|
Greetings!
Beware of Kazaa!
Forty-five percent of the executable files downloaded
through Kazaa, the
most popular file-sharing program, contain malicious
code like viruses and
Trojan horses, according to a new study.
Out of 4,778 files downloaded in one month, Bruce
Hughes, director of
malicious-code research at security firm TruSecure,
found that nearly half
of them contained various types of nefarious code.
Some code was designed to infect every file in a
computer user's Kazaa
download directory with a virus. Other code would steal
users' AOL Instant
Messenger password or install a program on their
computer to allow the
attacker to surreptitiously send spam through it or
otherwise take over
the machine remotely to steal personal data and files
on the computer.
Hughes said the code he found in shared files got there
in one of three
ways: The person hosting the shared file embedded the
malicious code in a
file on purpose; the code was a peer-to-peer worm
designed to scour the
network and drop itself into download directories; or, in
the case of some
viruses, once the user downloaded an infected file, the
malicious code
automatically infected other files in the user's file-share
directory so
that the user inadvertently infected the computers of
other users who
downloaded those files.
About 3 million users are logged onto Kazaa at any one
time. Hughes said
this has made the file-sharing network increasingly
attractive as a
channel for distributing malware.
According to the Wild List, a list that tracks viruses and
worms that are
currently in circulation, the number of types of viruses
circulating
through Kazaa increased 133 percent in 2003. In
January, the list recorded
nine different viruses passing through Kazaa; at the
end of the year the
number was up to 21.
He said a lot of the malicious code he found was
embedded in program files
that are designed to bypass or break copyright
protections placed on
software files like Microsoft Office to allow users to
share pirated
copies of the software.
So far, however, music, picture and movie files have
not been infected
with malicious code, because they aren't executables,
Hughes said. Users
can't run them simply by clicking on them. People need
to open them
through another program, such as a multimedia program
like Real Player.
Hughes said an attacker could trick a user into thinking
a malicious file
is a music or movie file by giving the file name a double
extension such
as .wav.exe (for music) or .jpg.exe (for images). If
users don't know .exe
indicates an executable file, they would click on it and
launch the
malicious program.
Hughes said it is also possible that someone will
eventually find a way to
infect movie and music files with malicious executable
code, although it
hasn't been done yet.
"It's one of the things that we worry about," said
Hughes.
Two vulnerabilities were discovered two years ago,
however, in Microsoft
Windows XP and in Nullsoft's Winamp, a popular
Windows media jukebox
player, that a hacker could exploit with an MP3 file to
take control of a
user's computer. Both Microsoft and Nullsoft offered
patches for the
vulnerabilities when they were discovered. The music
file doesn't launch a
payload itself; it takes advantage of a vulnerability in
the other
programs.
Hughes said that this year there will likely be a
significant surge in the
amount of malware that is intentionally posted and
unknowingly shared on
peer-to-peer file-sharing networks.
Hughes said that 80 to 95 percent of the malicious
code on Kazaa can be
detected with antivirus software, depending on the
detection program. But
he said that people often don't update their software
with current virus
definitions.
They can also be infected if the malicious code is
new and not yet
detected. And some malicious code is designed to shut
down antivirus
programs and firewalls if it does get past the detection
programs.
"Organizations need to warn their employees about file-
sharing
applications and the danger they pose to them at work
and at home," Hughes
advised. "Antivirus is one way to stop the stuff from
happening, but you
also need policies in place to make sure employees
aren't using dangerous
software like Kazaa."
He also said that parents should watch what their kids
are downloading and
make sure they have updated antivirus programs on
their computer.
"You'll really need to be careful what you're doing," he
said.
Story location:
|
|
Joe Greco Reports on SolidWorks World |
 |
|
Joe Greco reported on last week's SolidWorks World
which took place in Boston this year. I didn't attend. I
haven't attended any SolidWorks events in my career,
although I am certainly interested in how the other half
lives.
According to Greco:
One of the most amusing happenings at SolidWorks
World was Autodesk's
placement of a full-page ad in Tuesday's Boston Globe.
It read: "What they
won't tell you at SolidWorks World: The world's #1
selling 3D design
software is Autodesk Inventor Series." Who knows what
it cost, but the
newspaper distributed at the conference hotel was USA
Today! (Albeit, the
same ad did make it into USA Today on Wednesday.)
And did Autodesk think
the few hundred SolidWorks users who may have seen
this ad would say to
themselves, "Hmmm, I must switch tomorrow."
SolidWorks CEO John McEleney
thanked Autodesk for the free publicity, and I have to
say that Autodesk
would have been better off spending the money
improving its software,
which despite some advantages, will
probably fall further
behind SolidWorks once 2005 is released.
