CJakov Posted April 11, 2007 Share Posted April 11, 2007 We are planning to use AutoIt as a scripting utility on Windows XP platform. Is anybody aware of any security implications associated with using AutoIt on Windows OSs? Thank you. Link to comment Share on other sites More sharing options...
evilertoaster Posted April 11, 2007 Share Posted April 11, 2007 AutoIT usually just implaments API calls...so in that sense it's as secure as XP itself.... (not saying much)... Installing the inturpiter simply allows you to run .au3 files ( so malacious programs could be in a au3 format instead of say an .exe which is filtered by more anti-virus programs ect)...that's really the only thing to consider..but you could always just not install the intupriter and compile them into .exe anyways Link to comment Share on other sites More sharing options...
PsaltyDS Posted April 11, 2007 Share Posted April 11, 2007 (edited) We are planning to use AutoIt as a scripting utility on Windows XP platform.Is anybody aware of any security implications associated with using AutoIt on Windows OSs? Thank you.To do what, exactly? AutoIT can do horrible things if scripted to do so, but no more so than VBS or a .CMD batch file. AutoIT uses standard Windows APIs and is no more or less secure than they are. I haven't seen anyone point out NEW security problems brought in by using AutoIT, that aren't just a product of the Windows environment it runs in.Every once in a while Symantec or McAfee start calling out AutoIT files as risks because somebody, somewhere wrote a malicious script using it and the antivirus companies were not careful in creating a new signature for it. Its like calling out all .BAT files as viruses because somebody wrote malicious batch file once. Even worse, sometimes it's just because AutoIT uses some common component like a compression module. There is a whole sticky thread on this. P.S. I compile all my scripts that run on other machines, so AutoIT is only actually installed on my coding workstation. The .exe files of the scripts all go to a network share and get run from there with nothing new added to the target machines. Edited April 11, 2007 by PsaltyDS Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now