Several security measures and practices can protect you against malicious executable files.
Overview
Malicious executable code, also known as malware or viruses, has become more common and can impact users of AutoCAD. If allowed to spread, malware can result in loss of intellectual property and reduced productivity. Two common categories include automatically loaded AutoLISP files and VBA (Microsoft® Visual Basic® for Applications) macros. More sophisticated attacks that compromise or steal intellectual property include malicious ARX applications, object enablers, and DLLs (dynamic link libraries).
The most common vulnerability results from allowing executable code to co-exist with data, such as
- Macros embedded in DWG files
- AutoLISP files that are automatically loaded from the current folder.
For example, project-based executable files bundled together with drawings in a ZIP file might include edited versions of acad.lsp, acaddoc.lsp, and FAS and VLX files that contain malicious code. When the contents of the ZIP file are extracted into a folder and AutoCAD is launched by double-clicking a DWG file, the LSP files are automatically launched as well.
Also, many viruses try to propagate themselves by editing acad.mnl, adding a line in it to load itself.
Security Countermeasures
AutoCAD security countermeasures minimize the possibility of executing malicious code by providing controls that
- Specify one or more unique read-only folder paths, or unique domains or URLs from which your authorized applications can be loaded and executed. These addresses and locations are controlled by the TRUSTEDPATHS and TRUSTEDDOMAINS system variables.
- Limit the access to the acad2013.lsp and acad2013doc.lsp files and their successors by allowing them to be loaded only from their default installation folders: <installation folder>\Support, and <installation folder>\Support\<language> respectively.
- Limit the loading of AutoLISP and VBA applications in the current AutoCAD session, including all LSP, FAS, and VLX files, and acad.dvb. Loading behavior is controlled by the SECURELOAD system variable.
- Secure the cleanup process after an attack by completely disabling executable code at AutoCAD startup. This capability is controlled by the /safemode startup switch, and is reflected by the read-only SAFEMODE system variable. The /safemode switch lets you start AutoCAD safely, so you can make changes to the SECURELOAD, TRUSTEDDOMAINS, and TRUSTEDPATHS system variables.
Malicious code can be included in the following types of files:
- ARX, DBX, CRX, HDI files
- LSP, FAS, VLX, MNL, SCR files
- .NET assemblies
- VBA macros (DVB files)
- acad.rx
- JavaScript
- DLL files
Recommendations
The following best practices can minimize your vulnerability to malicious executable code:
- Always keep your virus definitions current. All leading anti-virus solutions can identify and remedy AutoCAD virus infections.
- Always enable User Account Control (UAC) for Microsoft Windows 7, and newer operating systems.
- When installing 3rd party applications involving ARX, DBX, CRX, HDI, and DLL files, make sure that the installed files are digitally signed with a certificate issued by a reputable source, such as VeriSign.
- Never run an unknown AutoLISP file or VBA macro without first inspecting the code.
- Always keep executable code in folders that are separate from data.
- Always store executable code in trusted, read-only locations.
- Always locate shared AutoCAD CUIx files in trusted read-only locations.
- Always set the SECURELOAD system variable to 1 or 2 to prevent unauthorized code from executing within AutoCAD. (This setting can also be modified with the Options dialog box
System tab Executable File Settings button or in the Deployment Wizard.) - Always set the TRUSTEDPATHS system variable to unique, read-only folders that can be trusted. The AutoCAD executable folder and its subfolders, and the ApplicationPlugins folders are automatically trusted. (These paths can also be set on the Options dialog box File tab or in the Deployment Wizard.)
- Always set the TRUSTEDDOMAINS system variable to specify domains and URLs that can be trusted.