Hi Susz,
A script is a type of computer program- a set of instructions for the computer to follow- but unlike other computer programs, a script needs a special application to be present on the computer to run it: the computer itself cannot run a script. Javascript, for example, runs inside a web browser.
Scripts are written in language we (humans) can read: they need another program to interpret them so that the computer can implement them. There are other types of computer program which humans cannot read because they are in computer language: just a series of ones and zeros.
These programs are written in a programming language which humans can understand, then compiled into a language which the computer understands. You can't read the avast! program, for example, but your computer can understand it. If you wanted to read the instructions contained in the avast! program, you would have to decompile it, which is beyond most computer users (me anyway) not to say probably illegal.
Scripts on the other hand are easy to read: you can read a Javascript on a web page, tinker about with it and try it out yourself, and this doesn't require a great amount of expertise. For this reason, scripts appeal to anybody who aspires to be a virus writer but who has little programming skill, only the malicious intent. It's relatively easy to write a malicious script or to modify one found on the web. Hence the term script kiddy for a talentless virus writer.
Javascript runs in your browser, where a strict security policy says what it can and can't do. A malicious Javascript must find a weakness in the browser's security before it can do anything malicious. You can't write a Javascript which says 'wipe the hard drive' for example.
A more dangerous script is Visual Basic Script (VBS) which runs under Windows Scripting Host (WSH). Malicious VBS scripts 'can be created by anyone lacking a social conscience and with the ability to download free software.' (See Computer Shopper link below.)
The Pro version of avast! blocks malicious scripts both within your browser (as long as it's Internet Explorer) and in the WSH:
http://www.avast.com/eng/avast_4_professional.html(I don't think the script blocker works with Firefox, because IE uses WSH to impliment Javascript and Firefox doesn't.)
This means that the home version will not protect from malicious VBS scripts:
The free Home edition does not include the ability to detect harmful scripts and our results confirm that you are at risk from malevolent Visual Basic code if you rely solely on this program for protection.
http://www.transceiver.co.uk/txt/av05-02.htmlWhich is why anybody who uses the home version should also use a script blocker program to block all VBS scripts. VBS can be allowed for legitimate applications. Microsoft uses it for some program installations, I think. Program installations sometimes ask for antivirus programs to be turned off, for the reason that many do block scripts.
There are two script blockers available:
http://www.jasons-toolbox.com/programs.asp?Program=Script%20Sentryhttp://www.analogx.com/contents/download/system/sdefend.htmMicrosoft Anti-Spyware also blocks scripts + 56 other things.
Malicious Javascripts can be foiled by keeping your browser up to date.
And of course paying for the Pro version of avast! might also be worth the investment.
Hope this is useful and accurate (I'm sure somebody will tell me if it's not) and makes up for my long absence.