Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs

[MHarmer () MVG COM (Harmer, Mike)]

I was thinking about that last night. Renaming is obvious, but futile in the
long run. I use scripts that scan many files and call other scripts to
complete their job. I also expect some scripts to run when I am not
there,(Scheduled) so authentication would be problematic if it requires any
form of human interaction. Also note that the PKI stage would be useless for
average joe home user and would be a bureaucratic level added to a MIS/IS
dept. In our company we try to be enablers, not stagnators, and the extra
level of control would be problematic. Instead we just take real good care
of our AV program and are VERY good at cleaning up virus infections and we
also keep good backups. The virus cost us money, but we did not lose
anything. It was all in lost work time. Which for 250 people was only about
1 hour, with internet access down for 2 hours.

Others have correctly pointed out that a script can be written to replace
your modified wscript and relaunch itself.

Opening the source code, well I would not expect it to open up any more than
MS-DOS was. Microsoft is NOT Linux, nor do I want them to be. However, I
would not mind a standards driven interface like Pascal, C, etc. Basically
let a third party define acceptable parameters. That way there could be some
form of competition.(And options for the end user)

As for point 3, I do tend towards Microsoft on this one. We(Customers)
wanted a better batch language. Basic is a nice simple language. Well, lets
leverage VB and VBA and create VBS. In doing so they created a very powerful
scripting language that can do quite a lot. I remember Win98 betas having a
bug that if you made a window too narrow the script that draws the explorer
windows would crash. You could actually read the script when it asked if you
wanted to debug. Unfortunately, like TCP/IP, with power and flexibility
comes risk. It is a constant balancing act. The virus writers and anti-MS
camp would have us believe that Microsoft is to blame. But who was to blame
for the attacks a few months ago against CNN, Yahoo, etc? The attacker took
advantage of shortcomings of TCP/IP. Ones that can not be corrected without
serious threats to the capabilities of TCP/IP that we all have come to know
and love.

Microsoft could reduce the functionality of VBS to make it harder on
viruses, but that would more than likely make VBS useless for many tasks.
For Microsoft to do the "right thing", they would have to kill the 9x
series. That way we could make the scripts require certain permissions just
to start.(9x has no idea of permissions) Make Outlook or whatever launch
scripts with "Guest Script" permission and limit that. However, NT is the
only MS OS that has the hope of doing that. Please, no comments on how UNIX
does not have these limitations, that is given, but UNIX does not have the
market share to cause this problem, 9x does.

Michael E. Harmer
Miller-Valentine Group
4000 Miller-Valentine Ct.
Dayton, OH 45439-1487
x804
mharmer () mvg com

----------------------------------------------
In the middle of difficulty lies opportunity.
--Albert Einstein
----------------------------------------------

-----Original Message-----
From: Richard Rager [mailto:kb8rln () PENGUINMASTER COM]
Sent: Thursday, May 11, 2000 4:26 PM
To: VULN-DEV () SECURITYFOCUS COM
Subject: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs

  I have users that are not willing to remove their wscript and cscript
links.:-(

I would like to see any time a *.vbs try to run a pgp checksum is sent to
a PKI or LDAP server to be authenticated.  Any program that fails will be
send to the sysadmin.  This should be easy because most users do not write
there own vb scripts.

I can see two or three ways of doing this.

1.) Simple rename wscript.exe to wscript.obj
   The write a program to be wscript.exe replacement that sends for
authentication.  The send the ole to the wscript.obj.

2.) Has MS open up the source code to wscript and cscript so we can
rewrite are own.

3.) If MS add this themselves.  <---  I do not thing this will happen
because they said it's not our problem, NOT A BUG it is a feature.

  I also would like this to be expandable to all binary!!!!!  If we are
going to stop all virus and worms this is the best way I can think or.

Enjoy,

Richard Rager