Velg land |
Security Information Week 21, 2000
Windows Scripting Host (WSH) is a part of some of Microsoft's 32 bits operating systems or is installed when certain Microsoft programs are installed.
WSH may be used run Visual Basic Scripts (VBS) to automate some actions which are to be performed frequently, and could thus be a useful tool. However - WSH are also used by some virus authors to perform malicious actions on computers. For example does the infamous LoveLetter virus utilize WSH.
As if often the situation - the security aware person has to choose between enhanced functionality versus higher security. With the havoc caused by LoveLetter in mind, security-aware organizations may want to disable the association between VBS and WSH on the computers. Then Visual Basic Scripts will not run automatically when clicked.
WSH is installed in these configurations
Windows NT version 4
WSH is installed if
- You install Internet Explorer version 5
- You download WSH from a Microsoft's site
Windows 98
WSH is installed if
- You select the default installation of the operating system
- You install Internet Explorer version 5
- You download WSH from a Microsoft's site
Windows 2000
WSH is installed if
- You select the default installation of the operating system
- You install Internet Explorer version 5
- You download WSH from a Microsoft's site
Windows 95
WSH is installed if
- You install Internet Explorer version 5
- You download WSH from a Microsoft's site
Disabling the .VBS file extention association to Windows Scripting Host
Windows NT version 4
- Log in as an administrator
- On the Desktop, or in Windows Explorer, right-click the My Computer icon.
- Select the menu choice Open.
- In the My Computer window, open the View menu and select Options....
- Open the File Types tab.
- Scroll and look for VBScript Script File in the list of different file types (alphabetically ordered). If this file type is not in the list, .VBS files are not associated with WSH, and your computer is safe.
- Click the Remove button.
- Click Yes if you are asked for confirmation.
Windows 98
- Start Control Panel.
- Double-click the Add/Remove programs icon.
- Open the Windows Setup tab. Select Accessories and double-click it.
- In the list of accessories, find Windows Scripting Host like in the image below..
- Deselect this in the check-box.
- Click OK twice to confirm your settings and close the windows.
Windows 2000
- Log in as an administrator
- On the Desktop, or in Windows Explorer, right-click the My Computer icon.
- Select the menu choice Open.
- In the My Computer window, open the Tools menu and select Folder options.
- Open the File Types tab.
- Scroll and look for VBScript Script File in the list of different file types (alphabetically ordered). If this file type is not in the list, .VBS files are not associated with WSH, and your computer is safe.
- Click the Delete button.
- Click Yes if you are asked for confirmation.
Windows 95
- On the Desktop, or in Windows Explorer, right-click the My Computer icon.
- Select the menu choice Open.
- In the My Computer window, open the View menu and select Options....
- Open the File Types tab.
- Scroll and look for VBScript Script File in the list of different file types (alphabetically ordered). If this file type is not in the list, .VBS files are not associated with WSH, and your computer is safe.
- Click the Remove button.
- Click Yes if you are asked for confirmation.
Per Olav Førland
Medium risk
Low risk