Vulnerability Development mailing list archives
Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs
From: MHarmer () MVG COM (Harmer, Mike)
Date: Fri, 12 May 2000 09:11:40 -0400
I was thinking about that last night. Renaming is obvious, but futile in the long run. I use scripts that scan many files and call other scripts to complete their job. I also expect some scripts to run when I am not there,(Scheduled) so authentication would be problematic if it requires any form of human interaction. Also note that the PKI stage would be useless for average joe home user and would be a bureaucratic level added to a MIS/IS dept. In our company we try to be enablers, not stagnators, and the extra level of control would be problematic. Instead we just take real good care of our AV program and are VERY good at cleaning up virus infections and we also keep good backups. The virus cost us money, but we did not lose anything. It was all in lost work time. Which for 250 people was only about 1 hour, with internet access down for 2 hours. Others have correctly pointed out that a script can be written to replace your modified wscript and relaunch itself. Opening the source code, well I would not expect it to open up any more than MS-DOS was. Microsoft is NOT Linux, nor do I want them to be. However, I would not mind a standards driven interface like Pascal, C, etc. Basically let a third party define acceptable parameters. That way there could be some form of competition.(And options for the end user) As for point 3, I do tend towards Microsoft on this one. We(Customers) wanted a better batch language. Basic is a nice simple language. Well, lets leverage VB and VBA and create VBS. In doing so they created a very powerful scripting language that can do quite a lot. I remember Win98 betas having a bug that if you made a window too narrow the script that draws the explorer windows would crash. You could actually read the script when it asked if you wanted to debug. Unfortunately, like TCP/IP, with power and flexibility comes risk. It is a constant balancing act. The virus writers and anti-MS camp would have us believe that Microsoft is to blame. But who was to blame for the attacks a few months ago against CNN, Yahoo, etc? The attacker took advantage of shortcomings of TCP/IP. Ones that can not be corrected without serious threats to the capabilities of TCP/IP that we all have come to know and love. Microsoft could reduce the functionality of VBS to make it harder on viruses, but that would more than likely make VBS useless for many tasks. For Microsoft to do the "right thing", they would have to kill the 9x series. That way we could make the scripts require certain permissions just to start.(9x has no idea of permissions) Make Outlook or whatever launch scripts with "Guest Script" permission and limit that. However, NT is the only MS OS that has the hope of doing that. Please, no comments on how UNIX does not have these limitations, that is given, but UNIX does not have the market share to cause this problem, 9x does. Michael E. Harmer Miller-Valentine Group 4000 Miller-Valentine Ct. Dayton, OH 45439-1487 x804 mharmer () mvg com ---------------------------------------------- In the middle of difficulty lies opportunity. --Albert Einstein ---------------------------------------------- -----Original Message----- From: Richard Rager [mailto:kb8rln () PENGUINMASTER COM] Sent: Thursday, May 11, 2000 4:26 PM To: VULN-DEV () SECURITYFOCUS COM Subject: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs I have users that are not willing to remove their wscript and cscript links.:-( I would like to see any time a *.vbs try to run a pgp checksum is sent to a PKI or LDAP server to be authenticated. Any program that fails will be send to the sysadmin. This should be easy because most users do not write there own vb scripts. I can see two or three ways of doing this. 1.) Simple rename wscript.exe to wscript.obj The write a program to be wscript.exe replacement that sends for authentication. The send the ole to the wscript.obj. 2.) Has MS open up the source code to wscript and cscript so we can rewrite are own. 3.) If MS add this themselves. <--- I do not thing this will happen because they said it's not our problem, NOT A BUG it is a feature. I also would like this to be expandable to all binary!!!!! If we are going to stop all virus and worms this is the best way I can think or. Enjoy, Richard Rager
Current thread:
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Knud Erik Højgaard (Apr 14)
- <Possible follow-ups>
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Harmer, Mike (May 12)
- regarding phrack49's stack smashing tutorial Christian Hammers (May 13)
- Re: regarding phrack49's stack smashing tutorial Precious Roy (May 13)
- Re: regarding phrack49's stack smashing tutorial Bluefish (May 13)
- QPOP2.5* exploit ?? Ryan Sweat (May 14)
- Re: QPOP2.5* exploit ?? H D Moore (May 14)
- Re: QPOP2.5* exploit ?? jms (May 13)
- Napster Fix optik (May 14)
- Re: QPOP2.5* exploit ?? Maurycy Prodeus (May 15)
- Re: QPOP2.5* exploit ?? jms (May 14)
- Re: QPOP2.5* exploit ?? Eric LeBlanc (May 15)
- regarding phrack49's stack smashing tutorial Christian Hammers (May 13)