Jump to content

Sky Slate Blueberry Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate
Photo

Confused about running AHK without installing the EXE: safe to run on a server?


  • Please log in to reply
5 replies to this topic
cooljunk
  • Members
  • 19 posts
  • Last active: Oct 31 2015 08:03 PM
  • Joined: 22 Oct 2015

So I talked to our workplace's IT guy about autohotkey last week and it got a partial approval  today. Basically that means we are allowed to test it on a single PC tomorrow and no more until more documentation is done.

 

The problem is that there have been issues in the past with free software downloaded from the web and mass installed on the PCs, and we have over 50 PCs so you can imagine all the hassle that was. But... I just realized something after Google searching a suspicion I had, which was that AutoHotkey can probably be used by loading it off a server, and sure enough- that seems to be the case because the EXE is portable. All you have to do is fix the file associations, right? But there seems to be a lot of ways of doing this, but none seem to make a lot of sense. Some even involve using another application (imagine getting yet another program approved!) Also, I'm wondering if it's safe to have something like AutoHotKey on a sever. But our IT now understands that the program itself is totally legit, so maybe it's not an issue if as long as long as restrictions are put in place on how the EXE can perform, which I'm sure can be done.

 

Should I talk to the IT again about running it off the server? And if so what should I do about the file association issue?

 

Thanks for any help you can give!



Grant
  • Members
  • 14 posts
  • Last active: Nov 13 2015 10:03 AM
  • Joined: 03 Feb 2010

I am not in IT but here are my thoughts.    Any business needs to have secure data but you also want to make things as efficient as possible and ahk helps with that.  The catch is that although the ahk.exe is perfectly safe, it allows anyone with access, even indirect access, to create code that can do anything.  

 

ahk is the same as visual basic, c++, java and python. On their own they are perfectly safe and very powerfull tools. ahk is in my mind the fastest to get something quick and nasty working to solve a problem that you have.

 

I think (I may be wrong here) that if you are able to run the uncompiled scripts, you will be able to create your own scripts.  Effectivley this allows unwanted and potentially malicious code to be created on your side of the security fence.  I have ahk installed on my office machine but I am also the only person that has any interest in codeing.  The other staff have no interest and only see the usefullness of the final applications that are used and are happy with that. 

 

Had someone at the business come and asked if they can load a piece of software on their machine that has the potential for damage that ahk *can* have without giving me some solid production increase potential, I would say no.  I know better.

 

Having said this, there are so many very simple, basic scripts that I have in my script folder that save a massive amount of time.  The most simple downloads plan files and file according to site number. This has freed up over 3 hours of 1 persons time this week alone and it took me less than a day to write so there is production benefits but you need to be aware of the risks.

 

Back to your question of: How safe is it to load on the server?  I have a question: Can a staff member bring a flash drive from home and plug it into their pc and work on files they took home last night?  This is as big a threat because you can run ahk from a flash drive if you want.



cooljunk
  • Members
  • 19 posts
  • Last active: Oct 31 2015 08:03 PM
  • Joined: 22 Oct 2015

I am not in IT but here are my thoughts.    Any business needs to have secure data but you also want to make things as efficient as possible and ahk helps with that.  The catch is that although the ahk.exe is perfectly safe, it allows anyone with access, even indirect access, to create code that can do anything.  

 

ahk is the same as visual basic, c++, java and python. On their own they are perfectly safe and very powerfull tools. ahk is in my mind the fastest to get something quick and nasty working to solve a problem that you have.

 

I think (I may be wrong here) that if you are able to run the uncompiled scripts, you will be able to create your own scripts.  Effectivley this allows unwanted and potentially malicious code to be created on your side of the security fence.  I have ahk installed on my office machine but I am also the only person that has any interest in codeing.  The other staff have no interest and only see the usefullness of the final applications that are used and are happy with that. 

 

Had someone at the business come and asked if they can load a piece of software on their machine that has the potential for damage that ahk *can* have without giving me some solid production increase potential, I would say no.  I know better.

