Vulnerability Development mailing list archives
Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs
From: 11a () GMX NET (Bluefish)
Date: Sun, 14 May 2000 04:09:35 +0200
As for point 3, I do tend towards Microsoft on this one. We(Customers) wanted a better batch language. Basic is a nice simple language. Well, lets leverage VB and VBA and create VBS. In doing so they created a very powerful scripting language that can do quite a lot.
There is obviously nothing wrong with powerfull scripting languages. It would be almost like saying that any executable is dangerous because it can contain whatever machinecode the inventor thought of! Scripting capabilities like perl has been widely available for years without problems. IMHO the problem with the microsoft platforms is that it is quite hard to determin if a file is executable, a mixed data/executable. This is mainly because it relies upon extensions for such things and there are numorous extensions which are executable which the avarage user isn't aware of. Additionally wordprocessors etc which the users often assume to be safe by default executes script without even warning the user the first time. Then yet again, according to other sources Outlook has insane features like hiding extentions and the possibilities to be configures to "autopreview". There are obvoiusly room for numerous security upgrades which would not limit any functionallity?
only MS OS that has the hope of doing that. Please, no comments on how UNIX does not have these limitations, that is given, but UNIX does not have the market share to cause this problem, 9x does.
Unix is definatly big enough to cause problems. The day all unix-boxes in the world stops simultationsly, you'll realize that beneath the serfice, unix runs the entire world ;) Well more seriously, there are reasons why unix does not suffer these problems. Compared to the avarage windows user, the avarage unix users has a higher education and computing experience (or you might call me biased). Secondly, most *nix clients for Unix is not designed to be one mouseclick to execute possibly hostile code. Not to sound too much pro-unix, the different architectures have different problems. Unix certainly has it share of security problems. But what microsoft is outstanding in is a human interface which very easily fools the human. ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
Current thread:
- Bugtraq Stats for the last 3 years available now., (continued)
- Bugtraq Stats for the last 3 years available now. Alfred Huger (May 15)
- xsoldier mandrake exploit. egid=games with the right shellcode Larry C$ (May 15)
- Re: QPOP2.5* exploit ?? rpc (May 14)
- Fwd: [Newssubmission: Security vulnerability in the ICS HTTPServer component] TLsecurity.net (May 14)
- Re: regarding phrack49's stack smashing tutorial Pavel Kankovsky (May 14)
- Re: regarding phrack49's stack smashing tutorial Darshan Patil (May 14)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Richard Rager (May 13)
- is: tcp/ip vuln, not?... was: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 13)
- Re: is: tcp/ip vuln, not?... was: WSCRIPT.EXE ,CSCRIPT.EXE replacement for *.vbs Crispin Cowan (May 15)
- Re: is: tcp/ip vuln, not?... was: WSCRIPT.EXE ,CSCRIPT.EXE replacement for *.vbs Jason Legate (May 17)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 13)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Maxime Rousseau (May 12)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Richard Rager (May 13)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Daniel P. Zepeda (May 14)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 16)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Istvan Takacs (May 15)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 16)