Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs

[kb8rln () PENGUINMASTER COM (Richard Rager)]

On Fri, 12 May 2000, Harmer, Mike wrote:

> I was thinking about that last night. Renaming is obvious, but futile in the
> long run.

  I agree so maybe MS will open the code.  It was a stop gap any way.

> I use scripts that scan many files and call other scripts to
> complete their job. I also expect some scripts to run when I am not
> there,(Scheduled) so authentication would be problematic if it requires any
> form of human interaction.

I was not going to require human interaction.  If the key on the server
all well.

> Also note that the PKI stage would be useless for
> average joe home user and would be a bureaucratic level added to a MIS/IS
> dept. In our company we try to be enablers, not stagnators, and the extra
> level of control would be problematic.

  All security solutions have there down side.  Security = !Convenient

  I am not saying that you have to turn on PKI check but,  I want the
choice.

> Instead we just take real good care
> of our AV program and are VERY good at cleaning up virus infections and we
> also keep good backups. The virus cost us money, but we did not lose
> anything. It was all in lost work time. Which for 250 people was only about
> 1 hour, with internet access down for 2 hours.

  Congratulations on the "Risk Management" and a fast turn-a-round.  Some
of my clients do not have a full time IT/IS/MIS person on site.  They had
no clue other then to call me.

> Others have correctly pointed out that a script can be written to replace
> your modified wscript and relaunch itself.

  I also agree.  Users that do this should just be fired if you write it
in your security policy.  Or if all programs must pass a filter before
running then alter programs can be stoped.

> Opening the source code, well I would not expect it to open up any more than
> MS-DOS was. Microsoft is NOT Linux, nor do I want them to be. However, I
> would not mind a standards driven interface like Pascal, C, etc. Basically
> let a third party define acceptable parameters. That way there could be some
> form of competition.(And options for the end user)

I agree.

> As for point 3, I do tend towards Microsoft on this one. We(Customers)
> wanted a better batch language. Basic is a nice simple language. Well,
> lets leverage VB and VBA and create VBS. In doing so they created a
> very powerful scripting language that 0n do quite a lot. I remember
> Win98 betas having a
> bug that if you made a window too narrow the script that draws the explorer
> windows would crash. You could actually read the script when it asked if you
> wanted to debug. Unfortunately, like TCP/IP, with power and flexibility
> comes risk. It is a constant balancing act. The virus writers and anti-MS

  I agree on what you are saying but, at the same time I would like to see
MS help us, maybe with better tools to help us in this indeavor

  On your point 9x should go.  I think that your are correct.  Maybe the
security policy should be, all foreign hardware is not allowed on
this network.

Enjoy,

Richard