Microsoft leaves Windows wide open

Windows Scripting Host -- the feature famously exploited by the Bubble Boy virus -- has still not been fixed
Written by Megan McAuliffe, Contributor on

A security hole in a Microsoft Windows feature has not been removed since its first encounter with the virus 'Bubble Boy' in 1999.

"That kind of danger is still present today. The feature is not used by 99.9 percent of people, and so it should be the first thing removed from a computer when the machine is set up. Otherwise users are at risk of being attacked," Trend Micro spokesperson Andy Liou told ZDNet Australia.

Liou said that script viruses written on programs such as VBScript and JavaScript make use of Microsoft's Windows Scripting Host -- available on Windows 98 and 2000 -- to activate themselves and infect other files.

Viruses that exploit scripts embedded in HTML will automatically execute the moment the HTML page is viewed from a script-enabled browser. In other words, the user doesn't need to double click on the attachment for the virus to be run.

BubbleBoy was the first virus to take advantage of the Windows Scripting Host feature, which hit in 1999.

Liou said the virus was created to prove that a virus could be executed just by reading an email.

The treacherous Love Letter virus, which hit in May 2000, also took advantage of the Windows Scripting Host.

Liou said script viruses have been around for some time and are quite easy to protect against.

"All the user has to do is remove the Windows Scripting Host from their machines, and the virus cannot be executed," he said.

A lot of users however, don't know about the vulnerabilities within the Windows feature, which is one of the reasons the spread of viruses is on the increase.

Liou believes the only users of the Windows feature these days are the virus writers themselves.

"I don't know anybody who uses the feature. By default, it comes installed. A lot of people don't know they have it. It should be completely removed," he said.

Microsoft was recently accused by another security expert of ignoring a different security problem affecting its software.

Take me to ZDNet Enterprise

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.

Editorial standards