Security
-
Yesterday we introduced the need to sign program modules for AutoCAD 2016. Today we're going to see how AutoCAD behaves when loading signed and unsigned modules, as well as what the innards of a signed LISP module look like. Here's a simple piece of AutoLISP code that I've placed in a file called c:/temp/MyModule.lsp: (defun c:test() (princ "\nThis is a test command.") (princ) ) Here's what AutoCAD displays when we try to load this module: We can use AcSignApply.exe to sign this module with our digital certificate, as we discussed yesterday: Here are the contents of the file…
-
This series of posts is one I've been meaning to write since AutoCAD 2016 started shipping. Thankfully a number of other people have filled the void, in the meantime, so I've created an appendix of related posts that you can find at the bottom of each post in this series. The series is about how we're working to improve security inside AutoCAD, and what this means for application developers. Dieter's posts on Lynn's blog help explain some of the background to this work, much as I've posted here in the past, too. Perhaps the biggest security change in AutoCAD 2016…
-
After our quick look at AutoCAD 2016 from a user perspective, let's now spend some time looking at the things important to developers in this latest release. Compatibility Off the bat it's worth stating that AutoCAD 2016 is a DWG compatible release: it's using the same file format as AutoCAD 2013, 2014 and 2015. It's also a binary application compatible release: ObjectARX apps written for AutoCAD 2015 should work in 2016 and it's likely that .NET apps built for AutoCAD 2014 will work, too. That said, some changes have been made to the security model for this release of AutoCAD,…
-
In the first post in this series, we talked a little about product security in AutoCAD and why having a JavaScript API doesn't make AutoCAD less secure. We also took the chance to talk about the SECURELOAD mechanism, mainly saying that it's a good thing. Today we're going to talk about why it's such a good thing. The various product teams at Autodesk have been very focused on improving security in our products over the last couple of years. We've hired a number of key security-focused architects and engineers who are working to improve the level of security we have…
-
We've been getting some interesting responses back from the AutoCAD Security Survey that has been posted over on the AutoCAD Futures beta forum. (If you haven't already responded, we'd appreciate you taking the time to do so: it'll probably take you less time than reading the rest of this blog post. Then please come back and finish reading this, too. 😉 The survey is intended to gauge whether the safeguards we first introduced in AutoCAD 2013 SP1 (and then further enhanced with the SECURELOAD mechanism in AutoCAD 2014) are properly understood and considered valuable. From some of the feedback we've…
-
This week has so far had an AU theme to it, just as last week we talked exclusively about Leap Motion and AutoCAD. Perhaps I'm sub-consciously shifting this blog to a weekly-themed format? Hmm. Like many of you, I'm sure, I received an email over the weekend to let me know that the recorded sessions from Autodesk University 2012 are now available online (for anyone with a valid AU online account). I wasn't sure which of my sessions had made it up there from this last year's event (thank goodness I rarely have to write cheques anymore), and so was…
-
As reported by Tom Stoeckel over on Without a Net, AutoCAD 2013 Service Pack 1 is now available for download. I've been waiting for this release with some impatience… in my new role I've been increasingly involved in discussions around the security of AutoCAD and our customers' data, and this Service Pack makes significant progress in this area. As Tom notes, malware attacks in AutoCAD typically† take advantage of the fact that when a drawing is loaded, AutoCAD tries automatically to load various types of acad.* files (acad.dvb, acad.lsp, acad.fas, acad.vlx, …) from the drawing's folder. Which means that when…