No, it's a usability problem. People use it with full Admin rights and then are amazed that when they run something from an untrusted source their computer gets pwned.
Or are you implying that Linux is immune to this? Because it's not. This is equivalent to running a bash script downloaded from internet with root privileges and then writing that you pwned Linux. Remember, VBA IS!!! a programming language, having the same access as any other programming language (tied to your user).
Now if this guy would've ran this macro using a normal user and then the computer would've been pwned, now that's a privilege escalation.
To argue against this, a Word document has no business running arbitrary code with access to system drivers. I think it's more like opening a document in GEdit and realizing that your whole system got hacked.
> Macros were another billion dollar mistake: [link stating ransomware costs economy $265 billion in 2030, linking to study that says currently it's $20 billion per year globally]
So even if we say that Office Macros were responsible for half of all ransomware infections, I'm not convinced the world economy doesn't benefit more than $20 billion per year from Office Macros. Many businesses basically run on macro-enhanced Excel spreadsheets.
And a Word document is not running arbitrary code at all. Is running the code that was programmed in it. As for if that code gets to run at all, that depends on the configuration of the system. Do run it using a user that has no access to write/delete files and you'll see that the most malicious macro is benign.
>Do run it using a user that has no access to write/delete files and you'll see that the most malicious macro is benign.
It could retrieve work from a server to start long running processes that mine cryptocurrency. And scan every IP/port on your local network and use metasploit to send matching exploits to everything it sees. And then hijack a local process running under a different user with disk write permissions.
I would like to see macros restricted similar to Javascript in the browser. You can still run code and manipulate local data, but you don't get any direct access to the host OS. No disk access, no registry access, no way to create a process, only able to calculate things and change the document itself. And there must be no checkbox to disable these protections.
All of the above means a poorly configured system. A correctly configured Windows system would not allow any of that to happen.
1- For network privileges you can restrict user to strict network location and nothing else.
2 - For scanning it also needs privileges that can be restricted using policies.
3 - Can't send anything if it doesn't have the correct privileges.
Who's stopping you to create your own version of VBA, release it and replace Microsoft Office suite with your own defined version as you said. And in the process of doing this you'll become billionaire too.
Until then, a correctly configured Windows system is immune to all of the above.
Not sure how it looks like nowadays, but during the early days of Mac OS X going mainstream, a common question on forums was how to run as root by default, some people never learn.
Or are you implying that Linux is immune to this? Because it's not. This is equivalent to running a bash script downloaded from internet with root privileges and then writing that you pwned Linux. Remember, VBA IS!!! a programming language, having the same access as any other programming language (tied to your user).
Now if this guy would've ran this macro using a normal user and then the computer would've been pwned, now that's a privilege escalation.