Why Access Macro Viruses Will Never Become A Problem. By VicodinES /CB /TNN It was only a few months ago that Jerk1N brought us the first ever Access macro virus. This was a huge accomplishment. Jerk1N was able to embarrass Microsoft and blaze a new trail for macro viruses, he deserves much credit for it. The idea itself and then making it happen was a great feat. How prevalent will Access macro viruses become? Will everyone become "virus shy" every time they open a .mdb file? Nope. There will never be an Access virus epidemic. How can I be so sure? First let me tell you my credentials. I wrote the second Access virus ever, Detox and I wrote the first ever cross-application macro virus, Cross.Poppy, that infected both Word 97 and Access 97. It wasn't possible to write code that would work 100% in both Access and Word so Cross.Poppy basically *jumped* from application to application. For all intensive purposes it is a cross-application virus. Now that have I have told you what I have done with Access macros you should be able to trust what I am about to tell you. Access viruses will NEVER become a real problem for many reasons. The main one is that very few people share Access databases. Most of the time a database is created, updated and stored in one location. Very rarely will someone send you an Access database so even if you had an infected database it would have almost no chance of finding another mdb to infect. Another problem is that there is no way for an Access virus to become resident in a default template. In Word macro viruses reside in the normal.dot and in Excel macro viruses reside in the personal.xls (or the startup directory). Becoming resident in a default template is what has made the Excel and Word macro viruses so successful. Access has no normal template for a virus to attach to and it does not load anything from a starup directory. There are Access database wizards from which new databases can be generated but these are mde files not mdb's and mde files are locked. A locked mde can not be infected. It may be possible to convert a mde to mdb, infect it and then convert it back but the only method I have seen that *attempts* to do this 1) didn't work correctly 2) was VERY noticeable. Since there is no way for an Access virus to become resident it must seek-and-infect new files. This direct action would not be a problem if it was looking for common files but how many mdb files do you have on your hd? Not many I assure you - even if you do use Access. So a *good* Access virus must find something to infect and that could mean searching the ENTIRE hd. Do you think you would notice that it took 2 full minutes for your database to open each time you wanted to use it? Yes I think you would, unless you were an idiot. As time passes and the "Access Virus Hysteria" passes you will see AVP and others add new Access viruses to their virus lists but I would bet my life you will never see an Access virus on the wild list Also I am reasonably sure that AV companies will receive less than a handful of Access virus reports - and you can bet that most of these will be from the Access virus authors themselves. So give up on Access viruses? Sure, unless you just want to see how it's done for the experience but take it from me you wont be impressed. An Access virus could be written in as few as 10 lines. It's basically : Get AutoOpen Control Search For *.mdb Transfer code if any are found Quit That's it. It's that easy. Doing it the first virus ever was the hard part (props to Jerk1N for that!) but there isn't much else to do with it. Even my Cross.Poppy virus will have a hard time finding some mdb's to infect. I wrote it only to search the c:\my documents directory. Why? Because I had no idea where someone would keep an Access database. I don't use Access, I only loaded Access to write a virus :-) Peace, VicodinES -------------------------------------- Facts: ->AccessiV was the first ever Access macro virus (written by Jerk1N) ->Detox was written by me to see if I could do one better. ->I wrote Detox under the name "Sin Code IV" ->Cross.Poppy was the first every cross-application macro virus but Strange Days by Reptile/29A is the first true Office 97 macro virus and is a great piece of code!