Does AutoCAD 2006 has a back door?

Hi Guys

Somewhere, I think it was an AutoCAD e-mag or web site, I read that version AutoCAD 2006 has a back door built in that would allow Autodesk, or any other person who could hack, take control of your PC. and that by accepting the licence term to install, you are allowing this!

I'm not dreaming this am I ?

Can some one point me back to the, or any articles on the subject?

Is this true, and at what is the real risk from hackers?

TIA

Alan

Reply to
Cadalot
Loading thread data ...

Hang around and wait for 'clintonG' - he will tell you all about it.

Reply to
R.K. McSwain

CLIIIIIIIINNNNNN-TONNNNN!

Reply to
Michael Bulatovich

Okay, Okay, Okay. :-)

Yes, I am the person who has raised the alarm. Simply read your license 'agreement' that mandates you must allow Autodesk to "enter" your computer/network "electronically" and then ask yourself just how Autodesk could possibly do so. Autodesk's license states they will provide advanced notice that they intend to "enter" a customer's computer "electronically" does it not? Please, correct me if I have used the wrong words such as "enter" and "electronically" which I am recalling are the exact terms used in the license as these terms are critically important to understand the actual slime-speak the license has been written in.

So, let's take a look at a possible scenario...

Autodesk suspects you have pirated copies of AutoCAD installed on your computer/network. Perhaps they were notified by a former employee. Whatever, the point is, Autodesk suspects you have pirated copies of AutoCAD installed on your computer/network. So on Monday morning Autodesk notifies you --- in advance --- that Autodesk intends to enter your computer/network on Tuesday meaning Autodesk intends to "enter" your computer/network "electronically" to determine if you have pirated copies of AutoCAD installed.

Now let's ask ourselves the following:

1.) Even if anybody had pirated copies installed would anybody actually allow Autodesk to simply waltz in with their advanced notice to enter a computer/network electronically? Hardy Har Har. Who would leave incriminating evidence installed or otherwise detectable after being notified they were about to be caught? In fact, it is most likely such a person would likely tell Autodesk "Sorry, but I/we had a power failure Monday night and the disk drive was destroyed."

2.) Regardless of what is or is not done to comply with Autodesk license each and every customer who is now being considered a thief and each and every citizen of their respective nations must demand to know how Autodesk could possible enter their computer/network electronically.

I have attempted to discuss this with Autodesk and their sycophants in several of the official Autodesk newsgroups, notably Autodesk's pn.cadmanagers newsgroup. Autodesk has refused to explain how they would enter a computer/network electronically and the CAD Managers themselves either remained quiet or argued like morons and fools trying to deny that this could be factual.

Let's consider the argument the moron CAD Managers present: "I read my server logs and I did not see anything unusual so therefore there is no back door or any remote control built-in." Brilliant logic huh?

There are one or more features in Autodesk's software that use Internet protocols to send and receive over the Internet. A feature like eTransmit comes to mind. If I intentionally used eTransmit to transmit drawings to you the server logs would only show that on such and such a date I intended to send you something. So how could the logs indicate something was wrong? The answer is they would not. Are we all on the same page here?

Furthermore, AFIK there is no way to determine the contents of packets without inspecting each packet as it is being transmitted. This is called 'stateful packet inspection.' The back door could easily be programmed to capture packets for modification or even spread the back door to another instance of AutoCAD or the sender's and/or the receiver's computer/network could be made to function as a zombie to relay or 'snitch' directly to Autodesk. There are a myriad of ways Autodesk can be implementing such a spyware scheme and a myriad of ways that back door remote control functions could be made to do so serrepticiously without ever being discovered until the damage was done. It takes forensic police work weeks sometimes to determine the facts. Check these claims out. After all, according to the morons from the pn.cadmanagers newsgroup I am a loony, a liar, and I do not know what I am talking about.

So, a reasonable person (which I consider myself to be) has no other recourse but to conclude that there is every indication that Autodesk has built in one or more back doors into their software products. These back doors are likely multi-purpose and function in various ways. One function would be 'remote control' to read the system registry as well as the computer/network's file system at the very least. Another function may simply ping using a zombie or some other serrepticious snitch methodology.

Now besides forcing each and every customer to be presumed as a thief who is expected to drop their pants, bend over and spread 'em on demand there is a serious and dangerous concern I have, that being my belief that AutoCAD really is everywhere.

If for example a nuclear or chemical plant is using AutoCAD which is very likely those facilities are at risk of espionage and perhaps worse when considering we know without question that Lt. Charlie Wu of the Communist People Liberation Army has crews of software engineers and computer scientists at his beck and call and has no doubt reverse engineered every bit and byte of AutoCAD and the Communists or anybody else who discovered the back door(s) and hacked the key(s) could enter at will and do just about whatever they wanted once they gained entry into the network of a nuclear or chemical plant through a back door.

Hi Guys

Reply to
clintonG

Yes, you are wrong. The word "enter" is not in Sec 9.5 See:

formatting link
Quastion: If Autodesk purposly included this 'back-door', why advertise it in the EULA?

I'll bet you watch a lot of the SciFi channel...

Reply to
R.K. McSwain

Thank you for clarifying that. Autodesk hides their licenses from public review (because they are managed by corporate slimesters) and I was citing from memory. The following sentence is the exact verbiage...

"Any such inspection or audit shall be conducted during regular business hours at Your facilities or electronically."

