Mitigations on PCs running AutoIT
https://blog.trendmicro.com/trendlabs-security-intelligence/autoit-used-to-spread-malware-and-toolsets/
Users are requesting for AutoIT to automate their tasks (mouse clicks, repetitive keystrokes etc)
but I have concerns like what's listed in link above.
What are the mitigations we can put in place to balance between work productivity & IT security risks?
Are the following valid mitigations?
1. air-gap those PC running AutoIT, namely remove Internet access & email access as these two are
top vectors of malwares. Users told me they don't need these 2 functions on the PCs running
AutoIT but the AutoIT programmer wants it on his PC as he doesn't want to switch around
between PCs when developing AutoIT scripts & using email/Internet
2. I heard we can compile the scripts & then uninstall AutoIT : so if a hacker got into the PC, he
can't develop keyloggers/malicious scripts (that capture credentials). The programmer felt
this is restrictive but to work around, I heard we can create config file for scripts to read in
parameters/variables to give more flexibilities or options for the scripts to operate: is this
so? Is this a good mitigation?
Pls add on any further mitigations.
I've heard of VB & Java scripts being risks : are they of similar nature as the risks of AutoIT?
Users are requesting for AutoIT to automate their tasks (mouse clicks, repetitive keystrokes etc)
but I have concerns like what's listed in link above.
What are the mitigations we can put in place to balance between work productivity & IT security risks?
Are the following valid mitigations?
1. air-gap those PC running AutoIT, namely remove Internet access & email access as these two are
top vectors of malwares. Users told me they don't need these 2 functions on the PCs running
AutoIT but the AutoIT programmer wants it on his PC as he doesn't want to switch around
between PCs when developing AutoIT scripts & using email/Internet
2. I heard we can compile the scripts & then uninstall AutoIT : so if a hacker got into the PC, he
can't develop keyloggers/malicious scripts (that capture credentials). The programmer felt
this is restrictive but to work around, I heard we can create config file for scripts to read in
parameters/variables to give more flexibilities or options for the scripts to operate: is this
so? Is this a good mitigation?
Pls add on any further mitigations.
I've heard of VB & Java scripts being risks : are they of similar nature as the risks of AutoIT?
Who is Participating?
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
Standard practice so it is a good idea, especially if you encrypt password inside of it. See this article for an example of such a config file and encryption
https://www.experts-exchange.com/articles/30820/Active-Directory-Cleanup-Tool-ADCleanup.html
AutoIT can do anything the user can do. That said, if I was inclined to write malicious software, I would not use AutoIT