Feeds

Viva VBA - alas

Entrenched victory

Top three mobile application threats

In the early 1990s when Visual Basic (VB) first infiltrated Excel to become Visual Basic for Applications (VBA), it helped push Microsoft's then-fledgling spreadsheet so far ahead of others that most people today are not aware many competitors even existed.

Lotus Development - since consumed by IBM - turned down a chance to incorporate VB into its groundbreaking 1-2-3 spreadsheet telling the ISV who offered the module: "We don't wish to endorse it."

It is by such decisions that whole businesses die.

Today VBA is a playground for virus writers because, unlike other ways to spread your filth, getting VBA to copy itself and change a few files is the work of just a few minutes for anyone with any programming experience. Hacking a .exe header in assembler is tougher. Microsoft's big cash cow Office is entirely customizable using VBA, yet one is presented with messages of the form "Outlook is really scared of VBA, and so should you be, do you really want to do this?"

It's little wonder, then, that the introduction of a new version of Office leads to speculation that VBA will be buried. But while it's already gone from Mac Office - because the poor dears at Microsoft found the effort of coding it up too hard - it's unlikely to vanish from Office for the PC for at least the next version.

The Vole may be evil but it is damned good at making money, and this is why VBA is not leaving Office any time soon.

VBA is firmly established in the majority of businesses, big and small, keeping them running and programmers gainfully employed.

VBA, for example, runs the world financial markets. The credit crunch happened mostly in the minds of Excel spreadsheets doing horribly complex calculations in a language designed to change formatting, or to capture and validate user input.

They are not even good VBA macros, the most common degree for the quants who do this is physics, not computer science, and those building macros have never even heard of version control, structured programming or been on any programming course since an introduction to Fortran years ago as an undergrad.

VBA in Word knocks up many of the world's form letters and there are many itinerant VBA hackers wandering from firm to firm keeping them going because they are often as critical to the business as something such as stock control. Flashy effects can be knocked up in PowerPoint and I, personally, would sink under the weight of email without Outlook macros.

There is Visual Tools for Office (VSTO), as Microsoft will tell you. These are properly architected and support all the .NET languages, with those on the madder end of user spectrum even trying it on with F#, but have a user base trivial in size compared to VBA.

Partly this is because VBA in Excel can actually be written by recording what you want to happen, then meddling to make it do other things. Not great code, but by far the easiest entry point for software development on the planet. So the physicist-quant-programmers mix in with secretaries, accountants, and, yes, even journalists.

With such utility and widespread use, Microsoft rightly fears removing VBA from Office because of the financial pain it would unleash. Although OpenOffice et al nibble at the edges of the cash flow, Office continues to grow almost oblivious to them.

Seven Steps to Software Security

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.