About Security and Protecting Against Viruses

Overview

Malicious executable code, also known as malware or viruses, has become more common and can impact users of AutoCAD LT. If allowed to spread, malware can result in loss of intellectual property and reduced productivity.

The most common vulnerability results from allowing executable code to co-exist with data, such as automatically loaded AutoLISP files in the Start In folder. The Start In folder is determined either by the Start In attribute stored in the properties of the desktop shortcut icon, or by the folder in which you double-click a file to start the product.

For example, project-based executable files bundled together with drawings in a ZIP file might include edited versions of acadlt.lsp, acadltdoc.lsp, and FAS and VLX files that contain malicious code. When the contents of the ZIP file are extracted into a folder and AutoCAD is launched by double-clicking a DWG file, the LSP files are automatically launched as well.

Also, many viruses try to propagate themselves by editing acadlt.mnl, adding a line in it to load itself.

In addition to AutoLISP, there are some additional common threats that can be used to exploit AutoCAD LT as well as AutoCAD. These include the following:

• Subversive script, PGP, and CUIx files. Always examine these types of files from external sources carefully before using them because they can include hidden malware.
• Malware inserted in cracked copies and unauthorized add-ons. The people who crack software can easily insert additional code, including malware that steals your work or turns your computer into zombie.
• Malformed DWG files designed to overflow buffers with executable code. This is a more sophisticated type of attack designed to make doctored drawing data run as code on your computer. The AutoCAD Security team has been working to close buffer overflow exploits in AutoCAD and AutoCAD LT. If you work with sensitive design data, open drawing files from only trusted sources.
• Binary planting. This category includes inserting doctored binary files such as EXE, DLL, and COM files to substitute for legitimate files. To plant these files on your computer or a network requires privileges that can be granted by exploiting weak folder permissions, or if the application is running with local Administrator privileges.

Security Countermeasures

AutoCAD security countermeasures minimize the possibility of executing malicious code by providing controls that

• Specify one or more trusted folders for executable files. Support for trusted locations are provided by the TRUSTEDPATHS system variable, so that executable files can be stored in controlled, auditable folder locations. It is recommended that these folders be set to "read only." These locations can be locked by the CAD Manager.
• Limit the access to the acadlt<release>.lsp and acadlt<release>doc.lsp files and their successors by allowing them to be loaded only from their default installation folders: <installation folder>\Support, and <installation folder>\Support\<language> respectively.
• Limit the loading of AutoLISP applications in the current session of the product, including all LSP, FAS, and VLX files. Loading behavior is controlled by the SECURELOAD system variable.
• Prevent unintentionally finding and loading of executable files from the Start In and drawing folders by leaving the LEGACYCODESEARCH system variable set to 0.
• Secure the cleanup process after an attack by completely disabling executable code at startup of the product. This capability is controlled by the /safemode startup switch, and is reflected by the read-only SAFEMODE system variable. The /safemode switch lets you start the product safely, so you can make changes to the SECURELOAD and TRUSTEDPATHS system variables.
• Lock the following system variables with the CAD Manager Control utility: LEGACYCODESEARCH, SECURELOAD, and TRUSTEDPATHS.
• Automatically sets a security level by controlling several of the system variables described here with the SECURITYOPTIONS command.

General Preventative Measures

The following preventative measures will reduce your vulnerability to malicious code:

• Keep current with all your software products, including virus definitions.
• Install AutoCAD LT in the default program files location with UAC turned on, and do not run AutoCAD LT with Administrator privileges.
• Employ the Windows User Account Control (UAC) and limit privileges to prevent unauthorized changes.
• Attend to security warnings, especially those concerning unsigned executable files.
• Be careful about external applications, cracked software, "free" drawings, and custom files that could contain malware.
• When installing 3rd party applications involving LSP, FAS, and VLX files, make sure that the installed files are digitally signed with a certificate issued by a reputable source, such as VeriSign.
• Never run an unknown AutoLISP file without first inspecting the code.
• Never run an unknown script file without inspecting it.
• Keep executable code in read-only folders that are separate from data.
• Store executable code in trusted, read-only locations.
• Locate shared AutoCAD LT CUIx files in read-only locations.
• Set the SECURELOAD system variable to 1 or 2 to prevent unauthorized code from executing within AutoCAD LT. This setting can also be modified with the Options dialog box System tab Executable File Settings button or in the Deployment Wizard.
• Set the TRUSTEDPATHS system variable to unique, read-only folders that can be trusted. The C:\Program Files\ and C:\Program Files (x86) folders, including their subfolders are automatically trusted. These paths can also be set in the Deployment Wizard.

In the current cyber threat environment, it's always a good idea to practice vigilance, even with AutoCAD LT, and when it means spending a few extra minutes to reduce your security risks.