Here's a few examples utilizing hta (HTML Application). I ran across this because I was looking for a way to render Flash in a without all the menus and such. And without launching via passing JavaScript to the window. From what I understand so far, it executes mshta.exe and any computer that has >IE5 and a 32 bit OS. And in my opinion, it's best used for "client-side" only apps. The options here are endless. Take a look at these samples and be the judge. If there's anyone interested, I'll provide the full source code - most is easily found on the web (I mistakenly used the WinButton plug-in - oops). IMO, this would be a fine solution for numerous inquiries at this forum for making [B]"trusted applications".

For starters, it can interact with dlls, other executables, and just plain ol' HTML if desired, but with a bit more control over customization....

Ah, I await further discussion :)

HTA Samples (http://rphmedia.net/downloads/htastuff.zip)

Very cool, fun stuff! Keep pushing the envelope :D

You can start here to learn about HTA:
http://www.vbwm.com/articles/2002/abarfield/hta01/


I made a Setup launch program with HTA including VB-Script.
We stopped it cause of several problems on the customer PC's.

Stefan_M

What were the problems encountered? Those hta's in that app are not requiring any special DOM's on the user's system to perform. Yes, there are deep-end ways to launch specialized apps like database connections, for example, that you'd have to also provide the scripting dlls or modules with the app. But I'd say WinMe and above (unless their IE is very old - AMS is usually dependent on IE5 anyway) would suffice with these little things. You must have had some specialized scripts that not everyone had by default? Just guessing, I'm not claiming to be an expert. Curious as to the errors or operational hicups you heard.

To just manipulate the window, all you have to do is change any *.html to *.hta and you have the application. Then it's just a matter of changing the <hta:application> tags to your desires. This is what I'm talking, just basic routines (with maybe the exception of launching an exe; I think that was pretty neat, and unheard of in a browser :D )

Just got round to trying it out Ron. Great stuff - this looks worth further investigation. I'm going to have to give up sleeping - just too many interesting things need my attention :lol

The problem was the scripting language 'VB-Script'.
1. Some Antivirus-Software blocked the execution.
2. not installed or deactivated VB-Script.

I don't like hta because it works like an EXE file.
With HTA and VB-Script it is possible to delete all your data on your harddisk.
(simple virus)

Stefan_M

I don't like hta because it works like an EXE file.
With HTA and VB-Script it is possible to delete all your data on your harddisk.
(simple virus)
Stefan_M

Uumm, so could AMS :wow

I'm talking trusted applications here, not maliciousness.

IOW, I could make an app in AMS in 2 minutes that could do the very same thing - silently. If you think about it, what's the difference?

The problem was the scripting language 'VB-Script'.
1. Some Antivirus-Software blocked the execution.
2. not installed or deactivated VB-Script.

I don't think this is a objection to HTA. Yes, Norton Antivirus declared Malicious script detected when I ran rhosk's example. The same thing happens when your run the famous "Hello World" VB script. The user has to authorize the script (once). It is a long way from today's script checking to artificial intelligence. The user has to learn the real environment. Some users do not understand the difference between A:\ and C:\. They HAVE to learn!

rhosk, Keep on! I'm following you. (I have not knowledge enough to conclude at this point.)

That’s cool, I’ve never seen HTA before. Should note that I experienced the same Norton Antivirus response as csd214 did.

Some Info about HTA from MS

MS-HTA description (http://msdn.microsoft.com/library/default.asp?url=/workshop/author/hta/overview/htaoverview.asp#Creating)

Stefan_M

That’s cool, I’ve never seen HTA before. Should note that I experienced the same Norton Antivirus response as csd214 did.
JImS, etal, which function/button caused Norton to alert (Mcafee doesn't alert at all - could be a good thing or a bad thing)? Or was it the entire app?

The only one I can think of is the file execution script (notepad stuff). I don't believe that plain old hta is causing the alert.

Ron,
readfile.hta and exec.hta cause Norton to complain. All others OK.

Ah, that's what I fingered, thanks!

Play with hta (without the WScript.Shell - most likely freaking Norton out / doesn't know "good" from "bad" I guess) and you'll be hooked. It does a few functions that AMS currently can't perform (I'm sure the dev guys are taking note :D ).

Two samples with VB-Script

1. a simple editor
2. a CSS (Cascading Style Sheets) builder

Stefan_M

Two samples with VB-Script

1. a simple editor
2. a CSS (Cascading Style Sheets) builder

Stefan_M
SHOWOFF!! :yes

Stefan.. here is what Norton had to say about using .hta files! I once remember reading about .hta and I believe this is why I stayed away in the first place, shame though. :rolleyes

Norton just doesn't know good from bad. So, they opted for "all", THAT'S a shame. You'd be surprised how many *.vbs files are on your computer right now.

It saw the .hta extension though... not a .vbs.

Intrigued: Yes, that's the default screen when Norton detects a malicious script. The help file says:

"Script Blocking detects Visual Basic and JavaScript viruses without the need for specific virus definitions. It monitors the scripts for virus-like activity and in most cases you receive an alert telling you that a potential threat was found.

You must choose one of the options to remove the threat. The recommended action is to stop the script from running. You can click Help on the alert for additional information about how to respond."

The user options are:
Stop this script
Allow this activity once
Allow the entire script once
Quarantine this script
Authorize this script

The red flag is shown with almost every VB script (not the "Hello World"). The script below is malicious due to the GetFolder action:

Set fso = CreateObject("Scripting.FileSystemObject")
AppFolder="C:\Program Files"
' THE NEXT LINE IS THE DANGER ACCORDING TO NORTON ANTIVIRUS
Set f = fso.GetFolder(AppFolder)
'Comment out the previous line; then there is "NO DANGER"
If AppFolder <> "" Then OSspraak = "English" Else OSspraak = "NOT English"
MsgBox "Windows: " & OSspraak,,"Language"
Wscript.Quit
I'm not impressed by the ability to segregate secure scripts from dangerous ones.
If you try this script, choose 'Allow the entire script once' (to have the same message next time). Normally my choice is 'Authorize this script'.

Yes, we also instruct the users of one of our products at the shop to Allow the Entire Script to Run One time.

If the virus writers would just write a useful and legal piece of code... they may find they can make a very nice living.. instead of having Interpool, FBI chase them to and fro' because of their wanna'be L33T garbage, puke, stooged... and just plain lame... *disgusted look, shaking head, and walks away...*

Till then.. we get these potential client/customer prospect breaking security warning nags!

*Off the soap box, and back to surfing... :o

It saw the .hta extension though... not a .vbs.

Just to clarify Intrigued, Norton saw the vbs links IN the hta, not the hta itself. And I definitely agree with your last statement.

Roger! Thanks for the clue in... but.. (sorry, ha! ha!).. how does one (us) know it is because of the .vbs and not the .hta. This (sorry again) intrigues me.

Thanks in advance,

Save this to your drive with a hta extension. Then double click :)

Here are the results:

The file you just had me open (after checking it out of course)... did not show any warnings! :yes

Then I tried your original file you offered in the thread and ran into two of of eight that gave a Norton warning dialog box. Ack!

But, I did like how the Flash files showed up!

Over all... still pretty neat and useful! Good find!

Awesome stuff Ron, simply awesome! :yes

Corey Milner
Creative Director, Indigo Rose Software (http://www.indigorose.com)