Jump to content
Sign in to follow this  
CJakov

AutoIt Security Implications

Recommended Posts

CJakov

We are planning to use AutoIt as a scripting utility on Windows XP platform.

Is anybody aware of any security implications associated with using AutoIt on Windows OSs?

Thank you.

Share this post


Link to post
Share on other sites
evilertoaster

AutoIT usually just implaments API calls...so in that sense it's as secure as XP itself.... (not saying much)... Installing the inturpiter simply allows you to run .au3 files ( so malacious programs could be in a au3 format instead of say an .exe which is filtered by more anti-virus programs ect)...that's really the only thing to consider..but you could always just not install the intupriter and compile them into .exe anyways :shocked:

Share this post


Link to post
Share on other sites
PsaltyDS

We are planning to use AutoIt as a scripting utility on Windows XP platform.

Is anybody aware of any security implications associated with using AutoIt on Windows OSs?

Thank you.

To do what, exactly? AutoIT can do horrible things if scripted to do so, but no more so than VBS or a .CMD batch file. AutoIT uses standard Windows APIs and is no more or less secure than they are. I haven't seen anyone point out NEW security problems brought in by using AutoIT, that aren't just a product of the Windows environment it runs in.

Every once in a while Symantec or McAfee start calling out AutoIT files as risks because somebody, somewhere wrote a malicious script using it and the antivirus companies were not careful in creating a new signature for it. Its like calling out all .BAT files as viruses because somebody wrote malicious batch file once. Even worse, sometimes it's just because AutoIT uses some common component like a compression module. There is a whole sticky thread on this.

:shocked:

P.S. I compile all my scripts that run on other machines, so AutoIT is only actually installed on my coding workstation. The .exe files of the scripts all go to a network share and get run from there with nothing new added to the target machines.

Edited by PsaltyDS

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×