Mitigations on PCs running AutoIT

https://blog.trendmicro.com/trendlabs-security-intelligence/autoit-used-to-spread-malware-and-toolsets/

Users are requesting for AutoIT to automate their tasks (mouse clicks, repetitive keystrokes etc)
but I have concerns like what's listed in link above.

What are the mitigations we can put in place to balance between work productivity & IT security risks?

Are the following valid mitigations?

1. air-gap those PC running AutoIT, namely remove Internet access & email access as these two are
    top vectors of malwares.  Users told me they don't need these 2 functions on the PCs running
    AutoIT but the AutoIT programmer wants it on his PC as he doesn't want to switch around
    between PCs when developing AutoIT scripts & using email/Internet

2. I heard we can compile the scripts & then uninstall AutoIT : so if a hacker got into the PC, he
    can't develop keyloggers/malicious scripts (that capture credentials).  The programmer felt
    this is restrictive but to work around, I heard we can create config file for scripts to read in
    parameters/variables to give more flexibilities or options for the scripts to operate: is this
    so?  Is this a good mitigation?

Pls add on any further mitigations.

I've heard of VB & Java scripts being risks : are they of similar nature as the risks of AutoIT?
sunhuxAsked:
Who is Participating?
 
Shaun VermaakTechnical Specialist/DeveloperCommented:
air-gap those PC running AutoIT
Bit drastic

I heard we can create config file for scripts to read in parameters/variables to give more flexibilities or options for the scripts to operate: is this so?  Is this a good mitigation?
Standard practice so it is a good idea, especially if you encrypt password inside of it. See this article for an example of such a config file and encryption
https://www.experts-exchange.com/articles/30820/Active-Directory-Cleanup-Tool-ADCleanup.html

anyone heard of security vulnerabilities for AutoIT or security patches for AutoIT?
AutoIT can do anything the user can do. That said, if I was inclined to write malicious software, I would not use AutoIT
2
 
sunhuxAuthor Commented:
One more question:
anyone heard of security vulnerabilities for AutoIT
or security patches for AutoIT?  Do point me to the
sources/links
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.