Hacker News new | past | comments | ask | show | jobs | submit login

You can't rely on JScript being present unfortunately. It can be disabled.



It probably should be disabled on most machines. The last time I heard about it was @swiftonsecurity complaining about it being an easily overlooked malware vector.

I'd be surprised if this capability is only available from jscript though. (and sad, I don't think jscript has been updated in years)


Can't spell unfortunately without fortunately.


What can you rely on then?


Uhm, for uninstallers? How about Windows Installer?

If you mean in other contexts... I think the point is you're not intended to be able to do this? Outside of uninstallers, running code that only exists in RAM is... the type of thing malware typically wants to do more than anything else.

But in terms of what's physically possible, I suppose there's the command prompt, PowerShell, and scheduled tasks? I'm not sure if all of those can be disabled.


Edit: I forgot about this, but there's also the official solution of MOVEFILE_DELAY_UNTIL_REBOOT. But (as with scheduled tasks) the delay can cause problems: https://marc.durdin.net/2011/09/why-you-should-not-use-movef...




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: