Dassault and Autodesk Wish You a Happy Cryptolocker New Year

One of my premises in regards to the cloud and companies that force you to go there with your IP as a method of conducting your business is that the black hat guys fight with the white hat guys and none can get rid of the other. And at any given time one is victorious over the other and YOU the user are left to absorb the consequences. So as many in the CAD and CAM world are shoved knowingly or unknowingly towards the Dassault and Autodesk hoped for forced subscription nirvana of cloud only CAD and CAM software it is worth considering the last few months. And of course with the upcoming 2014 SolidWorks End of Life Convention it is timely to remind both Dassault and their users about the folly of what Bernard Charles proposes with this online “Experience” paradigm. This wonderful thing that will enable secure data storage and unlimited compute power over your crippled ISP throughput and all the other lies they propound. Put Autodesk in there too but SW has the next big deal convention coming up and they have been at it the longest although without any real commercial grade success to speak of. Bet that makes the EOL SW subs happy to see their money spent that way considering the scarcity of announced new product features for 2014.

So lately we see that customer data loss from Adobe tops 2,900,000 and Target tops 40,000,000 and you can bet this was from “secure” situations. And now welcome the latest and greatest proof of concept of the insanity of Cloud for CAD and CAM, Cryptolocker.

How would you like to log in to your network only to find that every connected device with storage had been encrypted. You have 72 hours to pay up or lose it all. I like especially comments and instructions from Carbonite, a company that extolls the headache free and totally reliable cloud backup method for all your files. Oh, and they say you can access your files from ANYWHERE and work so free and effortlessly not shackled by the limitations of offline hardware and the onerous burden of being responsible for yourself. Sound familiar all you Autodesk and SolidWorks/Dassault users? Go here and read this.


Which says in part,
“I work for Carbonite on the operations team, and I can confirm this for most cases – I will also offer these two pieces of advice:
1) If you are affected by the virus, you should disable or uninstall Carbonite as soon as possible. If you stop backing up the files, it’s more likely that Carbonite will not have overwritten a “last known good” backup set. There is a high risk of some recent data loss (you’re effectively going back in time, so if we have no record of the file existing at a previous time, you won’t get it back) with this method, but it’s far, far better than losing all of your files.
2) When you call customer support, which you should do as soon as possible, specifically mention that you are infected with cryptolocker. It was mentioned in the post above, but I just wanted to put emphasis on it because it’ll get you through the queue faster.
Edit: also, just to state the obvious, make doubly sure the infection is off your machine before you call support, please.”

I really like that last part. Please don’t expose us to your infected machine because we don’t want bigger problems than we already have on our safe and secure servers. And we don’t want to have your problems bleeding over into other accounts on our network because we are not sure we can stop it. The delicious irony of secure online backups being a vector of additional infections and theft is sublime is it not?

Information from Dell regarding this. http://www.secureworks.com/cyber-threat-intelligence/threats/cryptolocker-ransomware/

Bleeping computer has a regularly updated post on this with information on what it is and how to hopefully block it. Of course this site http://www.reddit.com/r/sysadmin/comments/1p32lx/cryptolocker_recap_a_new_guide_to_the_bleepingest/ccy89d3
has a lot of information but common sense will tell you that once the genie is out of the bottle how do you get it back in? So Microsoft has a solution for this at this time but don’t you know the guys who figured this out are already working on their Cryptolocker patch for your future entertainment.

Time and time again I keep saying that the only secure way to work with data you are supposed to be protecting is keep your stuff off-line. Keep your internal network off-line and allow access only through certain isolated computers and for sure don’t let these BYOD clowns plug their stuff into your network. Sys admins and bean counters, shame on you for concocting this save my company money with BYOD idea. How many access points do you want for all these bad guys to get into your data if you even care?

Another method that will probably save you is regular complete images of your system. But my money is on local regular backups. This is just good policy anyway for so many reasons and I am shocked at how many companies do not have an implemented procedure for this. I am thinking here that two backups separated by two weeks would probably defeat the activation time requirement for Cryptolocker and do it on a regular basis. In addition I save all my CADCAM data periodically to flash drives and DVD’s. And of course the Workstation in the shop never goes online.

How many times do you people who get all giggly and excited over the promise of being cutting edge technophile guinea pigs and smart guys saving your company time and money with the cloud have to get the alarms before you think twice? If you give your business to companies that insist you have to put your IP on the cloud to use their products you are nothing more than a Russian Roulette volunteer who is counting on the other guy to take the bullet. I get really aggravated at how much traction these cloud proponents get and then think about the idea that they will not guarantee your security or productivity even though they will guarantee you a bill. It is why I write so much about the cloud because the only fallback method for these cloud guys is to repeat the lies often enough so that people will begin to think it is true. And so my rebuttals continue as do their lies. If they were honest with you their hopes for chattel labor would quickly go away.

I just bet that Dassault and Autodesk do not store their source code online. Perhaps you ought to be suspicious of these characters that hand you a chilled pitcher of refreshing Kool Aid but somehow don’t want to drink it with you.

4 responses to “Dassault and Autodesk Wish You a Happy Cryptolocker New Year

  1. What gets me is why product development software companies would bet the whole ranch on an IT idea. Sure, IT is central to all software, whether related to product development or not, but the paying customer is not coming to a CAD provider looking for IT solutions, or worse, a revolution in how they handle IT. I think CAD developers should stick to developing CAD. It’s not as if there is no more CAD capability to develop. Trying to sell IT solutions as CAD innovation may backfire, as it doesn’t add any core capability.

