Vulnerability Development mailing list archives
Re: ScriptGuard
From: mrousseau () LABCAL COM (Maxime Rousseau)
Date: Wed, 17 May 2000 11:29:54 -0400
I think we all agree on the fact that this tool can be fooled quite easy. Script obscruring is very trivial just put all in a obsfucated code string and use the Script Control ActiveX to execute the string. So, in the light of this, I belive this tool is A) Useless and B) A waste of coding. Moreover, i would even add that it might be dangerous because its going to give the administrators and the users a false feeling of security. If someone would like to convince me otherwise, im all ears (or eyes). I would also like to say that i think this whole issue is hyped, yes Scripts are dangerous, yes they can do nasty stuff... but so can the EXE. Why would we have to use a ScriptGuard or worse, unlink the .vbs extentions from the WSCRIPT/CSCRIPT ?? Do we see an ExeGuard or patches stopping people from running EXEs? No. My point is, the users double-clicked on a peice of executable code and they are paying the price for this. Screwing up the scripting technology is not going to save the world from another ILY virus. IMHO, the correct solution would be to change the extention on the script so that it would default (doubleclick) to OPEN instead of EXECUTE. I think this would solve everyone's problem without totally screwing up the scripting technology. </rant> M. -------- Hi, im a ~/.signature virus, copy my into your .signature to help me spread! ! -----Original Message----- ! From: Crispin Cowan ! Subject: ScriptGuard ! ! > ! > Heuristics work pretty good for VBS scripts as the supposed ! > "malicious" commands are static. ! > Perhaps one could code an algorithm obscuring the commands and thus ! > escaping Scriptguard, but this has not been made (yet) ! ! As you say, scripts can be written that appear obscured, and then ! de-cloak themselves as they run. The documentation on the ! http://www.tlsecurity.net/cleaner/scriptguard.htm site ! definitely needs ! to have it's claims softened. In particular, someone should explain ! Alan Turing's Halting Problem to them :-)
Current thread:
- Re: ScriptGuard Maxime Rousseau (May 17)