Went to install Script Sentry and i get the following error message on install....(screenshot)
Here comes the Stupid question of the week......Since the Windows scripting host is not installed, Does this mean that i dont need to worry about unauthorized scripts being run that i dont want, and therefore i dont need ScriptSentry.

Phazor

Sorry....Heres the Screenshot

Hmmm... no responses yet, So i will alter the question a bit.....
Does a person still need to use script sentry if they dont have the windows scripting host installed.

From Jasons Site"windows scripting host can be used to make some useful scripts"... ive never used this function, therefore i have no clue as to what we/they are even talking about.

Bottom Line is....Since i dont use it (WSH), would my system be safer without installing it and script sentry.... or would i be safer installing WSH and using script sentry????

-{ Quote: "Bottom Line is....Since i dont use it (WSH), would my system be safer without installing it and script sentry.... or would i be safer installing WSH and using script sentry???? " }-

A general "rule of thumb" regarding security is: "If you aren't using something, disable it." By doing this, you immediately limit your risk, as far as any exploit goes, for that particular service or function. But, sometimes things that have been disabled might get re-enabled by a malicious program, by accident, or by way of an installation or upgrade to some system component...

So, if you really want to limit your exposure, "remove" the service, program or function entirely from your system. Since Windows Scripting Host (WSH) is optional, you can remove it. Here's what Symantec says regarding WSH, which includes information on removing it:

http://securityresponse.symantec.com/avcenter/venc/data/win.script.hosting.html

If you remove WSH, there's no need for Script Sentry. From the installation error posted above, it appears that Script Sentry not only sees that WSH is not installed, but prevents installation of itself because of it. I have not used Script Sentry, but, that error message almost makes it sound like Script Sentry "needs" WSH to operate. Perhaps some of its coding is in VB Script or Javascript, but, I don't know.

If you want to use these scripts on your system, then Script Sentry is probably a very good idea. Also, DCS has something to say on this subject. They provide a patch (the WSH Anti-Polymorphism Patch) to make WSH safer if you are keeping it on your system. I do have this installed...

http://www.diamondcs.com.au/web/patches/enhancer.php3?patch=wsh

One last reminder for everyone as this is often a point of confusion. Script Sentry adds protection for scripts that run locally on your system. It does not add any protection for scripting run within your browser. For example, Javascript run in Internet Explorer... Script Sentry does nothing for you there. Jason is very quick to remind people of this when they start to think his tool protects against internal browser exploits.

Phazor - you'd be safer removing WSH, then keeping it and adding layers of protection to restrict it.

Hope this helps,
LowWaterMark

LowWaterMark - i've had the patch from DiamondSC on my Win98se....but after reading this thread, i realize i haven't done anything about this WSH thing on my XP, but where Phazor said: "... ive never used this function, therefore i have no clue as to what we/they are even talking about."

i don't either! What get's broke or doesn't work anymore (meaning applications, etc.) once this patch is installed, or if the WSH thingie is removed completely?

-{ Quote: " quoting: snapdragin link=board=9;threadid=4849;start=0#33222 date=1038037314]What get's broke or doesn't work anymore (meaning applications, etc.) once this patch is installed, or if the WSH thingie is removed completely?" }-

I am still away from home, stuck using only this old Windows 95 200 MHz Pentium system, so I can't check my XP system for some specific details, but, I believe in XP WSH can be removed / restored easily via Add/Remove Program - Windows Components. So, you ought to be able to remove it and put it back if removing it causes any problems. (Check Add/Remove and confirm this is where it is on XP first.)

[hr]11/25 - Edited to clearly strike-out my incorrect advice above. Now that I am home, I find that XP does not have WSH in Add/Remove Programs - Window Components. (Too bad that!!) Therefore, you must follow the advice at the Symantec site and either: 1. run their program to disable the file associations (or do it manually in Folder Options), or 2. remove the program \windows\system32\wscript.exe saving off a copy in case you want to restore it later. Here's the link again:

http://securityresponse.symantec.com/avcenter/venc/data/win.script.hosting.html [hr]
If you remove it, script files on your system won't be executable anymore. For example, this means *.vbs and *.js won't run anymore if you double click them. If you have applications that use these scripting languages, they won't work. I don't think there are any normal, native Microsoft Windows XP based apps that need these for normal operation.

On my XP system, I had already changed the default action on these and some other extensions to be Edit (i.e. Open in Notepad) rather than execute. This was another way to add a simple layer of protection. You do this in Folder Options - by editing the file associations. I also added the DCS patch. I did this rather than uninstalling WSH because I occasionally write and run VBS programs to perform some basic functions.

These scripting languages can be VERY useful, but, if you don't have any scripts (search your system for the various script file extensions), then you aren't really going to miss them. If you need it, leave it and either get a script protection tool or at the least take some steps like I have to restrict them (file assocs and the patch).

I have been criticized in some way about posting too many quotes from the IEClean Helpfile.
So read some stuff about it here:

http://www.nsclean.com/iedetail.html

Read from where it starts: "VBS" or "Windows Scripting Host" (WSH) ...

And I make one quote:
“To make matters worse though, any time you went to do a windows update, Microsoft would only put the files right back into your system, exposing you once again long after you thought the files were gone forever.”

And take some time to read what PCHelp says about these things:

http://www.nwinternet.com/~pchelp/index.html

http://www.pc-help.org/security/scrap.htm

And he quotes and points you to this site (and yes, again, from PSC):

http://www.nsclean.com/psc-vbs.html

i use TCMonitor to watch my startup registry entries.. but when you boot up, it also asks if you want to disable scripts. if you say yes, then javascript with the hotmail site (logging in via the web) may fail. of course no other sites are affected, just this microsoft site.

Thanks for the input Lowwatermark and FanJ, the info you provided and also the links answered alot of my questions.....

Phazor..