Vulnerability Development mailing list archives
Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs
From: kb8rln () PENGUINMASTER COM (Richard Rager)
Date: Sat, 13 May 2000 13:01:35 -0600
On Fri, 12 May 2000, Harmer, Mike wrote:
I was thinking about that last night. Renaming is obvious, but futile in the long run.
I agree so maybe MS will open the code. It was a stop gap any way.
I use scripts that scan many files and call other scripts to complete their job. I also expect some scripts to run when I am not there,(Scheduled) so authentication would be problematic if it requires any form of human interaction.
I was not going to require human interaction. If the key on the server all well.
Also note that the PKI stage would be useless for average joe home user and would be a bureaucratic level added to a MIS/IS dept. In our company we try to be enablers, not stagnators, and the extra level of control would be problematic.
All security solutions have there down side. Security = !Convenient I am not saying that you have to turn on PKI check but, I want the choice.
Instead we just take real good care of our AV program and are VERY good at cleaning up virus infections and we also keep good backups. The virus cost us money, but we did not lose anything. It was all in lost work time. Which for 250 people was only about 1 hour, with internet access down for 2 hours.
Congratulations on the "Risk Management" and a fast turn-a-round. Some of my clients do not have a full time IT/IS/MIS person on site. They had no clue other then to call me.
Others have correctly pointed out that a script can be written to replace your modified wscript and relaunch itself.
I also agree. Users that do this should just be fired if you write it in your security policy. Or if all programs must pass a filter before running then alter programs can be stoped.
Opening the source code, well I would not expect it to open up any more than MS-DOS was. Microsoft is NOT Linux, nor do I want them to be. However, I would not mind a standards driven interface like Pascal, C, etc. Basically let a third party define acceptable parameters. That way there could be some form of competition.(And options for the end user)
I agree.
As for point 3, I do tend towards Microsoft on this one. We(Customers) wanted a better batch language. Basic is a nice simple language. Well, lets leverage VB and VBA and create VBS. In doing so they created a very powerful scripting language that 0n do quite a lot. I remember Win98 betas having a bug that if you made a window too narrow the script that draws the explorer windows would crash. You could actually read the script when it asked if you wanted to debug. Unfortunately, like TCP/IP, with power and flexibility comes risk. It is a constant balancing act. The virus writers and anti-MS
I agree on what you are saying but, at the same time I would like to see MS help us, maybe with better tools to help us in this indeavor On your point 9x should go. I think that your are correct. Maybe the security policy should be, all foreign hardware is not allowed on this network. Enjoy, Richard
Current thread:
- TROJAN WARNING: Re: QPOP2.5* exploit ??, (continued)
- TROJAN WARNING: Re: QPOP2.5* exploit ?? Nic Bellamy (May 14)
- Re: QPOP2.5* exploit ?? phi-vulndev () EXORSUS NET (May 14)
- Bubble Boy Virus Spreading Mechanism Andrew Leong (May 15)
- Re: QPOP2.5* exploit ?? Lluis Mora (May 15)
- Bugtraq Stats for the last 3 years available now. Alfred Huger (May 15)
- xsoldier mandrake exploit. egid=games with the right shellcode Larry C$ (May 15)
- Re: QPOP2.5* exploit ?? rpc (May 14)
- Fwd: [Newssubmission: Security vulnerability in the ICS HTTPServer component] TLsecurity.net (May 14)
- Re: regarding phrack49's stack smashing tutorial Pavel Kankovsky (May 14)
- Re: regarding phrack49's stack smashing tutorial Darshan Patil (May 14)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Richard Rager (May 13)
- is: tcp/ip vuln, not?... was: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 13)
- Re: is: tcp/ip vuln, not?... was: WSCRIPT.EXE ,CSCRIPT.EXE replacement for *.vbs Crispin Cowan (May 15)
- Re: is: tcp/ip vuln, not?... was: WSCRIPT.EXE ,CSCRIPT.EXE replacement for *.vbs Jason Legate (May 17)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Richard Rager (May 13)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 16)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 16)