Every $2 will be transferred to the Ukrainian Volunteers Fund. Do not remain indifferent, support Ukraine!

Corporate security in the 3D segment. Part 1.


Author MastaMan
Updated on August 8, 2022
English and Русский

Index

Introduction

I am often approached by large companies to help solve the issue of security and threats associated with software. A common reason why data, passwords, important information, data corruption or workflow interruption occurs is due to the digital inexperience of company employees.

If you do not take into account that it is undesirable to use pirated software or download any files from unverified sources, there are still risks that some users do not even know about.

Risks

Risks are often associated with 3Ds Max itself, because no one thinks that malicious code can execute in the 3Ds Max environment with the same probability as running a regular *.exe program or opening third-party files.

Script viruses, ransomware plugins that slow down "Custom Attributes", self-executing DLLs and this is not a complete list of what can happen to your 3Ds Max.
All this may affect the workflow in the first place, but also attempts at industrial espionage, undermining work within the company by competitors, or taking over a workstation to create a "Bot-Net" should not be ruled out.

From my experience, I can say that no one cares about the security of 3Ds Max. And this is a huge window of opportunity for hackers. It's simple, not a single computer antivirus reacts and cannot catch such threats, since they are executed in the 3Ds Max environment.

Research

ESET research shows real problems that some companies are facing. It is extremely difficult to map and understand the scale of infections, one can only guess how much the 3D segment has suffered since 2016 and what losses have been inflicted in general.


ESET Research, page 7
eset research maxscript viruses
Loading...
But on average, if you calculate, ordinary script viruses that interrupt and slow down the workflow can take up to 20% of the time for an ordinary employee to find and fix problems.


Some technical information about my virus research under 3Ds Max.

Viruses in 3Ds Max

Solutions

I would like to praise and scold the developers of Autodesk 3Ds Max at the same time. In the 2022 version, a more or less adequate tool for detecting script viruses has been added, and this tool does its job really well. But, it was made as uncomfortable as possible. Is it really not possible for such a large corporation as Autodesk to allocate resources to such an important component and do it at the proper level? Knowing the history of Autodesk 3Ds Max, how they release raw functionality from version to version, it's not surprising that we have such a tool. What's wrong with him, you ask?


A small list of what I don't like about Autodesk Security Tools:

  • Low signatures for viruses and threats, such as no signatures for adware or non-standard viruses or anomalous code.
  • Userability. Any change to the Security Tools settings will cause 3Ds Max to restart. How is that at all? Who came up with this, who will use it?
  • Updates... To update, you need to follow the link to the official website, register, download the installer, close 3Ds Max, then install, open 3Ds Max, open your project. ..
This is a complete mockery of users! No one will make such updates. Namely, updates provide timely security, this is the key to stable operation. Well, how could this be done?
autodesk 3dsmax security tools update message
Loading...
These popup messages about viruses or updates are so annoying to users that entire companies are putting up alternative solutions, such as Prune Scene, which can run seamlessly and silently. Prune Scene works very harmoniously with updates, they happen in one second without restarting 3Ds Max. It is so convenient that users are ready to make donations to support the development of this script.

Prune Scene


And a few more unpleasant moments with Autodesk Security Tools:

  • DotNet code locks are too tight, because of which half of the scripts may simply not work. Well, if you are already doing such a check, is it really difficult to give the user the opportunity to choose whether or not he wants to run this or that script. And to turn off this option temporarily.... you need to restart 3Ds Max again.
  • Why did normal protection appear in 2022? And where is the protection for other versions of 3Ds Max? Why is there no protection for 2012 - 2016 versions, or other popular versions? Why are users abandoned like this? But because it is difficult to support so many versions? This is all about elementary disrespect for users, this is all about their values ​​and strategy for making money, transferring users to more and more new versions. Let's see, maybe by 2030 they will make a user-friendly interface... or maybe there will be a convenient update...?
In this way, it seems like Autodesk is for security, but on the other hand, it is done so crookedly that users will simply be exposed to threats due to poor UI / UX. But still, the Autodesk 3Ds Max program itself is convenient and is unlikely to be abandoned in favor of the same Blender. Thanks to a large community, all these shortcomings are corrected. For example, Prune Scene is rid of all these shortcomings, has a minimalistic interface, many virus signatures, fast updates, convenient seamless installation, and most importantly, updates are released as quickly as possible, because users help in the search for new viruses and this reaction is instantaneous. Autodesk, with their bureaucracy, long development, and slow deployment, just can't keep up with the current situation. While the update is in progress, a large number of computers will already be at risk.


Prune Scene

Conclusion

Back to corporate security, this is important, this is really important! It is very critical for large companies if a workflow stops or other related problems associated with the leakage of personal data occur. All this can result not only in unplanned cash costs, but even worse, your own reputation is at stake. Therefore, I put on opposite scales Safety and Reputation.

Are you ready to question your reputation? Are you willing to risk your safety?
Give yourself the answer to these questions and maybe don't put it off until tomorrow.


Go to article "Corporate security in the 3D segment. Part 2."


{{commentsMsg}}
  

No one has posted a comment yet
{{comment.lastname}} {{comment.name}} {{comment.date}}
{{comment.text}}


SUBSCRIBE TO OUR NEWSLETTER

{{subscribeMsg}}