VB: The King Of “Dangerous” Scripting Languages?


Posted on 7th November 2015 by admin in Tech

sldJust as Visual Basic made life easier for programmers, the recently announced licensing and redesign of Visual Basic for Applications could revolutionize the use of scripting languages.

But with the revolution come risks, such as security, that independent software vendors will have to face after they roll out their new products.

Scripting languages, while useful, have never been well-loved, partly because of their incompatibility. Every major ISV uses a different language; even Microsoft Corp. uses different versions of BASIC in its applications.

“It’s absolutely a problem,” said Lance Maidlow, president of Kanotech Information Systems Ltd., in Edmonton, Alberta. Kanotech, a systems integrator, uses a handful of different languages to link databases with graphics information such as CAD and GIS programs.

“You end up becoming an expert on each of these languages. It takes a lot of time and makes it more difficult to create reusable models,” he said.

The VBA licensing agreement will begin to stamp out this problem by providing consistency. Major ISVs such as Adobe Systems Inc., Micrografx Inc. and Autodesk Inc. have agreed to accept yet another piece of Microsoft’s technology as a standard.

Another possible result of the licensing is the birth of a whole new breed of power users who can build their own components. Users who would never install or use the main Visual Basic package will now have access to the same form-building tools. This means that users can not only script ActiveX components together, but they can build those components as well.

“We’re planning on training pretty heavily in VB. This is going to increase our ability to develop a better user interface by just asking a few questions,” said Tex Norwood, division head for desktop systems for the city of Fort Worth, Texas.

But this population explosion of components brings its own potential problems, the most obvious one being security. If it’s easy to write useful components, it will also be easy to write malicious ones. The Word Macro virus, which consists of only a few lines of code, can strike fear into the hearts of many IS managers today.

One possible solution is digital signatures, Microsoft’s verification method for components. If the digital-signature paradigm is accepted, it could provide a checkpoint to screen for malicious components. The vendors who have licensed VBA said, however, that their main priority is simply getting VBA to work in their applications. The question of security will be dealt with later.

Another problem is inadvertent incompatibility. While most applications work together smoothly today, there are still glitches. These problems could increase as users build complex components without sufficient training.

Mitch Kramer, an analyst with the Patricia Seybold Group, in Boston, acknowledged that a common, simple scripting and development language could cause some problems, but said that the end result will be a more robust system.

“Look at the [early] days of VMS or MVS,” Kramer said. “Everyone knew the language and everyone had access to the specs, so everyone could go in and ‘make things better.’ But it did lead to a lot of efficiencies once everyone had learned.”

To the ISVs, that problem is also far in the future.

“It would be good to have that problem,” said Willie Tejada, vice president of product marketing for NetManage Inc., in Cupertino, Calif. “I’d really like to be at the stage where we had enough components to have that problem.”

No comments yet.

Leave a comment