Coffeehouse Thread

15 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Anyone still use VBA?

Back to Forum: Coffeehouse
  • User profile image
    Spitfire15

    Hey all,

    I was just thinking that if anyone still uses VBA (Visual Basic for Applications), as to me, it is a "ghost town" feature in Microsoft Office programs like Word, Access etc.

    Reason being is that, it just feels a bit empty of the amount of users using this compared to lets say VB, SQL etc.

  • User profile image
    blowdart

    Spitfire15 wrote:
    Hey all,

    I was just thinking that if anyone still uses VBA (Visual Basic for Applications), as to me, it is a "ghost town" feature in Microsoft Office programs like Word, Access etc.

    Reason being is that, it just feels a bit empty of the amount of users using this compared to lets say VB, SQL etc.


    You'll find a lot of banks using it. A lot of traders. The amount of custom excel spreadsheets used for trades and predictions is scary

  • User profile image
    W3bbo

    I wrote an entire suite of applications designed to circumvent Group Policy system restrictions in VBA. It still runs perfectly on XP-SP2 machines (except if the SP2 Firewall is enabled, otherwise the Netsend and Remote Shutdown apps I wrote don't work)

  • User profile image
    Sabot

    blowdart wrote:
    Spitfire15 wrote: Hey all,

    I was just thinking that if anyone still uses VBA (Visual Basic for Applications), as to me, it is a "ghost town" feature in Microsoft Office programs like Word, Access etc.

    Reason being is that, it just feels a bit empty of the amount of users using this compared to lets say VB, SQL etc.


    You'll find a lot of banks using it. A lot of traders. The amount of custom excel spreadsheets used for trades and predictions is scary


    Infact perhaps more than that! I used to work with well known 'Data' company (I can't drop names, i'll tell you at DDD2) adn we were trying to work it out so we could sell the info to 'interested' consultancys.

    Anyway to cut a long story short we gave up ... why?

    BECAUSE EVERY DARN FIRM WE CONTACTED HAD LOADS AND LOADS OF VBA !!!!!

    Users with half a brain are knocking this stuff at a rate of knots you wouldn't believe, this is the conclusion we've drawn.

    The issue is how many business critical applications are there out there written and supported by Business users ... that don't even have the basics, like being backed up each night!

    Someone somewhere shouldn't be sleeping at night!

  • User profile image
    AndyC

    W3bbo wrote:
    I wrote an entire suite of applications designed to circumvent Group Policy system restrictions in VBA. It still runs perfectly on XP-SP2 machines (except if the SP2 Firewall is enabled, otherwise the Netsend and Remote Shutdown apps I wrote don't work)


    Care to share them? I'm curious as to what you think can be circumvented. Especially if it can be...

  • User profile image
    mawcc

    Every Office Application has an IDE for VBA, so I guess VBA is widely used for all types of Office based applications. You can program in .NET when using Visual Studio Tools for the Microsoft Office System (VSTO), but that's relatively new.
    But I agree that MS has to make a decision on how to proceed with VBA. At the moment VBA is essentially VB 6.0, but that imho doesn't fit the .NET strategy.
    I'm curious as to what's planned for Office "12". Maybe Robert can visit the Office (VBA) team, so that they can tell us more about the future of Office as an Application Platform.

  • User profile image
    W3bbo

    AndyC wrote:
    Care to share them? I'm curious as to what you think can be circumvented. Especially if it can be...


    One policy my 6th Form implemented, at first glance, looks like an Application Whitelist policy. Users cannot run *.exe programs, not even us CompSci students (we "run" them through VB6's Debug Run command)

    ...but I saw through this and found it was just a GP preventing *.exe files not located in C:\Windows or C:\Program Files from running.

    So I wrote a VBA that copies *.exe files to the C:\Program Files folder, that's how I installed Doom and Firefox on about 20 machines... that was nearly 6 months ago and they still haven't found out Big Smile

    I wrote a few more that interface with Win32 functions directly, allowing users to change their Visual Style, Appearance, Desktop settings and the like.

    Naturally, a "Windows Explorer" clone VBA app was essential, I managed to write a fully-featured one in about a week.

