How secure is the WSC (Windows Script Components) model?

Question

1. How secure is WSC?
2. Does it always assume that it's running in a trusted environment?
3. Will the technology persist or is there the chance that MS will kill it sometime soon?

Answer 1

WSC's run under the account of the code that invokes them. I use them heavily in IIS and they run as the anonymous internet user in my case.
If you call them from a script, they run under the same account as the calling script. Please beware that when you call them from IIS, they use the Windows system locale, not the website locale, so they do run under the Windows context, and not under IIS. So you might see strange things happening with datetimes and the decimal separator if you run them from IIS without passing the locale along.

The chance of MS killing them off is present, but not very likely, they are a microsoft scripting technology, making use of the MS scripting engine, so I expect as long as Microsoft supports running classic ASP (which is based on the same technology) WSC's will also still work. There are a lot of classic asp sites still in production, aswell as a lot of scripts based on Microsofts scripting technology, so I don't think they'll disappear in the next few years.