Scripting News (Really!)

Like you, I find scripting an engaging topic, but let's face it--when talking shop with fellow scripters, not many discussions about current events slip into the conversation. In the next few weeks, however, two noteworthy events might become a hot topic among scripters.

The first is that Microsoft is acquiring Winternals Software, a company that offers systems-recovery and data-protection solutions. More important, Microsoft is also acquiring Sysinternals, Winternals' freeware Web site. Many scripters use Sysinternals freeware--such as the Autoruns tool and the tools in the PsTools suite--in their scripts.

Mark Russinovich and Bryce Cogswell founded both Winternals and Sysinternals. Mark will join the Microsoft Platforms and Services Division as a technical fellow. Bryce will join Microsoft's Windows Component Platform Team as a software architect.

While this acquisition is good for Mark and Bryce, you might be wondering whether it's bad for you. It begs the question, "What's going to happen to Sysinternals and its free tools?" In his Sysinternals blog, Mark writes, "...the site will remain for the time being while Microsoft determines the best way to integrate it into its own community efforts, and the tools will continue to be free to download." To read Mark's blog about the acquisition, go to . You can read the official Winternals press release about the acquisition at

The second noteworthy event that might crawl into your scripting conversations is the discovery of another Windows PowerShell worm. (The first was reported about a year ago.) In the article "Hackers Try to Crack Windows PowerShell" (, CNET reports that security software giant McAfee has detected a worm called MSH/Cibyzvirus, which targets PowerShell. The article states that, "The worm doesn't exploit a specific security hole in PowerShell. Instead, it abuses the product's ability to execute scripts by attempting to trick users into downloading and running malicious code. To do this, it uses a series of product names that may be attractive to Kazaa users. If run, the worm will overwrite some file types, change registry details and place itself in the machine's Kazaa shared folder in order to spread."

The only information I can find about the worm on the Microsoft Web site is in the Windows PowerShell blog ( To begin, the blog notes that the PowerShell worm won't work on and can't infect PowerShell in its default configuration. "This is a proof-of-concept virus whose 'Worm' replication mode is just a simple file copy and could have been implemented in any language which supports copying files. The fact that the worm is written in PowerShell rather than another scripting language or even as an executable has actually made it even harder for this virus to spread since the additional security features around PowerShell scripts result in many additional steps for the user to perform before an infection can take place."

The blog goes on to say that, "Unlike some worms, the so-called 'PowerShell Worm' does not take advantage of any vulnerability within PowerShell to spread automatically. Although classified as a worm the PowerShell Worm depends upon the user performing a series of fairly complex set of steps to circumvent and disable the numerous security features of PowerShell before any infection can take place."

There you have it--two news tidbits that you can talk to your fellow scripters about if you haven't already done so. However, I don't advise that you work it into a conversation with your family or friends. They'll likely have that "Yeah--so what?" expression on their face. They don't know what they're missing.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.