Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs

[puppet () DYNAMSOL COM (Daniel S. Otis-Vigil)]

What's to stop a trojaner from just replacing wscript.exe and or cscript.exe
with their own copy that always authenticates?

-----Original Message-----
Subject: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs

  I have users that are not willing to remove their wscript and cscript
links.:-(

I would like to see any time a *.vbs try to run a pgp checksum is sent to
a PKI or LDAP server to be authenticated.  Any program that fails will be
send to the sysadmin.  This should be easy because most users do not write
there own vb scripts.

I can see two or three ways of doing this.

1.) Simple rename wscript.exe to wscript.obj
   The write a program to be wscript.exe replacement that sends for
authentication.  The send the ole to the wscript.obj.

2.) Has MS open up the source code to wscript and cscript so we can
rewrite are own.

3.) If MS add this themselves.  <---  I do not thing this will happen
because they said it's not our problem, NOT A BUG it is a feature.

  I also would like this to be expandable to all binary!!!!!  If we are
going to stop all virus and worms this is the best way I can think or.