Is PowerShell Dangerous?

Previous page
Table of content
Next page

The answer is that PowerShell is no more dangerous than any other application. Certainly, PowerShell has the potential for great destruction since it can delete files, modify the registry, etc. However, so can any other application. If you run PowerShell as a local administrator, then it will have full access to your system-just like any other application. If you follow the principle of least privilege, which means you don't routinely log on to your computer as a local administrator, and you don't routinely run PowerShell as a local administrator, then its potential for damage is minimized-just like any other application. In fact, when set to its AllSigned execution policy, PowerShell is arguably safer than many applications since you can ensure that only scripts signed by an identifiable author will actually be able to run.

Naturally, much of PowerShell's security begins and ends with you. Microsoft has configured it to be very safe out-of-the-box. Therefore, anything you do from there can potentially loosen PowerShell's security. For this reason, you need to understand that your actions could have consequences before you do anything.

Safer Scripts from the Internet

One potential danger point is PowerShell scripts that you download from the Internet or acquire from other untrusted sources. While these scripts are a great way to quickly expand your scripting skills, they present a danger if you don't know exactly what they do. Fortunately, Microsoft has provided the -whatif parameter, which is a very cool way to find out what scripts do.

As you'll learn in Chapter 4, all PowerShell cmdlets are built from the same basic class, or template, which allows them to have a -whatif parameter. Not every cmdlet actually implements this, but then not every cmdlet does something potentially damaging. Let's look at a good example of how you might use the -whatif parameter.

Say you download a script from the Internet, and in it you find the following:

 PS:> Get-process | stop-process

Note 

Did you know that Get-Process, with no other arguments, returns a list of all processes?

This runs the Get-Process cmdlet and pipes its output to the Stop-Process cmdlet. So this script will have the effect of stopping every process on your computer. Not good. However, if you weren't sure of this output, you could just add -whatif:

 PS:> Get-Process | stop-process -whatif

The output listed below is what you'd get, which is a portion of the actual list:

 What if: Performing operation "stop-process" on Target "acrotray (4092)". What if: Performing operation "stop-process" on Target "alg (1480)". What if: Performing operation "stop-process" on Target "ati2evxx (1356)". What if: Performing operation "stop-process" on Target "ati2evxx (1672)". What if: Performing operation "stop-process" on Target "BTStackServer (3668)". What if: Performing operation "stop-process" on Target "BTTray (1252)". What if: Performing operation "stop-process" on Target "btwdins (168)". What if: Performing operation "stop-process" on Target "csrss (1084)". What if: Performing operation "stop-process" on Target "explorer (3380)". What if: Performing operation "stop-process" on Target "Groove (1232)". What if: Performing operation "stop-process" on Target "hpqgalry (3260)". What if: Performing operation "stop-process" on Target "hpqtra08 (1556)". What if: Performing operation "stop-process" on Target "hpwuSchd2 (3956)". What if: Performing operation "stop-process" on Target "HPZipm12 (1004)". What if: Performing operation "stop-process" on Target "Idle (0)". What if: Performing operation "stop-process" on Target "inetinfo (236)". What if: Performing operation "stop-process" on Target "iPodService (1136)".

Other than getting this output, nothing would happen. The -whatif parameter tells PowerShell (or more specifically, the Stop-Process cmdlet) to display what it would do, without actually doing it. This allows you to see what the downloaded script would have done without taking the risk of running it That's one way to make those downloaded scripts a bit safer in your environment.

Note that -whatif doesn't take the place of a signature. For example, if your PowerShell execution policy is set to only run trusted (signed) scripts, and you download a script from the Internet that isn't signed, then you'll have to sign the script before you can add -whatif and run the script to see what it would do.

Our scripts aren't signed!

We've deliberately not signed any of the sample scripts in this book (which are downloadable from www.SAPIENPress.com). If you decide to run any of our scripts, you need to evaluate them first to make sure they're suitable for you, and then sign them or configure PowerShell to not require a signature on scripts in order to execute them. We don't want you running any of our scripts until you've determined that they're appropriate for your environment, free of typos, and so forth.


Previous page
Table of content
Next page
Windows PowerShell. TFM
Internet Forensics
ISBN: 982131445
EAN: 2147483647
Year: 2004
Pages: 289
Authors: Robert Jones F.R
BUY ON AMAZON
Java I/O
Image Processing with LabVIEW and IMAQ Vision
Oracle Developer Forms Techniques
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
.NET-A Complete Development Cycle
Cultural Imperative: Global Trends in the 21st Century
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy