Μια και λέγαμε προχθές κάτι για security και gpo με το φίλο τον alex είπα να το βάλουμε εδώ να το θυμόμαστε κιόλας.
Για να αποφύγουμε τα επικίνδυνα και κακόβουλα προγράμματα και κώδικες σε ένα domain μπορούμε να αλλάξουμε το Open With μέσω Group Policy.Αυτό είναι μια καλή πρακτική για τους ανυποψίαστους χρήστες ενός domain.
Δηλαδή αντί να εκτελεστεί από το χρήστη με διπλό κλικ ένας κώδικας που είναι κρυμμένος μέσα σε ένα αρχείο με κατάληξη hta να ανοίξει με ένα notepad.
Ανοίγουμε Group Policy Editor
Και πάμε στο
User Configuration -> Preferences -> Control Panel Settings -> Folder Options -> Open With
Action: Replace or Update
File Extension: hta
Associated Program: %windir%\system32\notepad.exe
Set as default: Enabled.
Παρακάτω διάφορες πιθανά μη ασφαλείς καταλήξεις από το howtogeek.com
EXE – An executable program file. Most of the applications running on Windows are .exe files.
.PIF – A program information file for MS-DOS programs. While .PIF files aren’t supposed to contain executable code, Windows will treat .PIFs the same as .EXE files if they contain executable code.
.APPLICATION – An application installer deployed with Microsoft’s ClickOnce technology.
.GADGET – A gadget file for the Windows desktop gadget technology introduced in Windows Vista.
.MSI – A Microsoft installer file. These install other applications on your computer, although applications can also be installed by .exe files.
.MSP – A Windows installer patch file. Used to patch applications deployed with .MSI files.
.COM – The original type of program used by MS-DOS.
.SCR – A Windows screen saver. Windows screen savers can contain executable code.
.HTA – An HTML application. Unlike HTML applications run in browsers, .HTA files are run as trusted applications without sandboxing.
.CPL – A Control Panel file. All of the utilities found in the Windows Control Panel are .CPL files.
.MSC – A Microsoft Management Console file. Applications such as the group policy editor and disk management tool are .MSC files.
.JAR – .JAR files contain executable Java code. If you have the Java runtime installed, .JAR files will be run as programs.
.CMD – A batch file. Similar to .BAT, but this file extension was introduced in Windows NT.
.VB, .VBS – A VBScript file. Will execute its included VBScript code if you run it.
.VBE – An encrypted VBScript file. Similar to a VBScript file, but it’s not easy to tell what the file will actually do if you run it.
.JS – A JavaScript file. .JS files are normally used by webpages and are safe if run in Web browsers. However, Windows will run .JS files outside the browser with no sandboxing.
.JSE – An encrypted JavaScript file.
.WS, .WSF – A Windows Script file.
.WSC, .WSH – Windows Script Component and Windows Script Host control files. Used along with with Windows Script files.
.PS1, .PS1XML, .PS2, .PS2XML, .PSC1, .PSC2 – A Windows PowerShell script. Runs PowerShell commands in the order specified in the file.
.MSH, .MSH1, .MSH2, .MSHXML, .MSH1XML, .MSH2XML – A Monad script file. Monad was later renamed PowerShell.
.LNK – A link to a program on your computer. A link file could potentially contain command-line attributes that do dangerous things, such as deleting files without asking.
.INF – A text file used by AutoRun. If run, this file could potentially launch dangerous applications it came with or pass dangerous options to programs included with Windows.
Other
.REG – A Windows registry file. .REG files contain a list of registry entries that will be added or removed if you run them. A malicious .REG file could remove important information from your registry, replace it with junk data, or add malicious data.
.DOCM, .DOTM, .XLSM, .XLTM, .XLAM, .PPTM, .POTM, .PPAM, .PPSM, .SLDM – New file extensions introduced in Office 2007. The M at the end of the file extension indicates that the document contains Macros. For example, a .DOCX file contains no macros, while a .DOCM file can contain macros.
