Status
Not open for further replies.

Winter Soldier

Level 25
VBScript is a programming language used to create small programs, or to automate a series of commands, but it is also used to write malware (for example the old "I LOVE YOU" malware and its variants).
I remember the Windows Scripting Host (WSH) which is used for the interpretation and execution of files written in VBScript (extension .vbs) and it was present on the older Windows versions, it is probably still used on Windows 10, but please correct me if I'm wrong.

However, the danger of the Windows Scripting Host is in the automatic execution of associated scripts without the intervention of the user, to have access to the Windows shell, to the system files and to the registry, and this of course can be critical if it is done with a VBS malware.

But usually, any good AV has a Script Blocking function that protects from the execution of VBS malicious codes.

I also remember a modification to the Windows registry to disable the WSH engine in the old Windows OS but honestly I can't be more precise.
 
5

509322

But usually, any good AV has a Script Blocking function that protects from the execution of VBS malicious codes.
More than half don't, and the ones that do, the protections are feeble. There are two AV\IS that I can think of that offer fairly robust protections against malicious scripts.

For the uninitiated, scripts are best handled by SRP - which means blocking them by default. A second alternative is a solution that treats scripts discretely as files in their own right. A third alternative is to parse the command line.
 

cruelsister

Level 37
Verified
Trusted
Content Creator
Abdallah- first off, the probability of getting infected by script based malware (Scriptors) will vary with the version of Windows that is used. Windows 10 was developed with increased protection against this stuff (vbs, Powershell, Ruby, Python); so right out of the box Windows 10 will provide more security than Windows 7 ever would.

Second, please understand that scripts are also used for High and Noble purposes in the Enterprise space (like automating various processes). The issue here is that a malicious script is almost indistinguishable from a legitimate one- so many AV vendors will be more afraid of generating False positives than actually detecting malware. A major Corporate Endpoint product (which will go unnamed) particularly sucks at detecting worms because of this.

But to kinda sorta answer your question, Zemana excels in detecting and stopping various Scriptors, and my beloved Comodo firewall laughs at them.
 
Status
Not open for further replies.
Top