[Previous] [Table of Contents] [Next]

Partially Disabling WSH

One solution for Microsoft Windows 95 and Windows 98 (smarter than uninstalling WSH) is to partially disable WSH so that default Windows settings can't be used from a virus to launch WScript.exe or CScript.exe. You can partially disable WSH by renaming WScript.exe and CScript.exe in the system folder (\System or \System32) to something like _CScript.exe and _WScript.exe. If a program tries to execute a .vbs or a .js file, the program fails with an error message stating that the executable isn't found because no EXE file is present.

The advantage of this approach is that an experienced user can still use WSH by explicitly executing a script, using a command such as this:

_WScript.exe <path>\script_file

As long as _WScript.exe exists and the path to the script file is valid, Windows launches the host and executes the script file.

This trick works well in Windows 95 and Windows 98. However, in Windows 2000, after the first file is renamed, a dialog box appears, stating that an essential system file is missing and that you can repair the system from the Windows CD. (A copy of the original files is also located in the DLL cache.) In the following section, I describe a better way to protect WSH.