100 million and one reasons to hate VB and VBScript
[I've made additional notes at the end of the article since the post originally went live. KH]
It was a simple VBScript program that allowed 17-year-old Sergey Taraspov to grab 100 million plus credit card numbers from Target and Neiman Marcus stores. Those 100 million credit card holders are good enough reason for me to place VB on the endangered species list. I hated VB before all that but now these compromises give me more fuel for my campaign to rid us all of VB's curse.
It's true that I seem to have a lot of pet peeves: Bitcoin, overhyped technology, Kickstarter, disposable technology, buzzwords, corporate speak, offshore outsourcing, anything trending, and stuff that should have gone away that still lingers. Visual Basic (VB) and Visual Basic Scripting (VBScript) are two of the lattermost. For the purposes of this post, I'm lumping VB and VBScript into the collective term, VB. Live with it.
VB is a bad language. It doesn't look like BASIC and it doesn't look like C. It's weird. It has an odd syntax that I just can't stomach.
If you read programming forums, people will say things like, "No programming language is better than any other". Except for being 100 percent false, that sentence is valid. C-like languages are better. BASIC was good as a learning language but it was inefficient. FORTRAN was difficult for some people to learn because it's very non-intuitive. BASIC is more human in its syntax.
C and C-based languages are heavy lifters. When you think along those lines, think C++, C#, Java, PHP, Perl, and so on. I don't know where the Visual Basic ecosystem came from but it needs to return immediately. Sorry, Alan Cooper, in my humble opinion your time working on this horrible language was ill spent. I hope you got paid a lot of money for developing it. We didn't need VB then and we certainly don't need it now. Please make it go away.
Visual Basic has had a good run, depending on how you view the term good, that is. It's time for it to go away in favor of good stuff like PowerShell, C#, and just about every other known language.
I've heard and hoped for the past few years that VB is going away but that has yet to happen. Can you name any dead programming languages? I can't really think of any. It seems that no matter how bad a programming language is, it will find an audience who keeps it alive way past its expiration date. VB is way past its 'Best if used by' date. It was never a great language and now it just seems downright silly to keep breathing life into it.
While I'm not going to list out all of VB's disadvantages to you, I will say that the BlackPOS malware that Sergey Taraspov wrote in fewer than 400 lines of code could have been written in a less wordy C-based language in probably 80 lines.
Anyone want to take the challenge? Just for academic purposes?
But then again, Sergey isn't totally to blame here. Sure, he wrote BlackPOS and yes, he sold it but is it his fault that those stores use Windows-based POS systems? I'm just asking. If those POS systems had been say, oh, I don't know, Linux-based POS systems, would the same thing have happened? What about Mac-based? What about ChromeOS-based?
I'm not blaming the POS company nor am I blaming Microsoft. I mean, come on, who would have thought there were these kinds of vulnerabilities in those systems? As one news reporter stated this morning, those companies spent millions of dollars on security only to be compromised by a pretty simple program. And the real question here is, how did Sergey know about the vulnerability in the first place? Did he steal one of the systems? Did he work in a store that used them? Did he know that there was some patch missing on the systems?
But it doesn't matter to me what the truth is for Sergey or those breaches. The fact that VB is ready for the scrap heap is undeniable. To me, the security implications of its continued use is just another nail in its waiting coffin.
It can't happen soon enough for me.
And just so you don't think I'm a perennial malcontent, this is the first time I've ever campaigned for the absolute demise of any programming language. The fact that I don't like Java doesn't mean that it isn't a decent language. I think C# is better but that's just me.
Some advice for Sergey: Use your powers for good. Find something constructive to do with your time other than criminal activity. If I were your father, I'd spank your bottom and send you to bed without any vodka.
To summarize: VB is bad. It should go away. Stop using it.
[Author's additional notes: Here's a quotation from Linus Torvalds about VB:
"For example, I personally believe that "Visual Basic" did more for programming than "Object-Oriented Languages" did. Yet people laugh at VB and say it’s a bad language, and they’ve been talking about OO languages for decades.And no, Visual Basic wasn’t a great language, but I think the easy DB interfaces in VB were fundmantally more important than object orientation is, for example."
VB is wordy, slow, single platform, visually and syntactically unappealing, and its use exposes too many vulnerabilities in the Windows OS. Torvald's statement about it not being a great language is an understatement but more politically pleasing than my total disdain for it. I believe that Microsoft should standardize on C# for heavy lifting and PowerShell for Windows automation tasks. VB, in my opininon, no longer fits into either category. /Author's additional notes]
Related Stories:
- Neiman Marcus: 1.1 million cards compromised
- FBI issues security warning to US retailers
- Most CEOs clueless about cyberattacks – and their response to incidents proves it
- Target's data breach: No, really. It gets even worse.
- There's no hope for our payment systems
- Target data breach part of broader organized attack