sunhux
asked on
Mitigations on PCs running AutoIT
https://blog.trendmicro.com/trendlabs-security-intelligence/autoit-used-to-spread-malware-and-toolsets/
Users are requesting for AutoIT to automate their tasks (mouse clicks, repetitive keystrokes etc)
but I have concerns like what's listed in link above.
What are the mitigations we can put in place to balance between work productivity & IT security risks?
Are the following valid mitigations?
1. air-gap those PC running AutoIT, namely remove Internet access & email access as these two are
top vectors of malwares. Users told me they don't need these 2 functions on the PCs running
AutoIT but the AutoIT programmer wants it on his PC as he doesn't want to switch around
between PCs when developing AutoIT scripts & using email/Internet
2. I heard we can compile the scripts & then uninstall AutoIT : so if a hacker got into the PC, he
can't develop keyloggers/malicious scripts (that capture credentials). The programmer felt
this is restrictive but to work around, I heard we can create config file for scripts to read in
parameters/variables to give more flexibilities or options for the scripts to operate: is this
so? Is this a good mitigation?
Pls add on any further mitigations.
I've heard of VB & Java scripts being risks : are they of similar nature as the risks of AutoIT?
Users are requesting for AutoIT to automate their tasks (mouse clicks, repetitive keystrokes etc)
but I have concerns like what's listed in link above.
What are the mitigations we can put in place to balance between work productivity & IT security risks?
Are the following valid mitigations?
1. air-gap those PC running AutoIT, namely remove Internet access & email access as these two are
top vectors of malwares. Users told me they don't need these 2 functions on the PCs running
AutoIT but the AutoIT programmer wants it on his PC as he doesn't want to switch around
between PCs when developing AutoIT scripts & using email/Internet
2. I heard we can compile the scripts & then uninstall AutoIT : so if a hacker got into the PC, he
can't develop keyloggers/malicious scripts (that capture credentials). The programmer felt
this is restrictive but to work around, I heard we can create config file for scripts to read in
parameters/variables to give more flexibilities or options for the scripts to operate: is this
so? Is this a good mitigation?
Pls add on any further mitigations.
I've heard of VB & Java scripts being risks : are they of similar nature as the risks of AutoIT?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
anyone heard of security vulnerabilities for AutoIT
or security patches for AutoIT? Do point me to the
sources/links