Pauses MS Office Macro Overhaul

Microsoft says it still plans to make a key security move with Microsoft Office, despite already having reversed it. It says it has put the changes to macros on hold to "enhance usability."

The back-and-forth involves Visual Basic for Applications (VBA) macros. In principle, these are shortcuts that automate detailed processes with multiple steps. In some cases, users will share macros as part of their work.

While macros can be very useful, they also offer a security risk. That's because a maliciously crafted macro could carry out unwanted tasks without the user knowing exactly what was happening. Meanwhile the computer could run out the full sequence of tasks as if the user had carried out each step manually.

That's a particular problem with Office files, which many users will see as inherently trustworthy.

One-Click Too Convenient

The change, which Microsoft announced in February, affects Office documents downloaded from the Internet. While macros won't run by default, at the moment users are prompted to click a button marked "Enable" to activate. Microsoft fears users are too likely to click the button without giving much thought and seeing it more as annoying nagging than a serious security concern.

The original planned change was that users won't be able to just hit a button. Instead, they will get a link to a support web page that explains how to enable macros in a file properties menu. Users will need to do this manually on a file-by-file basis.

While the change started rolling out in June, the tech world was confused when Microsoft reverted back to the original set-up at the end of the month. It even prompted speculation the company had u-turned on the changes.

Usability Concerns

Now Microsoft says: "Following user feedback, we have rolled back this change temporarily while we make some additional changes to enhance usability. This is a temporary change, and we are fully committed to making the default change for all users." (Source: microsoft.com)

Although Microsoft isn't giving more details, it seems likely it's rethinking the way users enable macros. The problem is finding a balance in which the process is just complex enough to deter users from enabling macros without giving any thought to the security risks, but not so complex that it becomes unnecessarily irritating and time-consuming. (Source: theverge.com)

What's Your Opinion?

Is Microsoft right to make this move? Have you ever enable macros on an Office file you got from somebody else? How can Microsoft balance usability and security?