Clearly slime-speak by appending the end of the sentence with a quick mention "or electronically" with no further discussion of the matter after many words which precede the slime-speak clearly explain the other criteria related to their alleged audit procedure. As a matter of fact, that flagged the attention of a person from Australia who posted to pn.cadmanager asking what that meant and I extrapolated the obvious meaning.

Finally, to respond to your bass ackward question Autodesk did not 'adevertise' any back door in their EULA, they used slime-speak to cover their @ss by using two short words "or electronically" to infer they have a means to conduct their audit without being physically present.

You closed your reply with a cocky statement about the SciFi channel but it seems that it would be you rather than I to whom your SciFi implicati>

Reply to
clintonG

Hi Alan,

The issue was raised by Paul Waddington in the SMH ( Sydney Morning Herald) and was pick up by a few of the cad online publications. A reply was also posted by AD however that did nothing to rebuke the claims.

We are closely monitoring this situation and what the software is doing (simply because we can) and yes there is concern that the EULA gives permission to electronically audit your computer. We suspect that access would be rolled out over several releases if this is the case mainly for the purpose of licence checking.

Whether this give a hacker any more freedom or control is a debatable issue however when the program itself has your permission to audit your P.C then the meaning of hacker might need redefining.

Personally I thought there would have been more debate over this issue.

Most of the comment suggest that if you do not like the EULA buy something else however in most cases for entrenched ACAD users this is not an option.

Regards Gary

formatting link

Reply to
Gary D'Arcy

Its a breath of fresh air to read comments that consider this issue meritorious to the extent that the facts must be made known. I do not make any claims regarding being the 'first' to bring this up. Its one of those things that all of a sudden exist within the global conciousness except for those who prefer to remain unconcious which would be funny if this weren't so damn serious when considering the acknowledgement that AutoCAD and Autodesk products really are everywhere including nuclear or chemical plants.

I'll do search of course if I had a good set of search terms. Do you have any URLs to other comments by those you referred to?

Finally, what are 'you' doing to "closely monitor" the situation Gary?

Your not alone in your sense of personal wonder. People have really become seriously dumbed down, deluded and actually take pride in their reticence and inability to respond to contentious ideas having lost (or never acquired) any critical reasoning skills.

Hi Alan,

Reply to
clintonG

Gary & Clinton

Thank you both very much for your replies, I did find the original article that alerted me to this issue. it was

Going Too Far? Autodesk Licence Terms May 25, 2005

formatting link
And Clintons reply/ comments on the article were there.....whilst looking for information on this subject I also found that there is also the Autodesk Web Site Notice ?A security issue has been identified that could allow a local user to gain inappropriate access to another local user's computer. This problem occurs in a number of Autodesk products. You can help protect your computer by installing this update.?

Change the words "a number of Autodesk products" to nearly all Autodesk products would be nearer the truth.... check it out at

formatting link
It makes one wonder if third party hackers are already trying to use this feature to gain access?

Ok there are those on this newsgroup that consider Clinton paronoid, and I guess I too could be grouped into that catagory, but just because we are paranoid does not mean that they are not out to get us! (VBG);-)

I am supprised that there has not been more discussion, debate and research into this matter.

Alan

?Most of Autodesk's customers don't read the terms of license when installing AutoCAD. This makes sense: if you want to use the software, you have to agree to its terms. Thus, there's no point to reading the license, because you have no rights to negotiate it. As Autodesk says, if you don't agree to the terms, return the software.?

This article is the one that exposed that Autodesk has almost certainly built a backdoor into their software.

All a reasonable person need do is read Autodesk's license and ask themselves how else Autodesk could "enter" your computer "electronically" even when given "advanced notice."

Read more at

This is of concern to a large multi-national company who are in the process of considering moving from another CAD package to AutoCAD.

Any

Reply to
Cadalot

Because when they use it to chack out your LAN or WAN then you can not protest because by the click of a button you have been told and given them permission to do what they will ultimately be able too.

It's funny but look at SciFi most of the things considered by writers of these things come to pass, or are projections into a possible or actual future.

Man stepping and travelling to the moon

Ok in war of the worlds there was the heat ray - would we not consider that a lazer beam today?

Space Stations - currently under construction

I'm sure with a little thought that we could find many more.

Reply to
Cadalot

Um... I am forced to assume that you are not using any Microsoft or Adobe products? Other wise this issue with AutoDESK would appear to be just another similar instance of licenses being tracked by the manufacturer via the internet.

The difference between access functionalities that are possible on a LAN and internet are becoming less and less. These day the only thing that separates the two is a strong firewall. I'm just curious how AutoDESK gets pass a good firewall that separating the LAN from the internet. Can't imagine that any business wouldn't have one. Especially now a days, when all the pundits are telling individual home users that they had better get a good one.

------------------------

Cadalot wrote:

Reply to
stephanie

Since when did two wrongs make a right?

Furthermore, I think you've made some risky assumptions about firewalls and the use of Internet protocols. Autodesk could and probably has defeated even the strongest of firewalls as I've surmised elsewhere. Briefly, all they needed to do was provide customers with 'features' like eTransmit. If for example you are using eTransmit, and eTransmit is the back door you have already configured your firewall to allow send/receive packets. Your logs will only show that on such and such a day you sent and received from some business partner you collaborated with. AFIK there is no way to even use what the network security experts call 'stateful packet inspection' as what was being inspected is exactly what we intended to send or receive. Does this make sense to you? I can only surmise.

Um... I am forced to assume that you are not using any Microsoft or

Reply to
clintonG

PolyTech Forum website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.