AutoHotkey Community

[Markus]

Hi all,

I've read about AHK in a computer magazine and decided that it's exactly what I need for automating my daily administrator's business. However, we are wary of unwanted uses of this tool, particularly keylogging.

So before I start wetting my appetite, I want to know if there are any possibilities to prevent such uses of AHK (i.e. recompiling without some commands) without making AHK unusable.

Regards,
Markus

[BoBo]

Da AutoHotkey Open Source ist, steht es dir (AFAIK) frei eine "abgespeckte" Version für eure internen Zwecke zu kompilieren.

Extrahieren von Kommandos wie (z.B. Input) sollte proplemlos möglich sein. Unter Vorbehalt (erwarte das Chris dies bestätigt) sag ich mal: Guten Appetit

[Andi]

It would be great, when the download section of autohotkey also would offer a "security version" of ahk, without the problematic parts.

A normal user (like me ) is not able to compile such a "security version".

I think there are many people (also like me )who wants to benefit of ahk's advantages at work.

[Invalid User]

AHK scripts can be made into .exe with passwords built into them. Ahk can be installed on one PC and the .exe can be distibuted to the other pcs, I dont think this is really what you want but its my first thought of the workaround.
_________________
my lame sig

[Rajat]

most keyloggers r coded in C++, asm, or (rarely) delphi... but these languages don't become subjects of security concerns, do they?

what matters is the use u put it to... u make a script just to show a tooltip and that's just what it'd do. it won't send ur passwords to me or Chris!
_________________

[melic]

one thing might be good is a default override key.
say a user incorrectly codes a script placed in StartUp with a block function and the code does not end properly although it is "coded" correctly as far as ahk is concerned. the system would boot up and get hung up on a block, with no mouse and or key control.

[Chris]

If BlockInput ever gets stuck on due to a bug in the script, you can press Ctrl-Alt-Del to get out of it.

[Andi]

@Invalid User

Building a .exe is a way, but before I built it, I have to develop the script by starting autohotkey.exe... and this is done mostly on the machine, where the script should run later.


@Rajat

I don't believe, that you're collecting passwords....not a man like you!!
But I think that the IT-Security-Experts in our firm would find it problematic, when the keyboard is logged. So when a user is leaving his workstation and forgets to reload or exit ahk after entering a password an other user could read everything with the built in "key history and script info" function.

I've got a notion that my suggestion to install ahk would shoot down

[jonny]

Um... well then, their fears are unfounded. AHK is open-source. Any supposed "security concerns" would quickly be found by a proficient C++ prorammer browsing Chris' code, and I might note that there have been at least a few people like this I've seen. An interesting tidbit here is an issue that cropped up more than a year ago, when AHK was still in beta. Here's a quote from the archives of the changelog:

[Andi]

there you're right. But what I wrote applies to what Invalid User said:

[Invalid User]

You know....ppl wont look for somthing they dont know is there, unless they have bad intent. you could always hide AHK deep.
_________________
my lame sig

[jonny]

I think I'm missing something; what are the exact concerns here? I'm not quite sure I understand what the "security issues" are in this context.

[Serenity]

I think Markus, the original poster, was concerned with AutoHotkey having keylogging capabilities.
_________________
"Anything worth doing is worth doing slowly." - Mae West