This post is a quick overview of an Abto Software blog article.
Visual Basic, a third-generation programming language derived from BASIC, was released in 1991. Version 6, launched in 1998, has since lost practical relevance with its mainline support ending in 2008.
However, VB6 programs continue to run on the latest versions of Windows due to Microsoft's ongoing commitment to VB6 compatibility. As a result, VB6 applications remain in use across various sectors, including healthcare, retail, finance, construction, and others.
COM and ActiveX issues
One often-overlooked reason to consider VB migration – COM and ActiveX issues.
In the early 90s, VB installations featured large catalogs of custom-built controls. Today, these outdated VB distributions — charts, calendars, data visualization — are no longer supported on modern Windows versions, making them merely a memory.
To support more affordable, older PCs, VB adopters used 16-bit executables that had 16-bit controls. Today, however, these applications are limited by their 16-bit architecture, as modern PCs no longer support 16-bit modes.
The component model was originally based on the COM architecture, a complex inter-process system. Fortunately, today, no one relies on COM. Instead, there are more straightforward alternatives, such as RESTful services and SOAP/XML services.
COM and ActiveX have significant security vulnerabilities as they can control critical Windows services. This enables them to directly manipulate and manage essential functions and processes of the operating system. If compromised, they can give attackers access to sensitive functions, increasing the risk of data breaches and other security issues.
Security vulnerability taken seriously
A more obvious reason to consider rewriting VB6 is the security vulnerabilities caused by malicious programs.
Vilsel worm
The Vilsel worm, a prominent Visual Basic Script malware first reported in 2015, continues to be a great threat in 2024. It has evolved over time and is still widely present.
This harmful worm uses outdated Visual Basic pseudocode, which is executed step-by-step by compatibility programs. Modern analysis methods struggle to detect it, often requiring a VB decompiler. Some variants also encapsulate their executable, causing issues with weaker anti-VB6 protections.
The worm spreads through email, typically via malicious attachments or links, to infect and propagate across systems.
The activities the program can perform:
- Email spreading
- File modification
- Performance deterioration
- Backdoor exposure
ILOVEYOU, Nimba, and other older threats
Various globally recognized threats have exploited security vulnerabilities within the Visual Basic ecosystem. Specifically, these threats have spread by targeting weaknesses in VBScript, VBA programs, and other Microsoft technologies within the VB environment.
These threats include:
- ILOVEYOU – a worm, which emerged in 2000, spread via email and used VB Script to overwrite files on systems running Microsoft Windows
- Nimda – a hybrid from 2001 that infected both web and client machines running Windows, utilizing multiple infection vectors
- Melissa – a virus that infected Microsoft Word in 1999 by exploiting VB Script and spread via email, replicating itself by sending infected documents to contacts in the Microsoft Outlook address book
- Sasser – a worm that exploited a vulnerability in both Windows XP and 2000 to take control of systems without requiring user interaction
Although ILOVEYOU, Nimda, and similar threats are no longer actively spreading or posing a significant menace in 2024, their methods and techniques have influenced more sophisticated modern malware.
The specific security vulnerabilities they exploited remain relevant, highlighting the importance of timely security updates, proper configuration, and vigilance to defend against malware and other security threats.
Why migrating from VB6 is inevitable
Business leaders are confronting the challenge of their mission-critical VB6 applications becoming outdated and unreliable.
The reasons are clear – lack of active mainline support, evolving customer demands, and a changing business landscape. Outdated applications result in numerous negative outcomes, including insufficient performance, limited functionality and scalability, security vulnerabilities, and compatibility issues.
VB6 migration – prominent cases worth mentioning
An Post
An Post, one of Ireland's largest organizations, offers a wide range of services including retail, financial, postal, and specialized solutions. With a network spanning across the country, An Post employs over 9,000 individuals. The company also plays a crucial role in providing governmental services, particularly to the National Treasury Management Agency.
