I've been chasing a drawing corruption problem on behalf of a customer. The problem manifests itself by causing a "Missing Language Pack" dialog to display when the drawing is opened (but only in Windows XP with no language packs installed -- my Vista installation apparently has all the language packs installed). Installing the language packs "fixes" the problem, in that the drawing files open without error.

However, the real problem is that some drawing objects were corrupted in memory, and corrupt data was subsequently written to the .dwg file. My customer thinks the corruption might be linked to a virus that they were infected with (and have since eliminated). I have a copy of the virus for testing, but I have not been able to catch it in the act of corrupting an open drawing file. Therefore, I cannot conclusively link the virus with the corruption.

So, I need your help. Have you recently noticed a "Missing Language Pack" dialog appearing in drawing files that have opened fine in the past? Has your virus scanner recently detected an AutoCAD related virus? If you have, please send me an email describing your situation and AutoCAD versions involved. I would like to determine conclusively whether the virus is causing drawing file corruption, and if so, whether the corruption is always in the same location of the drawing file.

[Update: Autodesk has released a technical document with information about the virus. See also Shaan Hurley's blog post.]

Labels: AutoCAD, security

From a new features overview of Autodesk Design Review 2010 comes the following snake oil claim:

Digital Signatures
To help secure your data, you can now digitally sign DWFx files.

As I've explained before, digital signatures do not provide data security; they simply authenticate the person that applied the signature. Digital signatures are a welcome feature with many potential uses, but data security is not one of them.

Labels: Autodesk, digital signature, DWF, protection, security

The increased sharing of electronic CAD data (ala BIM) holds a lot of promise, but it also exposes companies and individuals to additional liability and risk. This additional risk is coming into focus more and more as actual cases of costly legal battles confront engineers and architects.

The June 2008 AUGI wishlist results contain "Design File Locking" as the top wish by a substantial margin, and Shaan Hurley lists it as number 3 in the AU 2008 AutoCAD wish list. Clearly, interest in file and IP security has been growing steadily.

As demand for IP security grows, there are sure to be snake oil security vendors trying to cash in on it. I received a spam email a few days ago from SafeNet, Inc. promising "a cost-effective and easy to integrate solution that provides reliable and effective security through the use of digital signatures." Whenever I see such statements with a long string of buzzwords, my snake oil alarm goes on alert. Digital signatures are for authentication and establishing trust -- they cannot and do not provide "reliable and effective security", although I suppose they could be used by a system that does.

In the last year or two, a number of companies have claimed to market software that "secures" AutoCAD DWG files. When I see such a claim, it invariably refers to software that creates an anonymous unequally scaled MINSERT entity. These can be created or "exploded" with a few lines of AutoLISP code. Frequently these companies claim to "encrypt" the drawing, which may sound sexy, but is an outright lie. If this is a level of "security" that meets your needs, at least use one of the many free versions posted throughout the internet (DETER.VLX from DotSoft is one I know of).

There are solutions, but they always require changes in the workflow process that involve difficult tradeoffs and careful evaluation of what is technically feasible and practical versus the costs of implementing the changes. There is no such thing as installing a single piece of software to instantly solve the problem. If you are looking for ways to protect intellectual property in your drawing files, don't be fooled by snake oil security vendors.

Disclaimer: One of my hats is the president of CADLock, Inc., makers of CADVault for AutoCAD.

Labels: AU 2008, CADLock, CADVault, digital signature, encryption, legal, security

Security and encryption legend Bruce Schneier posted this essay:
The War on the Unexpected

I think we should all be reminded that representative governments are always at risk of death by democracy: suicide under the watchful eyes of a body politic beholden only to the next election.

Labels: security