VBScript: The Wrong target

Petition updateAsk Microsoft to cancel their planned Removal of VBScript + Classic ASPVBScript: The Wrong target

Alexandre FÉRONReims, France

Jun 2, 2025

Hi, Microsoft Corp.!

🔐 Security... security... hum.
Scams. Malwares. Email Attachments... VBScript?

At Microsoft, do you really care about security? After all, that's great, and we all do.
Security is the word YOU have chosen for announcing your intention of eventually deprecating the VBScript engine.
So let's assume this is a viable argument, here are our recommendations instead:

✅ Don't install the VBScript engine at the initial Windows Server installation, but offer it as an optional feature. This is what the "Add Roles and Features" dialog was designed for.

✅ Establish a clear separation between the Client/Desktop VBScript engine (WScript.exe/CScript.exe) and Active Scripting Pages (asp.dll executing Server-Side VBScript/JScript code), and offer the ability to SysAdmins to restrict the usage of each of them through fine-grained and configurable GPO policies.

✅ Invest in education. Punishing EVERY PRO USER for the sake of protecting the uneducated mainstream ones from themselves is a nonsense. I told my mother not to click on any unknown attachment. I bet that you, as an international corporation, have more time and resources than me to do the same.

🙃 Deprecate VBA inside all Office applications. Lol. And disrupt almost all businesses in the world. We have never seen a *.VBS file attached in an email that has not been scanned by any antivirus softwares for Y-E-A-R-S (even the worst and free ones).

🙃 Integrate an antivirus in Outlook or Windows. Oops: you already did that with Windows Defender! So isn't it capable enough to filter-out malicious *.DOCX files? If not, consider completely deprecating MS Office too. Lol again.

🤦 Add a secondary UAC confirmation dialog box in addition to the first one you introduced with Windows 7. Consider adding a third confirmation dialog box, and maybe a fourth : "Are you sure of being sure that you are sure that you really want to open this Word document / open this VBScript file / launch this malicious executable / open Notepad ?"

🤡 Stop ignoring all the comments in your funest blog post, and remind Naveen Shankar Chilla that he's supposed to work for Microsoft and follow the consequences of his work. Ignoring your user's base has never worked for your company. Not for any other one (Yes, I'm looking at you Broadcom and Oracle).

✅ Microsoft have to split the VBScript engine in 2 parts.

As Windows Server 2025 has shipped, we still are desperately waiting for reassurance about the fact that Server-Side VBScript + JScript (aka. Classic ASP) will be separated from Client/Desktop VBScript, and remain available for all the web developers that are maintaining systems on it.

We are not talking of personal blogs, but complex and robust Classic ASP websites running important businesses that, yet, even of their investment capacities, won't invest in coding the same thing in .NET.

Accept that .NET is not the sole player. Classic ASP and VBScript are GREAT products coming out from Microsoft's belly.

💪 There's no need to drown one of your children so the other can grow up.
Just love them both.

Support now

Sign this petition

Copy link

Facebook

Nextdoor

No summer for developers!

Mr. and Mrs. "NonSense" have a child...