Well, I don't want to keep you in suspense any longer than necessary. As Lynn is returning from her vacation, rested and rejuvenated, I'd like to finish up my guest posts on AutoCAD security. Again, my appreciation and thanks go to Lynn for the opportunity. - Dieter Schlaepfer
The war for your privacy, identity, intellectual property, and online security is definitely escalating! The most common and easiest method that cyber-criminals use is to fool people into clicking a link or opening an attachment in email. Some of these can be very convincing that they're legitimate.
However, certain cyber-criminals and organizations focus on your AutoCAD environment. Your first line of defense is to be aware of their methods and know what features and best practices can help you defeat these attacks.
Here’s what our software and test engineers did for AutoCAD 2016:
- Analyzed the code and reduced or eliminated vulnerabilities to malformed data.
- Updated the CAD Manager Control utility so that several system variables can be locked (LEGACYCODESEARCH, SECURELOAD, and TRUSTEDPATHS).
- Provided a way to prevent the common vulnerability that allowed AutoLISP and other executable code from being automatically loaded from the Start In folder. (LEGACYCODESEARCH)
- Improved the accessibility to trusted paths and other security settings through an upgraded Security Options dialog box. When you restrict the folders from which executable code can run, it’s less likely that malicious code can execute secretly.
- Added support for attaching digital signatures to AutoLISP and related files. Adding a digital signature to an application provides you with a way of verifying whether the application has been replaced or modified. Any changes will invalidate the digital signature, and will alert you when you try to use it.
- Updated a variety of other vulnerabilities. With genuine, non-cracked products, you remain current with Autodesk’s countermeasures against cyber-crime.
- Removed the ability to add passwords to drawing files. Instead, we recommend that you purchase an encryption product that meets current industry standards and is updated as needed. As of April 2015, many security experts recommend a 2048-bit RSA asymmetric key length as a minimum (a 4096-bit key length for internet transactions) along with a 128-bit AES symmetric key length as a minimum (a 256-bit key length for classified information).
Even if you don’t have AutoCAD 2016 yet, you can still be aware of the growing security threats and take precautionary measures. Don't put it off!
Like you, I truly wish that these threats would go away, but we need to accept the fact that they will continue to escalate as will our efforts to combat them.