Somewhere, I think it was an AutoCAD e-mag or web site, I read that
version AutoCAD 2006 has a back door built in that would allow
Autodesk, or any other person who could hack, take control of your PC.
and that by accepting the licence term to install, you are allowing
I'm not dreaming this am I ?
Can some one point me back to the, or any articles on the subject?
Is this true, and at what is the real risk from hackers?
Okay, Okay, Okay. :-)
Yes, I am the person who has raised the alarm. Simply read your license
'agreement' that mandates you must allow Autodesk to "enter" your
computer/network "electronically" and then ask yourself just how Autodesk
could possibly do so. Autodesk's license states they will provide advanced
notice that they intend to "enter" a customer's computer "electronically"
does it not? Please, correct me if I have used the wrong words such as
"enter" and "electronically" which I am recalling are the exact terms used
in the license as these terms are critically important to understand the
actual slime-speak the license has been written in.
So, let's take a look at a possible scenario...
Autodesk suspects you have pirated copies of AutoCAD installed on your
computer/network. Perhaps they were notified by a former employee. Whatever,
the point is, Autodesk suspects you have pirated copies of AutoCAD installed
on your computer/network. So on Monday morning Autodesk notifies you --- in
advance --- that Autodesk intends to enter your computer/network on Tuesday
meaning Autodesk intends to "enter" your computer/network "electronically"
to determine if you have pirated copies of AutoCAD installed.
Now let's ask ourselves the following:
1.) Even if anybody had pirated copies installed would anybody actually
allow Autodesk to simply waltz in with their advanced notice to enter a
computer/network electronically? Hardy Har Har. Who would leave
incriminating evidence installed or otherwise detectable after being
notified they were about to be caught? In fact, it is most likely such a
person would likely tell Autodesk "Sorry, but I/we had a power failure
Monday night and the disk drive was destroyed."
2.) Regardless of what is or is not done to comply with Autodesk license
each and every customer who is now being considered a thief and each and
every citizen of their respective nations must demand to know how Autodesk
could possible enter their computer/network electronically.
I have attempted to discuss this with Autodesk and their sycophants in
several of the official Autodesk newsgroups, notably Autodesk's
pn.cadmanagers newsgroup. Autodesk has refused to explain how they would
enter a computer/network electronically and the CAD Managers themselves
either remained quiet or argued like morons and fools trying to deny that
this could be factual.
Let's consider the argument the moron CAD Managers present: "I read my
server logs and I did not see anything unusual so therefore there is no back
door or any remote control built-in." Brilliant logic huh?
There are one or more features in Autodesk's software that use Internet
protocols to send and receive over the Internet. A feature like eTransmit
comes to mind. If I intentionally used eTransmit to transmit drawings to you
the server logs would only show that on such and such a date I intended to
send you something. So how could the logs indicate something was wrong? The
answer is they would not. Are we all on the same page here?
Furthermore, AFIK there is no way to determine the contents of packets
without inspecting each packet as it is being transmitted. This is called
'stateful packet inspection.' The back door could easily be programmed to
capture packets for modification or even spread the back door to another
instance of AutoCAD or the sender's and/or the receiver's computer/network
could be made to function as a zombie to relay or 'snitch' directly to
Autodesk. There are a myriad of ways Autodesk can be implementing such a
spyware scheme and a myriad of ways that back door remote control functions
could be made to do so serrepticiously without ever being discovered until
the damage was done. It takes forensic police work weeks sometimes to
determine the facts. Check these claims out. After all, according to the
morons from the pn.cadmanagers newsgroup I am a loony, a liar, and I do not
know what I am talking about.
So, a reasonable person (which I consider myself to be) has no other
recourse but to conclude that there is every indication that Autodesk has
built in one or more back doors into their software products. These back
doors are likely multi-purpose and function in various ways. One function
would be 'remote control' to read the system registry as well as the
computer/network's file system at the very least. Another function may
simply ping using a zombie or some other serrepticious snitch methodology.
Now besides forcing each and every customer to be presumed as a thief who is
expected to drop their pants, bend over and spread 'em on demand there is a
serious and dangerous concern I have, that being my belief that AutoCAD
really is everywhere.
If for example a nuclear or chemical plant is using AutoCAD which is very
likely those facilities are at risk of espionage and perhaps worse when
considering we know without question that Lt. Charlie Wu of the Communist
People Liberation Army has crews of software engineers and computer
scientists at his beck and call and has no doubt reverse engineered every
bit and byte of AutoCAD and the Communists or anybody else who discovered
the back door(s) and hacked the key(s) could enter at will and do just about
whatever they wanted once they gained entry into the network of a nuclear or
chemical plant through a back door.
Thank you for clarifying that. Autodesk hides their licenses from public
review (because they are managed by corporate slimesters) and I was citing
from memory. The following sentence is the exact verbiage...
"Any such inspection or audit shall be conducted during regular business
hours at Your facilities or electronically."
Clearly slime-speak by appending the end of the sentence with a quick
mention "or electronically" with no further discussion of the matter after
many words which precede the slime-speak clearly explain the other criteria
related to their alleged audit procedure. As a matter of fact, that flagged
the attention of a person from Australia who posted to pn.cadmanager asking
what that meant and I extrapolated the obvious meaning.
