Security and Protecting Against Malicious Code

Several security measures and practices can protect you against malicious code.

Overview

Malicious executable code, also known as malware or viruses, has become more common and can impact users of 3ds Max. If allowed to spread, malware can result in loss of intellectual property and reduced productivity.

The most common vulnerability results from allowing malicious executable code such as MAXScript, embedded in data files such as a scene file (.max) to automatically load into and execute in 3ds Max. Compiled (C++, C#) or scripted (MAXScript, Python) plugins and tools could also pose a risk. Some malicious scripts spread by editing or creating a new script in 3ds Max’s scripts\startup folder, adding code to it to load the malicious script.

Vulnerable Files

Malicious executable code can be included in the following types of files:

3ds Max scene files and its various flavors (.max, .maxc, .chr, .mat)
MAXScript scripts (.ms, .mcr, .mxs, .mse)
Python scripts (.py, .pyc)
C++ plugins (all extensions supported by 3ds Max, .dll, .exe)
.NET assemblies (.dll)
JavaScript

Recommendations

The following best practices will reduce your vulnerability to malicious executable code:

Install 3ds Max in the default operating system-protected location (C:\Program Files) with User Account Control (UAC) turned on.
Do not run 3ds Max with Administrator privileges.
Keep your virus definitions current.
Never run an unknown MAXScript or Python file without first inspecting it for signs of malicious or suspicious code.
Note: You can monitor which scripts are loaded by 3ds Max. See Logging Scripts and 3ds Max System Log for more information.
Keep Safe Scene Script Execution enabled to protect against unsafe code embedded in scene files.
Keep Malware Removal enabled to protect against and keep your scene files and startup scripts free of known malicious scripts.
Update the Scene Security Tools when you see a notification that a new version is available to keep the malware removal functionality relevant.
When installing 3rd party plugins, make sure that the installed files are digitally signed with a certificate issued by a reputable source, such as VeriSign.
To verify the digital signature of a binary file, open its File Properties dialog, and navigate to the Digital Signatures tab. If this tab is missing, the file does not have a digital signature. For more information see the Digital Signatures for executable files topic.
To verify the digital signature of MAXScript files, see the Digital Signatures for Executable Files topic.