Did Microsoft learn from Melissa?
Security experts said they believe Microsoft, of Redmond, Wash., should take more responsibility for the threat
of VBScript-borne viruses. It had more than a year to react after last March's Melissa virus but did nothing to
prevent the recent rash of similar viruses, they contend.
"They [Microsoft] have integration as a default, they have permissiveness as a default. The OS assumes that
every application is trusted and gets complete control," Bruce Schneier, chief technology officer and founder
of Counterpane Internet Security Inc., of San Jose, Calif., said in an interview at NetWorld+Interop in Las Vegas
Shimon Gruper, executive vice president of the Internet security unit at Aladdin Knowledge Systems Inc., said the
inherent vulnerabilities of the Microsoft technology likely mean that virus attacks such as ILoveYou will continue.
"The tools are very open for everybody to write new executable programs," Gruper said from his office
in Haifa, Israel. "However, there is no security built in."
Just shutting off the scripting language may not be the simple answer. Because of tight integration, Gruper noted
that if companies try to disable VBScript to avoid problems, users could have difficulty logging in to their corporate