About-Protecting-Against-Malicious-Code

About Protecting Against Malicious Code

    About Protecting Against Malicious Code

    Several security measures and practices can protect you against malicious executable
    files.

    Overview

    Malicious executable code, also known as malware or viruses, has become more common
    and can impact users of AutoCAD. If allowed to spread, malware can result in loss
    of intellectual property and reduced productivity. Two common categories include automatically
    loaded AutoLISP files and VBA (Microsoftآ® Visual Basicآ® for Applications) macros.
    More sophisticated attacks that compromise or steal intellectual property include
    malicious ARX applications, object enablers, and DLLs (dynamic link libraries).

    The most common vulnerability results from allowing executable code to co-exist with
    data, such as

    • Macros embedded in DWG files
    • AutoLISP files that are automatically loaded from the Start In folder.

    For example, project-based executable files bundled together with drawings in a ZIP
    file might include edited versions of acad.lsp, acaddoc.lsp, and FAS and VLX files that contain malicious code. When the contents of the ZIP
    file are extracted into a folder and AutoCAD is launched by double-clicking a DWG
    file, the LSP files are automatically launched as well.

    Also, many viruses try to propagate themselves by editing acad.mnl, adding a line in it to load itself.

    Vulnerable Files

    Malicious code can be included in the following types of files:

    • ARX, DBX, CRX, HDI files
    • LSP, FAS, VLX, MNL, SCR files
    • .NET assemblies
    • VBA macros (DVB files)
    • acad.rx
    • JavaScript
    • DLL files

    Security Countermeasures

    AutoCAD security countermeasures minimize the possibility of executing malicious code
    by providing controls that

    • Specify one or more trusted folders for executable files. Support for trusted locations
      are provided by the TRUSTEDPATHS system variable, so that executable files can be
      stored in controlled, auditable folder locations. It is recommended that these folders
      be set to “read only.” These locations can be locked by the CAD Manager.
    • Limit the access to the acad2013.lsp and acad2013doc.lsp files and their successors by allowing them to be loaded only from their default
      installation folders: <installation folderSupport, and <installation folderSupport<language respectively.
    • Limit the loading of AutoLISP and VBA applications in the current AutoCAD session,
      including all LSP, FAS, and VLX files, and acad.dvb. Loading behavior is controlled by the SECURELOAD system variable.
    • Prevent unintentionally finding and loading of executable files from the Start In
      and drawing folders by leaving the LEGACYCODEPATH system variable set to 0.
    • Secure the cleanup process after an attack by completely disabling executable code
      at AutoCAD startup. This capability is controlled by the /safemode startup switch,
      and is reflected by the read-only SAFEMODE system variable. The /safemode switch lets
      you start AutoCAD safely, so you can make changes to the SECURELOAD and TRUSTEDPATHS
      system variables.
    IMPORTANT:Using the /safemode switch also prevents the AutoCAD Express Tools and most AutoCAD
    command tools from functioning, and should only be used temporarily in situations
    where you suspect that malware has been installed on your system.

    Recommendations

    The following best practices can minimize your vulnerability to malicious executable
    code:

    • The AutoCAD installation folder should be set to Read Only.
    • Keep your virus definitions current. All leading anti-virus solutions can identify
      and remedy AutoCAD virus infections.
    • Enable User Account Control (UAC) for Microsoft Windows 7, and newer operating systems.
    • When installing 3rd party applications involving ARX, DBX, CRX, HDI, and DLL files,
      make sure that the installed files are digitally signed with a certificate issued
      by a reputable source, such as VeriSign.
    • Never run an unknown AutoLISP file or VBA macro without first inspecting the code.
    • Keep executable code in folders that are separate from data.
    • Store executable code in trusted, read-only locations.
    • Locate shared AutoCAD CUIx files in trusted read-only locations.
    • Set the SECURELOAD system variable to 1 or 2 to prevent unauthorized code from executing
      within AutoCAD. This setting can also be modified with the Options dialog box System tab Executable File Settings button or in the Deployment Wizard.
    • Set the TRUSTEDPATHS system variable to unique, read-only folders that can be trusted.
      The AutoCAD executable folder and its subfolders, and the ApplicationPlugins folders
      are automatically trusted. These paths can also be set on the Options dialog box File tab or in the Deployment Wizard.
    NOTE: AutoCAD LTآ® does not run AutoLISP, VBA, or other applications, and does not require
    these security measures.

    Learning AutoCad

    >Protecting Against Malicious Codes. This section provides some tips to end users on protecting from malicious code. Click here to learn how to protect yourself …… Protection against malicious code at the Network Level . … detection and correction against malicious code and related security incidents. 3.Protection Against Malicious and Mobile Code §10.4, VCCS will consider the security implications associated with  …protecting the platform from malicious code is ' authentication', or proving the identity of the person who is distributing the code in a bundle.… Safe computing habits are the best defence against malicious code. How you handle e-mail attachments, floppy disks, CDs and other external …protect you against maliciousMalicious executable code, also known as malware or viruses, has become more  …… SPECTRIA InfoSec Services, malicious code is defined as “software which interferes with the ….. protect against malicious code insertion.malicious code? Checkmarx provides the most comprehensive service for malicious code detection available today!malicious code attacks., CC ID: 04576; Install … for malicious code, as necessary., CC ID: 11941; Protect the system against …Malicious code is computer code that causes security breaches to damage a … not all antivirus protection can treat certain infections caused by malicious code, which … even warned about the threat of malicious code against national security .