    It’s easy to see the cloud as something equivalent to the PC revolution, but it’s not. The PC revolution gave individuals and small business power. Cloud really takes it away, in my opinion.

    • Hi Matt,
      You are far kinder than I am. I think it is an MBA CPA idea meant to create captives who will have to pay more and more over time without recourse except to leave. Perhaps with their data perhaps not. Further I believe that if these guys can get away with it you will have to use data created there only there. The idea of software that sells itself on it’s own merits is harder work than a kleptocracy which is where Dassault and Autodesk are I think headed. Which indeed all cloud programs have as their goal in time.

  2. You seem to enjoy conflating “cloud”, “online”, “network”, “subscription”, and a whole bunch of other disparate concepts.

    So, let’s start with what you call the “forced subscription nirvana of cloud only CAD and CAM software.” What do “subscription” and “cloud” have to do with each other? Does one imply the other? DS, Siemens, Autodesk, and PTC are all perfectly capabable of forcing subscriptions on users of their existing Windows native applications, with no need to resort to using the cloud as an excuse. All they need to is tell those users “no upgrades or bug-fixes for you if you don’t subscribe.” On the other hand, both DS and Autodesk have been perfectly happy to let people use some of their web-based CAD products for no charge at all–with no need for any subscription.

    Notice I said “web-based CAD products.” I didn’t say “cloud-based” because you flat can’t tell, from a user’s perspective, whether the server side of a client-server CAD product is running on a multi-tenant elastic compute cloud, or on a 50 year old DEC PDP-6 connected to an X.25 WAN. (Or, in the case of CATIA, maybe an IBM System/370 mainframe connected via SNA/SDLC.)

    Client-server CAD products have been around a looooong time, and have been offered under subscription and cloud-like arrangements for almost as long. What you call “cloud only CAD” is just the newest verse in a very old song. Before United Computing (the predecessor to today’s Siemens PLM) started selling UNIAPT as a standalone CAM application in 1969, the only CAM you could even get was “cloud only,” via timeshare.

    Now, about all that data loss at Adobe and Target: It was from hackers who compromised the companies’ enterprise systems. Were those enterprise systems running on cloud computing or storage systems? Who cares! The compromises attacked authentication subsystems, not cloud management or provisioning subsystems.

    Cryptolocker? Yea, it’s nasty… but it’s a lot more likely that an online backup service will have versioning (and will be able to recover from a crytolocker attack) than it is that you’ve turned on System Restore/VSS on your local machine. (See https://en.wikipedia.org/wiki/Comparison_of_online_backup_services#Versioning )

    The fact is, online backup systems are statistically a lot more reliable than local backup systems. And they’re automatic. (When’s the last time you did a full local backup? Did you validate it? Have you gone back to validate your backups from a month or a year ago? Do you even still have a device to read your oldest backup media?)

    You say “I just bet that Dassault and Autodesk do not store their source code online.” Bad bet. Really bad. Both companies use online revision control systems for their source code. For that matter, most all serious software companies use revision control systems. They also backup like crazy — using redundant online and offline systems.

    • OK Evan, you go there I am not. In spite of what you say not one of these CAD on the cloud companies will indemnify you for your exposure there. You can debate the validity of examples I bring up and say they may not be relevant to the cad cloud. The legal departments at all these places say I am right and they have language that says that what they sell they will not stand behind. Why is this?

      I have a really good backup method. Last week was the last backup. There is a pc that never goes online as my method of last resort. Yeah I know tornadoes earthquakes atom bombs dropped on Hunysville so if you want to get real technical I don’t have every conceivable base covered. As for all the validation I suppose I must be doing something right as I have never lost data that I am aware of. Remember Evan I am a one man shop. You want to get real deep into sys admin stuff I am not the one. I can however read what is going on in other places and form I feel a valid opinion none the less. And I take better care of my data than most companies I talk to.

      Subscription as I see it WHEN coupled with the end of permanent seats means ceding all control to whomever. When companies say cloud based subscription only they want sustained cash flow and they do not want their customers to have the ability to make money using the software without paying continually. I still know shops working just fine with Mastercam V9 and they have not paid a dime for years. Lots of SW guys are off maintenance and still earn a living. This is not good for bottom lines. And Piracy. You end piracy by punishing users with must pay to play. Autodesk and Dassault both have plans for stuff that will work online only and why would they do that? Bass says all things will be cloud based in time and I know you have read his comments to that effect. What do the words he speaks mean? You are far more trusting than I am. I see these guys looking for stable cash flow.

      I have never seen an absolute statement from Autodesk or Dassault about where their source code resides. I have however read statements from Intel where they state quite clearly that their IP does not go on-line and will never go there because of lack of security. They actually fly important data from place to place. I have to believe that the very guts of the programs stay behind secure places although validation may not. How would these guys recapture their IP when lost on-line or would they even know they had lost it? I can play that game to. Fact still is they won’t indemnify their customers and I highly doubt they would expose themselves needlessly to something they do not trust.

      The days of mainframe computers where you had to check in were jetisoned for independent installs where people could control what went on and not have to worry about data rates over lousy networks. Is there a reason to want to go back to that model that you know of?

      You have put many things to consider into a short reply and I respect your opinions even if I don’t agree with them. I have to go to work now.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s