Scripting is a two-edged sword


A three line VB script will disable your firewall.

The advantage of scripting is that you can control so many things with just a few lines of code.

The disadvantage of scripting is that bad people can control so many things with just a few lines of code.

I wonder how long it will be before there's a virus that disables the firewall.

Comments (15)
  1. Mr Sarky says:

    A single cup of coffee will disable your computer’s power supply :-)

  2. Dave says:

    A single cup of coffee will disable your computer’s power supply :-)

    Spoken like a man that has experienced it…

  3. Duncan Smart says:

    The more that is done to stop users running as Admin then these scripts won’t be able to (easily) harm.

  4. Jonathan says:

    The more that is done to stop users running as Admin then these scripts won’t be able to (easily) harm.

    I agree. As part of SP2-related education, Microsoft should really push getting people to have separate Admin and Limited accounts, and to use Admin only when necessary.

  5. Dennis Jackson says:

    >The more that is done to stop users running as Admin then these scripts won’t be able to (easily) harm.

    >I agree. As part of SP2-related education, Microsoft should really push getting people to have separate Admin and Limited accounts, and to use Admin only when necessary.

    Does Windows 2000/XP provide a method for a user to install software or occasionally run tasks as Admin without logging out and back in? i.e., like the *nix command "sudo"

  6. Jeremy Croy says:

    Runas

  7. Juan Miguel Venturello says:

    Denis, open a cmd prompt, type ‘runas /?’

    Can be integrated into the shell. Or is: right click into a file while holding shift, choose ‘Run As…’

    ;)

  8. Scott says:

    How does OS X handle this?

  9. Scott says:

    Oops, forgot to mention that there are trojans that kill ZoneAlarm and any antivirus. So it’s been done already.

  10. Henk Devos says:

    To answer the OS X question:

    The installer will prompt for an admin password.

  11. Gernot says:

    "The more that is done to stop users running as Admin then these scripts won’t be able to (easily) harm."

    I agree, however be aware some Applications in the past (Application compatibility on current OS versions) have to run as Admin and some only need to be Admin to install. This is changing, however it takes time. How do I explain to my uncle that he cannot run his favorite application because it is dangerous to run as Admin all the time. Some non techie users do not get the danger it ran on Win98 or the last version of NT why does it no longer run?

  12. josh says:

    Most apps do run as a restricted user, although many need some tweaking first. Enable auditing and you can find what files/registry keys they’re bugging on and permit access to those, assuming there’s nothing critical. If all else fails, you can mark a shortcut to run as a different user, though you do need to enter the appropriate password each time.

    It takes too long to set up and punch all the right holes though, you need to get programmers used to the idea of running restricted first.

  13. John Vert says:

    3 lines is too many, just run "netsh firewall set opmode mode=disable" No scripting required.

  14. Mike Dimmick says:

    John, the 3-line script only enables remote administration of the firewall; it doesn’t disable it completely. But you’re right, that is of course even simpler.

    Do virus scanners scan .bat and .cmd files?

  15. Pavel Lebedinsky says:

    Peter Torr has a very well written blog about security aspects of scripting in Windows:

    http://weblogs.asp.net/ptorr/archive/2004/04/24/119627.aspx

Comments are closed.

Skip to main content