Computer Help and Support

usonian

(13,782 posts) Thu Oct 12, 2023, 11:44 AM Oct 2023

Microsoft to kill off VBScript in Windows to block malware delivery

https://www.bleepingcomputer.com/news/security/microsoft-to-kill-off-vbscript-in-windows-to-block-malware-delivery/

Microsoft is planning to phase out VBScript in future Windows releases after 30 years of use, making it an on-demand feature until it is removed.

VBScript (also known as Visual Basic Script or Microsoft Visual Basic Scripting Edition) is a programming language similar to Visual Basic or Visual Basic for Applications (VBA) and was introduced almost 30 years ago, in August 1996.

It comes bundled with Internet Explorer (which was killed off by Redmond across some Windows 10 platforms in February), integrates active scripting into Windows environments, and communicates with host applications through Windows Script.

OH MY GOODNESS.
30 years and trillions of dollars (estimated) of damage caused by this attack vector later.

Modern software design tries to containerize apps, and even isolate one browser tab from another.

"The internet's one tough town"

3 replies

= new reply since forum marked as read

Highlight:

Microsoft to kill off VBScript in Windows to block malware delivery (Original Post) usonian Oct 2023 OP

Malware relies on simple API calls to windows. The_Casual_Observer Oct 2023 #1

Yes, but a popular vector for attacks unc70 Oct 2023 #2

Not so much "design failures" as the necessity of supporting closed source proprietary software. hunter Oct 2023 #3

The_Casual_Observer

(27,742 posts)

1. Malware relies on simple API calls to windows.

Reply to usonian (Original post)

Thu Oct 12, 2023, 11:51 AM

Oct 2023

VB script is only one of many ways to make those calls.

unc70

(6,325 posts)

2. Yes, but a popular vector for attacks

Reply to The_Casual_Observer (Reply #1)

Thu Oct 12, 2023, 12:32 PM

Oct 2023

Most malware does rely on flaws in Windows and years of design failures. Sloppy, unprofessional, buggy, arcane, clueless, ...

hunter

(38,924 posts)

3. Not so much "design failures" as the necessity of supporting closed source proprietary software.

Reply to unc70 (Reply #2)

Fri Oct 13, 2023, 10:20 AM

Oct 2023

Business people will blame Microsoft if some security upgrade breaks proprietary software that they paid a fortune for and use daily. They're less likely to blame the developer of the proprietary software, who may or may not be willing to sell them an "upgrade," if the developer is still around at all.

When a security upgrade breaks something in the open source world someone fixes it, the programs get recompiled, and life goes on. Some software in the various Linux and BSD repositories is truly ancient by computing standards yet it still works the same as it ever did.

Windows can't always work like this. Instead it has to recognize older proprietary software and apply some ugly kludge in the operating system itself to keep the old software running. Eventually the tower of crap collapses and Microsoft is forced to discontinue support entirely for things like VBScript.

The first serious operating system I used was BSD, in the late 'seventies and early eighties. I eventually migrated to Windows, mostly so I could use modern web browsers such as Opera. The last version of Windows I used on my home computers was 98SE. When I quit that for Linux it was like going home again. A lot of the stuff I'd been doing with BSD "just worked," including my finger memory. The stuff that didn't work I could fix myself or, more likely, someone else had already had the same problem and fixed it. I wasn't dependent upon the whims or business models of any proprietary software company or developer to fix it for me.

Reply to this discussion