A new scripting tool targeted by a virus writer will not be part of Windows Vista, the next Windows client release, Microsoft announced Friday. Instead, the software maker is looking at delivering the command-line shell tool, code-named Monad, as part of its next major server operating system release, a Microsoft representative said. That release, code-named Longhorn Server, is due in 2007.
Post a Comment
Member since:
2005-06-29
Now Monad can join WinFS in the league of interesting software ideas that'll be released in a big ceremony along with Duke Nukem Forever. Honestly. You'd think porting BFS and irb to Windows would be somewhat quicker than this*...
* Yes, I know that WinFS isn't remotely like BFS, and that Monad is not really like irb (which is the interactive ruby display, which is much closer to Monad than bash is). But they're close. 
Member since:
2005-06-29
The concerns around the viral proof-of-concept scripts for monad are really blown out of proportion in my opinion. Sure scripts can contain malicious code, but that's something that can happen on a number of platforms.
Script viruses are no harder to protect against than ones written with compiled programming languages, the difference is simply that writing them becomes a little easier. Anti-virus software may have an easier time detecting viral script code than compiled code, and I'm sure MS could implement a sandbox for monad if the need arises.
Member since:
2005-07-06
http://news.bbc.co.uk/1/hi/technology/4748257.stm
why do people still believe microsoft ?
Member since:---
Member since:2005-07-06
The current delivery vehicles for MSH are Exchange 2006 and the WinFX SDK, meaning MSH will be available for Vista/Longhorn Server as well as Windows XP/Server 2003. The current beta of MSH is shipping now as part of the Beta 1 WinFX SDK.
Regarding these "viruses" and MSH security:
http://www.leeholmes.com/blog/MonadAndTheFirstVistaVirus.aspx
The fact that MSH is used as the execution vehicle is really a side-note, as it does not exploit any vulnerabilities in Monad.
Monad has three features to help: not installing a shell association by default, configurable execution policies (along with digitally signing scripts,) and not running scripts from the current directory.
Our installer doesn't tell Windows that it understands .msh scripts, so double-clicking on a .msh file does nothing.
Monad follows a policy similar to that of Unix shells: we do not run them, unless you explicitly ask us to. This prevents malicious scripts (with names such as dir.msh, or get-childitem.msh) from intercepting your otherwise innocent attempt to list the files in that directory.
We also support three execution policies to help you run scripts only from publishers that you trust.
The first execution policy, "AllSigned," checks all scripts for a digital signature. Monad asks you if you trust that publisher to run scripts on your system. The second execution policy, "RemoteSigned," checks scripts origintating from the Internet for a digital signature.
[In either of the above modes], if the file doesn't have a digital signature, Monad won't run the file. Monad contains functionality to let you digitally sign your own scripts to help you run in this mode.
This will be our default execution policy past beta.
The final execution policy, "Unrestricted," does not check the digital signatures on scripts. However, if a script originates from the internet, it will warn (and prompt you) before it runs it.
Member since:
---
Member since:
---
Member since:2005-07-06
Member since:2005-07-20
Member since:
---
The problem with having a scripting language built into an OS used by a bunch of neophytes is that they'll pretty much run anything that promises them nude pics of J-Lo. So, how do you protect against that? I don't think you can. Even in Linux, if you have written something that can completely take over system but needs root access, all you gotta do is trick a user into typing in the password. Most Linux users are too savvy for that nonsense. Most Windows users however, are not.
If Windows users were as literate as Linux users are, as unsecure as Windows is, you'd probably see a reduction in viruses/spyware/malware by at *least* 90%.
My point here is that as long as a scripting language gives the user any kind of power to do anything, the entire OS just became insecure by default.
Member since:2005-07-10
Your point about scripting language built-in os is valid but it is essentially ability to execute anything. People even click on binaries thinking JLO pics.
By the way, Monad has a really great defense and i must appreciate people who designed it for that. Here is what happens:
1. By default monad only run digitally signed scripts. This will prevent accident execution of scripts. User can however disable this feature and probably they will since it will become annoying.
2. Monad doesn't associate .msh files with shell, so double clicking on a .msh file won't launch it. Another good defense.
3. Monad shell won't run dir.msh if user types dir, this will prevent execution of local dir.msh without user's knowledge.
Other than that, they are doing some more things to protect *stupid* users.
Member since:---
Your point about scripting language built-in os is valid but it is essentially ability to execute anything. People even click on binaries thinking JLO pics.
It's not just about executing though. Think about phishing attacks - in order to make that work, you have to get the user to launch a browser and fill in credit card information.
Member since:---
no, I disagree
if your linux distro uses SELinux, which most major disrtos do these day... then, it will not matter if a user is tricked into supplying the root password, as even the root user has no access to system files, unless he access them through the SELinux policies
your argument is moot and windows is still behind linux in terms of security, even with muppet users
Member since:
2005-07-11
Its been known for a while that Monad was not going to be distributed with longhorn (vista) client. It will not ship with Longhorn client! It will ship with Exchange Server 12 at the end of 2006 only.
Monad Shell (MSH) Chat Transcript December 2004:
http://www.microsoft.com/technet/community/chats/trans/windowsnet/w...
Member since:
---
Member since:
---
RE[2]: It's too bad, really ....
Member since:
---
Member since:
2005-07-06
Member since:
2005-07-06
Member since:
---
Member since:
---
Member since:
2005-07-06
Member since:
2005-07-06
Member since:
2005-07-10
Ahh how much i pity you. You know in your heart that you want Linux to succeed but then you also know you are not that capable. So you try to make fun of the others.
It is simply unachievable for people like you to make a general purpose and useful OS like Windows. So all you do is sit here and talk. LoL no wonder Linux is still strugging to gain even 5% desktop after so many years 
