Wednesday, August 16, 2006

PowerShell and Security

A few weeks ago, the press were all agog with the latest "virus/worm" to attack PowerShell. As Ars Technica points out, it was a pretty lame bit of malware (see Microsoft's assessment of this worm to find out more). But besides that, the basic issue seemed to be that PowerShell is somehow an attack vector. I suppose that any sufficiently powerful tool can be misused and any tool that can't be misused is unlikely to be of much interest to the malware writers.

The developers of PowerShell have taken extraordinary steps to avoid that misuse. Although some of the design decisions complicate initial setup and configuration. The admin has to do a bit of work before getting PowerShell up and running- but that seems a fair tradeoff.

For a good description of the issues - take a look at a recent blog posting by Leonard Chung which lays out the PowerShell security model in action. He shows how hard it would be for the ordinary user to be infected by this worm. As Leonard summarises: a user truly has to go out of his or her way to be infected". Which isn't to say that this won't happen - just that it's not a problem with the product.

No comments: