• silicon.com
• Technology
• Software

By Joris Evers, 8 August 2005 09:15

NEWS A new scripting tool targeted by a virus writer will not be part of Windows Vista, the next Windows client release, Microsoft announced on Friday.

Instead, the software maker is looking at possibly delivering the command-line shell tool, code-named Monad, as part of its next major server operating system release, according to a Microsoft representative. That release, code-named Longhorn Server, is due in 2007.

Stephen Toulouse, a program manager in Microsoft's security group, said in a blog posting: "Monad will not be included in the final version of Windows Vista. So these potential viruses do not affect Windows Vista."

Microsoft is responding to the online publication of five examples of malicious code that target Monad. The tool was initially intended to be included in Vista. When news of the exploits came out, it triggered reports that they would be the first viruses for Windows Vista.

With the announcement, Microsoft is making it clear that the Monad viruses will not affect the client version of the operating system update, previously known as Longhorn.

Monad, also known as MSH, is the replacement for the simple command shell in the current versions of Windows. A command shell lets users enter text-based commands, as in the Windows' predecessor DOS. Monad has much more functionality - similar to shells in competing products, such as Bash in Unix.

Monad is available to testers but is not part of the first Vista beta, released last week. However, at the time of the beta release, Microsoft left open the possibility that Monad would be included in later test versions of Vista, saying it had no further details on a specific delivery vehicle for the command line shell in Windows. Friday's announcement ends any confusion over Monad's inclusion in Vista.

Toulouse's posting follows comments from a Microsoft developer in another blog posting on Thursday criticising security company F-Secure's claims of a possible first Windows Vista virus. Lee Holmes, who works on the team building Monad, wrote: "It's a misleading title, as it's an issue that affects any vehicle for any executable code on any operating system."

"The fact that MSH is used as the execution vehicle is really a side-note, as it does not exploit any vulnerabilities in Monad," Holmes wrote. "The guidance on shell script viruses is the same as the guidance on all viruses and malware: protect yourself against the point of entry, and limit the amount of damage that the malicious code can do."

Microsoft's Toulouse gave no details on why Monad won't be part of Vista. He did say the new shell is "being considered for the Windows operating system platform for the next three to five years".

While it is now clear that the new command line shell won't ship as part of Vista, it is still unclear how the technology will be delivered. Microsoft representatives have said Monad would first ship as a feature of Exchange 12, the next release of Microsoft's email server, due in the second half of 2006.

In a TechNet web chat for developers and technology professionals in December, Microsoft representatives said Monad will support Windows Server 2003, Windows XP and Longhorn, which at that time was the code name for both the client and server versions. Microsoft could release Monad as an operating system update or downloadable add-on.

Joris Evers writes for CNET News.com