Πηγές
https://www.howtogeek.com/137270/50-file-extensions-that-are-potentially-dangerous-on-windows/
Για να αποφύγουμε τα επικίνδυνα και κακόβουλα προγράμματα και κώδικες σε ένα domain μπορούμε να αλλάξουμε το Open With μέσω Group Policy.Αυτό είναι μια καλή πρακτική για τους ανυποψίαστους χρήστες ενός domain.
Δηλαδή αντί να εκτελεστεί από το χρήστη με διπλό κλικ ένας κώδικας που είναι κρυμμένος μέσα σε ένα αρχείο με κατάληξη hta να ανοίξει με ένα notepad.
Ανοίγουμε Group Policy Editor
Και πάμε στο
User Configuration -> Preferences -> Control Panel Settings -> Folder Options -> Open With
Action: Replace or Update
File Extension: hta
Associated Program: %windir%\system32\notepad.exe
Set as default: Enabled.
Παρακάτω διάφορες πιθανά μη ασφαλείς καταλήξεις από το howtogeek.com
Programs
.PIF – A program information file for MS-DOS programs. While .PIF files aren’t supposed to contain executable code, Windows will treat .PIFs the same as .EXE files if they contain executable code.
.APPLICATION – An application installer deployed with Microsoft’s ClickOnce technology.
.GADGET – A gadget file for the Windows desktop gadget technology introduced in Windows Vista.
.MSI – A Microsoft installer file. These install other applications on your computer, although applications can also be installed by .exe files.
.MSP – A Windows installer patch file. Used to patch applications deployed with .MSI files.
.COM – The original type of program used by MS-DOS.
.SCR – A Windows screen saver. Windows screen savers can contain executable code.
.HTA – An HTML application. Unlike HTML applications run in browsers, .HTA files are run as trusted applications without sandboxing.
.CPL – A Control Panel file. All of the utilities found in the Windows Control Panel are .CPL files.
.MSC – A Microsoft Management Console file. Applications such as the group policy editor and disk management tool are .MSC files.
.JAR – .JAR files contain executable Java code. If you have the Java runtime installed, .JAR files will be run as programs.
Scripts
.BAT – A batch file. Contains a list of commands that will be run on your computer if you open it. Originally used by MS-DOS..CMD – A batch file. Similar to .BAT, but this file extension was introduced in Windows NT.
.VB, .VBS – A VBScript file. Will execute its included VBScript code if you run it.
.VBE – An encrypted VBScript file. Similar to a VBScript file, but it’s not easy to tell what the file will actually do if you run it.
.JS – A JavaScript file. .JS files are normally used by webpages and are safe if run in Web browsers. However, Windows will run .JS files outside the browser with no sandboxing.
.JSE – An encrypted JavaScript file.
.WS, .WSF – A Windows Script file.
.WSC, .WSH – Windows Script Component and Windows Script Host control files. Used along with with Windows Script files.
.PS1, .PS1XML, .PS2, .PS2XML, .PSC1, .PSC2 – A Windows PowerShell script. Runs PowerShell commands in the order specified in the file.
.MSH, .MSH1, .MSH2, .MSHXML, .MSH1XML, .MSH2XML – A Monad script file. Monad was later renamed PowerShell.
Shortcuts
.SCF – A Windows Explorer command file. Could pass potentially dangerous commands to Windows Explorer..LNK – A link to a program on your computer. A link file could potentially contain command-line attributes that do dangerous things, such as deleting files without asking.
.INF – A text file used by AutoRun. If run, this file could potentially launch dangerous applications it came with or pass dangerous options to programs included with Windows.
Other
.REG – A Windows registry file. .REG files contain a list of registry entries that will be added or removed if you run them. A malicious .REG file could remove important information from your registry, replace it with junk data, or add malicious data.
Office Macros
.DOC, .XLS, .PPT – Microsoft Word, Excel, and PowerPoint documents. These can contain malicious macro code..DOCM, .DOTM, .XLSM, .XLTM, .XLAM, .PPTM, .POTM, .PPAM, .PPSM, .SLDM – New file extensions introduced in Office 2007. The M at the end of the file extension indicates that the document contains Macros. For example, a .DOCX file contains no macros, while a .DOCM file can contain macros.
Πηγές
https://www.howtogeek.com/137270/50-file-extensions-that-are-potentially-dangerous-on-windows/
0 Comments