Finally, to respond to your bass ackward question Autodesk did not
'adevertise' any back door in their EULA, they used slime-speak to cover
their @ss by using two short words "or electronically" to infer they have a
means to conduct their audit without being physically present.
You closed your reply with a cocky statement about the SciFi channel but it
seems that it would be you rather than I to whom your SciFi implications
would pertain because it is you not I that can not define what "or
electronically" without sounding foolish. If you think you have a reasonable
explanation what would it be?
The issue was raised by Paul Waddington in the SMH ( Sydney Morning Herald)
and was pick up by a few of the cad online publications. A reply was
also posted by AD however that did nothing to rebuke the claims.
We are closely monitoring this situation and what the software is doing
(simply because we can) and yes there is concern that the EULA
gives permission to electronically audit your computer. We suspect
that access would be rolled out over several releases if this is the case
mainly for the purpose of licence checking.
Whether this give a hacker any more freedom or control is a
debatable issue however when the program itself has your permission
to audit your P.C then the meaning of hacker might need redefining.
Personally I thought there would have been more debate over this issue.
Most of the comment suggest that if you do not like the EULA
buy something else however in most cases for entrenched ACAD
users this is not an option.
Its a breath of fresh air to read comments that consider this issue
meritorious to the extent that the facts must be made known. I do not make
any claims regarding being the 'first' to bring this up. Its one of those
things that all of a sudden exist within the global conciousness except for
those who prefer to remain unconcious which would be funny if this weren't
so damn serious when considering the acknowledgement that AutoCAD and
Autodesk products really are everywhere including nuclear or chemical
I'll do search of course if I had a good set of search terms. Do you have
any URLs to other comments by those you referred to?
Finally, what are 'you' doing to "closely monitor" the situation Gary?
Your not alone in your sense of personal wonder. People have really become
seriously dumbed down, deluded and actually take pride in their reticence
and inability to respond to contentious ideas having lost (or never
acquired) any critical reasoning skills.
Gary & Clinton
Thank you both very much for your replies, I did find the original
article that alerted me to this issue. it was
Going Too Far? Autodesk Licence Terms
May 25, 2005
And Clintons reply/ comments on the article were there.....whilst
looking for information on this subject I also found that there is
also the Autodesk Web Site Notice
?A security issue has been identified that could allow a local user to
gain inappropriate access to another local user's computer. This
problem occurs in a number of Autodesk products. You can help protect
your computer by installing this update.?
Change the words "a number of Autodesk products" to nearly all
Autodesk products would be nearer the truth.... check it out at
It makes one wonder if third party hackers are already trying to use
this feature to gain access?
Ok there are those on this newsgroup that consider Clinton paronoid,
and I guess I too could be grouped into that catagory, but just
because we are paranoid does not mean that they are not out to get us!
I am supprised that there has not been more discussion, debate and
research into this matter.
?Most of Autodesk's customers don't read the terms of license when
installing AutoCAD. This makes sense: if you want to use the software,
you have to agree to its terms. Thus, there's no point to reading the
license, because you have no rights to negotiate it. As Autodesk says,
if you don't agree to the terms, return the software.?
This article is the one that exposed that Autodesk has almost
certainly built a backdoor into their software.
All a reasonable person need do is read Autodesk's license and ask
themselves how else Autodesk could "enter" your computer
"electronically" even when given "advanced notice."
Read more at
This is of concern to a large multi-national company who are in the
process of considering moving from another CAD package to AutoCAD.
Because when they use it to chack out your LAN or WAN then you can not
protest because by the click of a button you have been told and given
them permission to do what they will ultimately be able too.
It's funny but look at SciFi most of the things considered by writers
of these things come to pass, or are projections into a possible or
Man stepping and travelling to the moon
Ok in war of the worlds there was the heat ray - would we not consider
that a lazer beam today?
Space Stations - currently under construction
I'm sure with a little thought that we could find many more.
Um... I am forced to assume that you are not using any Microsoft or
Adobe products? Other wise this issue with AutoDESK would appear to be
just another similar instance of licenses being tracked by the
manufacturer via the internet.
The difference between access functionalities that are possible on a
LAN and internet are becoming less and less. These day the only thing
that separates the two is a strong firewall. I'm just curious how
AutoDESK gets pass a good firewall that separating the LAN from the
internet. Can't imagine that any business wouldn't have one. Especially
now a days, when all the pundits are telling individual home users that
they had better get a good one.
Since when did two wrongs make a right?
Furthermore, I think you've made some risky assumptions about firewalls and
the use of Internet protocols. Autodesk could and probably has defeated even
the strongest of firewalls as I've surmised elsewhere. Briefly, all they
needed to do was provide customers with 'features' like eTransmit. If for
example you are using eTransmit, and eTransmit is the back door you have
already configured your firewall to allow send/receive packets. Your logs
will only show that on such and such a day you sent and received from some
business partner you collaborated with. AFIK there is no way to even use
what the network security experts call 'stateful packet inspection' as what
was being inspected is exactly what we intended to send or receive. Does
this make sense to you? I can only surmise.
Um... I am forced to assume that you are not using any Microsoft or