ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Microsoft leaves Windows wide open

Megan McAuliffe ZDNet.co.uk

Published: 17 Apr 2001 08:38 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A security hole in a Microsoft Windows feature has not been removed since its first encounter with the virus 'Bubble Boy' in 1999.

"That kind of danger is still present today. The feature is not used by 99.9 percent of people, and so it should be the first thing removed from a computer when the machine is set up. Otherwise users are at risk of being attacked," Trend Micro spokesperson Andy Liou told ZDNet Australia.

Liou said that script viruses written on programs such as VBScript and JavaScript make use of Microsoft's Windows Scripting Host -- available on Windows 98 and 2000 -- to activate themselves and infect other files.

Viruses that exploit scripts embedded in HTML will automatically execute the moment the HTML page is viewed from a script-enabled browser. In other words, the user doesn't need to double click on the attachment for the virus to be run.

BubbleBoy was the first virus to take advantage of the Windows Scripting Host feature, which hit in 1999.

Liou said the virus was created to prove that a virus could be executed just by reading an email.

The treacherous Love Letter virus, which hit in May 2000, also took advantage of the Windows Scripting Host.

Liou said script viruses have been around for some time and are quite easy to protect against.

"All the user has to do is remove the Windows Scripting Host from their machines, and the virus cannot be executed," he said.

A lot of users however, don't know about the vulnerabilities within the Windows feature, which is one of the reasons the spread of viruses is on the increase.

Liou believes the only users of the Windows feature these days are the virus writers themselves.

"I don't know anybody who uses the feature. By default, it comes installed. A lot of people don't know they have it. It should be completely removed," he said.

Microsoft was recently accused by another security expert of ignoring a different security problem affecting its software.

Take me to ZDNet Enterprise

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with HP

Did you find this article useful?
64 out of 126 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:








Related Jobs

Script Developer.London. 40,000 - 50,000. Finance / Banking

Script Developer. London. My client are a market leading developer of trading and risk management systems for some of the worlds premier financial ...

Microsoft Gold Partner - Wise Studio Package - Application Packaging

Other skills: - Experience using Altiris - Experience in using Application packages - VB Script - SMS, MOM - SQL - A great opportunity to work for a ...

Business Support Credit Derivatives (CDS, CDO, ABS & Credit Risk Management) / ( SQL and Unix script skills) London

Title: Business Support Credit Derivatives (CDS, CDO, ABS & Credit Risk Management) / ( SQL and Unix script skills) London Location: London Type: ...

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers

Sentry Posts Blog

Mobile Linux Better For Mobile Busines...

Mobile Linux Better For Mobile Business Apps? Author: Eric Everson, MyMobiSafe.com As mobile Linux is carving it’s footprint on the future of mobile application development, the... More

Post a comment

DWP downplays security breach

The Department for Work and Pensions (DWP) has admitted that some of its staff have been forwarding passwords with password protected material. An email that was leaked on the 'Dizzy... More

Post a comment

How many headshots does one chairperso...

We got a strange request last week from the head of PR from Russian security experts Kaspersky. It seems although the company was very happy with the interview we recently carried with... More

Post a comment

Featured Talkback

On the contrary, if vendors were forced to stand behind their products it should increase innovation. It would force more, and better , testing before hitting the sales floor, resulting in fewer updates and less downtime for the consumer. At present the EULA removes responsibility from the vendor, and moves it to the user, which is a step backward. Make the vendor responsibility for their code.

By: ator1940

Read full story:
RSA: Vendor liability may stifle innovation