To Protect Your PC Disable the Windows Scripting Host
By Stephen Bucaro
The Windows Scripting Host (WSH) is a feature that enables VBScripts to run
on Windows operating systems. VBScripts contain instructions that can modify
almost anything on your computer without your knowledge. They are frequently
used by system administrators to automate PC administration tasks.
Scripts are plain text files and VBScript is a very simple progamming language,
so anyone can use Windows Notepad to create a script to read, modify, create,
or delete files on your PC, including the registry and other configuration
files. A script can be executed by clicking on the name of the script within
an email message. Hackers can use the WSH to infect or cause damage to your PC.
You can increase the security of your PC by disabling the WSH; however, this
prevents you from taking advantage of its powerful capabilites, and some legitimate
applications use the WSH. In this article, you'll learn a technique to quickly
enable the WSH, use it to perform administration tasks, and disable it again.
Disclaimer: This article involves editing the registry. Incorrectly editing
the registry can cause your computer to fail to start. The use of this information
is entirely at your own risk. To be safe, you should backup your computers
registry before using this information. In no event shall Bucaro TecHelp be
liable for any damages whatsoever arising out of the use of or inability to use
the information in this article.
The first step is to export the registry key that controls whether the WSH
is enabled or disabled.
1. Select Start | Run... and in the Run dialog box that appears, type regedit
and click on the [OK] button.
2. In the Registry Editor, navigate to and highlight the following key.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings\Enabled
3. In the Registry Editor "Registry" menu select "Export Registry File...".
4. In the "Export Registry File" dialog box that appears, in the "File name:"
text box enter a file path and name, for example "c:\wshkey". Make sure
"Registration files" is selected in the "Save as type:" drop down list.
5. Make sure the "Selected branch" radio button is set in the bottom section
of the "Export Registry File" dialog box.
6. Click on the [Save] button.
The Registry Editor will have created the file wshkey.reg in the root of the
c: directory. You can open the file in Windows Notepad and see that it contains
the following information (or something similar to it).
Windows Registry Editor Version 5.00
Note that the "Enabled" key is set to "1", indicating that the WSH is enabled.
If this key is set to "0" on your machine, then the WSH is disabled. In order
to run scripts on your computer, you'll need to edit this setting and import
the key back into the registry.
To see if the WSH is actually running and enabled, open Windows Notepad and
create a new file by typing in the following lines.
Set wshShell = Wscript.CreateObject("Wscript.Shell")
MsgBox("Hello from WSH!")
Save the file with the name test.vbs (you may need to save it as test.txt and
then change the file extension). When you double-click on the file name, a
message box should appear.