VBS extensions?

Visual Basic Script (VBS) is valid as are filename.vbs files. These are handled by the Windows Scripting Host and no, MOST .vbs files are NOT malicious. Most problems with malicious VBS occurs because of the way Outlook is configured. In my case I shut off Outlooks ability to open or run .vbs files and that, in addition to the MailWatcher from CAI (Runs in conjunction with InoculateIT virus scanner) provides pretty good protection (Knocking on wood here)....

Here is some information from a post a year or so ago that may help explain. Sorry, but I forgot who posted the information originally.

Quote

The drawback to relying upon Auto-Protect for e-mail scanning is that the majority of known mail-borne Trojans are based on VBScript or JScript, and active scripting is enabled, by default, for both Outlook Express and Outlook. With the 'Preview Pane' feature found in both of these products, simply selecting (but not even opening) a newly-arrived piece of will cause auto-scripting of any active content that may reside within, and at that point it's game over.

The E-Mail Protection feature gets in the middle of the picture by scanning the mail as it arrives at the local POP3 proxy, but before arriving in the e-mail client ... if there is a VBScript- or JScript-based Trojan in a piece of mail, you find out about it before the mail makes its way in to an environment where the script will automatically run as soon as the mail item is selected. Auto-Protect does not do its protecting thing until you actually open the mail item, at which point it will be too late to stop most of the more recent Trojans.

Without E-Mail Protection enabled and working, you can still protect yourself from e-mail borne 'active' Trojans by using the Security settings in either Outlook Express or Outlook to put the product in to the IE 'restricted' security zone. That done, you can then use the custom settings for the 'restricted' zone to completely disable active-scripting. In Outlook, disable the 'Preview Pane' feature for all folders unless you have either enabled E-Mail Protection or taken the aforedescribed steps ... with Outlook Express, you're stuck with the 'Preview Pane' feature, so if you can't get E-Mail Protection to work, you had better put the whole works in to the IE 'restricted' zone and disable active scripting. Don't believe for a minute that Auto-Protect will save you from a mail-borne JScript or VBScript Trojan!

Unquote

And here's the way I've set up my OE to protect against this

1. In MSOE, go to the Security tab in the Options dialog (Tools | Options), change the 'Security Zones' selection from 'Internet zone' to 'Restricted sites zone', and close the Options dialog with the OK command.

2. Go to the Security tab in the Internet Properties dialog (Start | Settings | Control Panel | Internet Options), select Restricted Sites, open the Security Settings dialog with the Custom Level button, scroll down to 'Scripting', disable 'Active scripting', and close the Security Settings dialog with the OK command.



Cowboy Wisdom:
"There's two approaches to arguin' with a woman. Neither one works."

- Bob -
7XDB8

Lawrence: No, no problems (fingers tightly crossed here). If you follow the directions at the bottom of the post then the ONLY thing that's affected is Outlook Express. It won't impact your surfing at all....


Cowboy Wisdom:
"Never take to sawin' on the branch that's supportin' you, unless you're bein' hung from it."

- Bob -
7XDB8


Message Edited on 04/21/01 07:33PM by Bob11

Thanks Bob. Your post was very informative. I'll give it a try. If I can't run some important sites, I'll have to put scripting back. Does moving to restricted internet security cause problems?


LawrenceH