Several years ago, An Post adopted a custom attendance system, STREAMS, for managing daily salary and wage operations. Initially built with Microsoft's VB6, STREAMS operates as a client-server application.
To protect their investment over the next decades, the enterprise has made the decision to migrate VB6 code to the VB.NET platform, which offers greater scalability.
The solution
An Post enlisted third-party software engineers to oversee the migration of 194,000 lines of code. The project encompassed design, integration, deployment, extensive testing, and subsequent end-user training.
Initially, the team conducted a manual assessment to identify potential challenges and bottlenecks. Subsequently, the contractors managed the migration from VB6 to VB.NET in successive stages.
The benefits
An Post has enhanced resource allocation significantly by transitioning from their obsolete client-server product. They are now poised to develop a scalable web environment that utilizes shared libraries with other .NET components.
The organization has protected a significant investment while leveraging processes that appear seamless. To ensure consistent performance and continuity, the company is utilizing ongoing support and maintenance, which involves biannual updates and patches.
Currently, the enterprise relies on a supported VB.NET application for its essential operations.
VertexGroup
Vertex Group is a prominent business process outsourcing firm based in the UK, providing comprehensive services to clients spanning various industries. With a workforce of over 9,000 employees, the company offers expertise in business consulting, workforce technology, and staffing solutions across the UK, Canada, Australia, and the United States.
Vertex Group's mortgage division relies heavily on Omiga, its flagship loan processing solution. This critical application utilizes VB6 from Microsoft, complemented by elements of Visual C++.
The enterprise made a strategic decision to transition from VB6 to .NET code in order to enhance business stability and ensure compliance.
The solution
Vertex Group has opted for C# as the .NET target programming language for migrating the extensive 616,000 lines of code, citing its previous use in other .NET components as a key factor in the decision.
The project engaged internal software developers alongside external third-party contractors. It implemented an automated update assistant leveraging artificial intelligence, manual testing, and automated test cases to ensure unparalleled accuracy through validation of functional equivalence.
The benefits
Currently, the enterprise can utilize a responsive and effective development and production environment, supporting business continuity and maintaining regulatory compliance.
Summing up
Abto Software offers specialized expertise in transitioning mission-critical applications seamlessly.
Our engineers manage the entire process, including discovery and planning, code assessment and preparation, and efficient VB6 migration. Our clients no longer face operational and performance issues, security vulnerabilities, compatibility problems, or other shortcomings after approaching VB6 conversion.
Our services:
- Business analysis and consulting
- Project setup and kick-off
- Code migration
- Code finalization
- Acceptance testing and improvement
- Quality assurance and deployment
Your benefits:
- Higher performance and efficiency
- Expanded functionality and scalability
- Improved security through updates and patches
- Enhanced compatibility across platforms and devices
- Long-term support and maintenance
- Cloud compatibility
Top comments (4)
I have seen some people still use VB for some projects
On .NET it used to be that VB.NET, C# and so on were 100% equivalent "under the hood" because everything compiled down to IL and they were all performing the same ,NET library calls - just syntax separating those languages (VB.NET's syntax is just more clumsy and more verbose) ...
But I believe that Microsoft phased out VB.NET ...
SCRATCH THAT: this is not true, it turns out Micrsoft continues to support it:
"Microsoft updated its VB language strategy on 6 February 2023, stating that VB is a stable language now and Microsoft will keep maintaining it"
"Microsoft continues to support and invest in VB.NET as a programming language. It is included in the latest versions of Visual Studio, the primary development environment for .NET, and is regularly updated with new features and improvements"
It's still a bona fide language on .NET ...
This gets even worse: some legacy programs that are in wide-spread use still use VBA for their stuff. Even though it's no longer supported on more modern platforms, leading to old-time industry people like me needing to migrate their stuff from VBA to "target" system, be it C#, AL, or even other esoteric langauges.
The obvious migration route is to the new twinBASIC programming language. It is backwards compatible with VB6 and can import VB6 code and forms.
twinbasic.com/