    And to top it all off, I authored a program that sends fake SMB messages through the network, usually the Netsend feature is used by the Admins to tell people to stop playing games on the Internet (VNC servers are installed on all the boxes, naturally I disabled them), so I used it to have a bit of fun here and there. I nearly finished writing a remote shutdown one (that uses the same packet as NT5.1's "shutdown" command), but by the time I got anywhere near it my 6th Form decided to do a massive upgrade to XP SP2, the built-in firewall made all my SMB hacks useless. But everything else works fine.

    I'm only announcing this publically on the grounds that anyone from my 6th Form doesn't know who I am Smiley (So if you do know who I am, I'm begging you not to reveal my identity)

  • User profile image
    AndyC

    They let you write to the Program Files directory?

    /me rolls eyes

    Sounds like someone somewhere needs a lesson in security...

  • User profile image
    W3bbo

    AndyC wrote:
    They let you write to the Program Files directory?

    /me rolls eyes

    Sounds like someone somewhere needs a lesson in security...


    Its because of all the legacy applications. Programs dating back to 1993 still need to run, usually because they have to write global settings or something.

    Of course, I could have gotten the Admin passwords if I really wanted, its not hard to make a fake login screen in VBA (combined with "CAD to Logon" being disabled too)

    But they're smart elsewhere, booting from floppy is disabled, all the BIOSes have randomly generated passwords, and they're all housed in steel boxes. Since the BIOS passwords are random, the only way into the BIOS is by disabling the BIOS password by opening the case and removing the password jumper, which requires the keys to the steel cases.

  • User profile image
    DCMonkey

    I'm still using VBA.

    I'm using it with Access to automate some complex transactions between two companies in Quickbooks and our customer database.

    I also use it a bit in Excel.

     

  • User profile image
    Cairo

    Back when I ran the university computing labs, we re-ghosted1 the machines every morning, due in large part to the kinds of actions you're describing, W3bbo. This was in the Win31/Win95 days. Neither of those OSes had any security whatsoever, so wipe-and-reinstall was or only real option.

    1 Actually it wasn't ghosting; we had built a custom DOS boot disk with a PC-NFS client, and pulled all of the Win/Office/Etc files off of a Slackware server to overwrite whatever was on the machines. We made it easy enough the English TAs were using it to recondition machines for staff without our help.


  • User profile image
    AndyC

    W3bbo wrote:


    Its because of all the legacy applications. Programs dating back to 1993 still need to run, usually because they have to write global settings or something.



    There are better ways to handle situations like that:

    1) Only modify permissions on the actual files that change, not the directory. Sometimes this isn't possible however, depending on the app.

    2) Give read/write permission to the directory but only set Execute on the executables that make up the app.

    3) Install Legacy apps to a separate location and then whitelist them individually.

    4) Bite the bullet and create a comprehensive whitelist instead of allowing anything in a given location. Be sure the permissions do not allow a trusted executable to be replaced.

    Allowing people to create executable files in a trusted location completely defeats the point of whitelisting in the first place (as you've discovered!)

  • User profile image
    W3bbo

    AndyC wrote:
    Allowing people to create executable files in a trusted location completely defeats the point of whitelisting in the first place (as you've discovered!)


    But wait... the 6th Form doesn't expect people to author programs in VBA and manipulate the file system Smiley

    Security through the ignorance of everyone involved, I guess.

    Next on the list, obtaining that damned SAM file.

  • User profile image
    haathi

    blowdart wrote:


    You'll find a lot of banks using it. A lot of traders. The amount of custom excel spreadsheets used for trades and predictions is scary


    Partly True. I have worked with Traders and Analysts also. I find it quite impressive the way they start with a relatively simple spreadsheet  and then improve it over time to settle down with fairly complicated analytics templates in Excel / VBA that they use to carry out sophisticated trading strategies.

    There isn't anything "scary". One reason they love Excel / VBA is because most Market Data Vendors such as Bloomberg and Reuters provide simple-to-implement DDE and VB Functions that the Traders can incorporate into their spreadsheets to analyze volume, liquidity etc of their portfolios fairly quickly and accurately. Also, by design, Excel can be set to recalculate formulas and cell values automatically when something changes. This is especially useful if they link to live prices in say, a benchmark column.

    The problem arises when the data has to be shared, and you end up with multiple analytics spreadsheets on shared network drive and they are not sure which one is the latest.

  • User profile image
    fdisk

    Sabot wrote:
    BECAUSE EVERY DARN FIRM WE CONTACTED HAD LOADS AND LOADS OF VBA !!!!!!
    Whoa, settle down there.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.