Microsoft to kill off VBScript in Windows to block malware delivery
Microsoft to kill off VBScript in Windows to block malware delivery
Microsoft to kill off VBScript in Windows to block malware delivery
Man I hate VBA as much as the next guy, but when the IT department has your network so locked down you cant install anything. Having that hidden tab in Excel to write a script to automate some mundane task was really useful. I like python, but there's no fuckin way my ex employer would just allow me to run random python code like they did for VBA. It was a gov job btw.
Python is soon to be integrated into excel, I might not be a python fan but if it's gonna replace vba I'm all for it.
It'll only run on cloud. Their employer would probably block that too.
Afaik the python is ran on Microsoft servers, so not exactly a perfect solution. I doubt it will run offline at all
Wouldn't it face the exact same security issues as VBA, with drive-by installs of obfuscated malware and executions of arbitrary code?
The article is not about VBA, it's about VBS. The languages are similar but not the same (why exactly MS did it this way I'll never know).
VBA is for embedded macros in MS Office documents.
VBS is a standalone language you write into .vbs files that get executed by wscript.exe. It's a default windows feature that has been around a long time (IIRC the ILOVEYOU worm used it).
Not to mention Python’s in cloud
It’s about time.
It is their own Adobe Flash and it’s good that it is faded out. Too obscure in modern times, too many security flaws. Only warm nostalgic memories will remain in 10 years.
It is their own Adobe Flash
No, that was Silverlight. VBS is MS's JS.
Some men just want to watch the world burn.
I hope they kill off VBA too. I still see some teams in banks implementing Monte Carlo simulators or PDE solvers in straight VBA 🤢
I have seen critical enterprise applications run in VBA in excel. Removing VBA would cause global economic ruin. I'm pretty sure that's the unspoken backstory for the Fallout series.
Can confirm. Worked at several billion dollar corps that would collapse without vba.
Another confirmation here. At my previous job, I was they guy who built Access databases and wrote VBA code. While not ideal, it was a very small business (less than 10 employees) and it was fit for purpose.
When I got a new job at a company with almost 3,000 employees, I was like, "Finally, I'll be working somewhere that has proper IT resources." Ha! I soon find out that my department runs critical business infrastructure with Excel macros. And we have a proper IT department.
As everyone has already said, if IT resources are in short supply (or the wait is too long, or building projects with IT support is a PITA), then people will build systems with the tools they have at hand. And that's often MS Office.
MS: You have until (now +2 years) to phase out VBA.
Enterprise: panic noises
I've worked for a major international company and I was for a while the only maintainer of a shitty request form in an excel file, sent worldwide to hundreds of people. As they wanted more and more specific functions the stuff grew to thousands of unholy VBA code lines and a huge hidden sheet of data.
That thing even had a fully custom language switch function for all dozens of field labels and their possible values.
I kinda hope they're still using it (that wouldn't surprise me) and that their whole workflow will crash and burn when Microsoft finally kills VBA.
Enterprise will cause a boom in hiring VBA devs to migrate legacy apps to other programming languages, then hear Microsoft will extend support for a few more years, then fire all those VBA devs again. If Microsoft had some wits, they'd create easy tools to migrate VBA to C#.
Well it's gotta be done some time... otherwise we end up with another version of COBOL.
WTF, seriously? VBA feels more like a scripting addon (which I suppose it is), not something to build wholesale CRITICAL programs with.
My job is literally to keep a NASDAQ company afloat on process automation written mostly in VBA to make up for the sweeping layoffs that were made to keep the CEOs bonuses fat...
I'm migrating some VBAs to python/pandas and reducing some process times from half an hour to 3 minutes.
Yup that's normal because VBA is single-threaded, doesn't take advantage of vector instructions and even its interpreter is slow. So when someone writes numerical code in VBA working in single precision, and assuming they have an 8 core CPU with AVX2, they're using only 1/64-th of their CPU's processing power. On the other hand with Python, while it's still interpreted, the interpreter is much faster on its own, and you have modules like numpy
that use precompiled routines that take advantage of vector instructions (and possibly multiple cores).
Btw, Libreoffice supports python scripts. Other offices too?
The first hack I ever did was to remove the security add-on my middle school put on our macs so we couldn’t play games. The attack vector was the file APIs in VBScript executed via a word doc. Fun times!
At least you got hardware that wasn't designed for schools.
I don’t think there were any computers designed for K-12 schools at the time. They were PowerMacs, and later, iMacs. They weren’t even set up for multi-user; they were just unlocked all the time.
Took them long enough.
What if law enforcement need to make a gooey to trace a hacker?
Hopefully this means a modern replacement for slmgr.vbs
It's okay, we will have python as a replacement.
Now would be a great time for everybody to dust off their VBScript skills and start offering contracting hours to the tens of thousands of companies that rely heavily on it for daily operations. Make yourself a mint porting scripts from 1996 into a modern language, or even PowerShell if you must.
Poorly authenticated process injection will stay though? Ok. Good job guys.