Fake CAPTCHAs, malicious software update prompts or error messages, phishing emails, and other deceptive social engineering schemes increasingly rely on tricking users to run harmful commands in PowerShell and Command Prompt (CMD). Disabling them would shut down this key vulnerable point, but security experts are divided. PowerShell is a powerful scripting tool, able to interact with the operating system and beneficial for system administration. However, hackers have been widely exploiting it to download malicious payloads and manipulate system settings. Many everyday computer users who only browse the web, stream videos, and check emails might not even know it exists. “It’s like having a loaded weapon with no training in that the risks far outweigh any potential benefits,” said Jason Wingate, CEO at Emerald Ocean, a consulting business. We ask cyber pros – if a user doesn’t even know what PowerShell is, do they really need access to it? Most of them agree that average users should disable PowerShell and CMD. If these tools are never used on a computer legitimately, the security benefits of disabling them outweigh any potential drawbacks. But there are some important caveats.
Small businesses should consider disabling PowerShell. While beneficial for family computers, the elderly, and other non-technical users, cyber pros make a strong case for small firms to implement similar restrictions. “This sort of lockdown makes sense on shared (multiple users) or controlled (specific environments) machines like public library terminals, hospital check-in kiosks, or corporate workstations with strict application needs, etc,” said Vladimirs Romanovskis, IT Support Department Manager at Dyninno Technologies. Non-technical users on computers – whether at retail POS terminals or corporate workstations – shouldn’t be copy-pasting and executing commands. Continue reading here.
We provide communication in written form only
pr@dyninno.com
Phone
+44 7391 796792
v.veltmane@dyninno.com
j.kondratovica@dynatech.lv
Phone
+37 120 65 5702
+37 129 61 3971
karnika.bahuguna@dyninno.in
i.cerevco@datapro.md
Phone
+37 379 420400
j.carreno@dyninno.com
Phone
+571 314 49 00053
We do not comment on anything which might negatively impact our business, our partnerships, our employees, or our competitors
We are happy to provide information at any time of day or night but ask you to understand that we require up to two hours to prepare any statement