 

Having said this, there are so many very simple, basic scripts that I have in my script folder that save a massive amount of time.  The most simple downloads plan files and file according to site number. This has freed up over 3 hours of 1 persons time this week alone and it took me less than a day to write so there is production benefits but you need to be aware of the risks.

 

Back to your question of: How safe is it to load on the server?  I have a question: Can a staff member bring a flash drive from home and plug it into their pc and work on files they took home last night?  This is as big a threat because you can run ahk from a flash drive if you want.

thank you for you input and you really have some great points but perhaps now I should make my question more clear . Does having the AHK software on the server instead of each individual PC (over 50 of them) really have a significant increase of risk, and how do I effectively work around the file attribution issue? And let's say we trust the employees to not run random .ahk files they found online. I can safely say that no one currently employed (who has access to the local network) understands AHK, except for IT, and the extent of their knowledge is that AHK is open source, free, and the installer doesn't even ask to download a shady toolbar, our IT guy seemed to use that to say the software is pretty legit.



Exaskryz
  • Members
  • 3249 posts
  • Last active: Nov 20 2015 05:30 AM
  • Joined: 23 Aug 2012

Maybe I'm misunderstanding, but can you use a compiled script (ahk2exe) and have that individually approved by the IT to be run on computers? This way, .ahk scripts shouldn't be allowed if some employee decides to bring one in on a flash drive, nor even if they compile it to an .exe (if your IT runs on whitelists instead of blacklists) should they be able to use it.

 

Once you get past that, everything should be fine from a security standpoint. But I am not a network engineer or IT guy or anything of the sort, so don't take my rather uneducated opinion as fact.

 

As for the file association issues, what do you mean? Like the AutoHotkey installed platform that can use .ahk files? Well, if you're compiling your script, then there shouldn't be any of those file associations to make.

 

However, if you mean something like finding the right files on everyone's computers or finding where to search, that's a whole different matter.



cooljunk
  • Members
  • 19 posts
  • Last active: Oct 31 2015 08:03 PM
  • Joined: 22 Oct 2015

Maybe I'm misunderstanding, but can you use a compiled script (ahk2exe) and have that individually approved by the IT to be run on computers? This way, .ahk scripts shouldn't be allowed if some employee decides to bring one in on a flash drive, nor even if they compile it to an .exe (if your IT runs on whitelists instead of blacklists) should they be able to use it.

 

Once you get past that, everything should be fine from a security standpoint. But I am not a network engineer or IT guy or anything of the sort, so don't take my rather uneducated opinion as fact.

 

As for the file association issues, what do you mean? Like the AutoHotkey installed platform that can use .ahk files? Well, if you're compiling your script, then there shouldn't be any of those file associations to make.

 

However, if you mean something like finding the right files on everyone's computers or finding where to search, that's a whole different matter.

Well, we have a special setup now with the scripts, and I do not see how it would work with EXEs. There's a dozen or so scripts which call to other resources, including the gdip library.

 

 

And yes, like the autohotkey installed platform. If it's not properly installed, then the AHK file attribution is unknown.



Lexikos
  • Administrators
  • 9844 posts
  • AutoHotkey Foundation
  • Last active:
  • Joined: 17 Oct 2006
Firstly, see Portability.

You can either create a default script (e.g. AutoHotkey.ahk) or launch AutoHotkey.exe with the script path as a parameter, such as via another script (ahk, bat, vbs, etc.) or a standard Windows shortcut file (lnk).

If you have a central script which launches all of the other scripts, there is no need to fix the file type associations. You can launch another script like this:
Run "%A_AhkPath%" "path of script.ahk"
If you want to allow users to run .ahk files directly, you can fix it with a script. If you've installed AutoHotkey, AutoHotkey\Installer.ahk contains all of the code for registering file type associations etc. Look for the section which references %FileTypeKey% with RegWrite. FileTypeKey is defined near the top of the script. Copy out whatever you need.

Does having the AHK software on the server instead of each individual PC (over 50 of them) really have a significant increase of risk[...]?

I don't see any increase of risk.