Autodesk claims that Inventor has won the war against
SolidWorks in the marketplace and they are turning
their sights on eliminating Pro/E - which has been
bleeding money for PTC for the past five years.
However, Autodesk can't be feeling that secure when
they keep lobbing potshots.
Read on... »
|
|
|
ASCII Tables and Symbols |
|
|
In AutoCAD, the diameter is inserted in a note with "%%
c". In the shape file, the diameter symbol is defined :
*02205,36,diameter
2,14,3,2,14,8,(-5,-10),14,4,2,14,5,8,(0,5),
1,10,(5,044),10,(5,004),2,8,(1,-6),1,8,(8,12),2,8,(6,-
11),0
The control here is the ASCII code "02205".
You cannot create additional %% combinations other
than what is provided. You have to use the ascii code
for characters up to 256 with the format "%%nnn" and
the unicode format ("\U+03A9" is the ohm symbol) for
characters in code pages beyond that.
If you are using a TrueType font, you can typically get
a more complete character set by using ALT+nnnn. I
think that using ALT+nnn gives you the 7-bit character
set (not many real characters after ALT+175) and using
ALT+nnnn gives you a pretty full character set
(through ALT+0255 anyway). In AutoCAD, the %%nnn
seems to be equivalent to ALT+nnn.
Download a table of ASCII symbols... »
|
|
|
Knowledge Based Engineering (KBE) |
|
|
I've been an engineer for almost 20 years. I have
survived KANBAN, JIT (Just In Time), Quality Circles,
ISO, SixSigma and a myriad of other fads and fancies
that have swept the industry every few years. Each
system rests on the fundamental idea of improving
product quality, reducing costs, and eliminating errors.
So, now I am studying Knowledge Based Engineering,
which tries to marry design standards with CAD.
Products reflect more than just their components. They
reflect the cumulative design, engineering, and
manufacturing knowledge of the organizations that
create them. Computer-Aided Design (CAD) supported
by data management software captures and manages
the "what" of products-the components. Knowledge-
based systems, on the other hand, capture and
manage the "why" and "how"-the cumulative
knowledge. "Why" might include the reasons for
selecting specific component features or
materials. "How" might address the manufacturing
process employed to produce a feature, or a
description of treating a material to achieve the desired
properties. The proper systems can optimally apply
experience and knowledge to minimize the time spent
on problem solving during the production of new
products.
Well-structured knowledge management (KM) and
knowledge-based engineering systems (KBESs) allow
organizations to capture and reuse product
development experience at many levels. They achieve
this objective by progressively automating lower level
repeated tasks, as well as higher level product
development processes. To date, relatively few
organizations have capitalized on this opportunity.
Those who have report compression of the time and
cost of design tasks by as much as 90 percent.
There are various levels of applying a KBE system.
And obviously, there are more and more software
products coming on the market that will integrate into
your existing CAD software to allow you to leverage
your design processes. Some of these products are
very basic and are really just PDM solutions, others
require more critical thinking and can have a more
powerful effect on how you design. Either way, if you
are a designer in any industry, spend a lunch hour
checking out the KBE solutions available on the market
today. Even if you decide not to buy one, you will
probably get an idea or two on how to improve your
workload.
Check out one KBE solution.... »
|
|
|
CAD Standards |
|
|
CAD Standards are always problematic for people,
especially if you work in a small office. It's easy to
come up with standards, but HARD to get everyone to
agree to comply with them.
However, you have to start somewhere and the place
to start is to write a small manual that you can put up
on the intranet or hand out to each drafter.
Melanie Stone, an AUGI member, has kindly given me
permission to distribute the CAD Standard manual she
has written for her office. You may find it as a good
starting point for your own CAD Standards manual.
Download a Standards Manual by Melanie Stone... »
|
|
|
Using a Spreadsheet to Create a Ladder Diagram |
|
|
AutoCAD Electrical completely automates the process
of creating a ladder diagram or schematic. Simply
create an Excel spreadsheet listing the pin numbers,
wire numbers, location, module ID, voltage, resistance,
etc.
Go to Reports/Misc->Spreadsheet PLC I/O Utility to
start the process.
Download the free tutorial... »
|
|
|
Export Families in Revit 6.0 |
|
|
Revit 6.0 includes the ability to save a family in a
project file, so you don't have to use the Copy & Paste
method or save as a group and save as an rvg.
Unfortunately, in order for it to work, the family has to
have been created in Release 6.0. If the family and
project file was created in Release 6.0, then you can
export the family so you can save it to be used in other
projects.
To do this, simply highlight the family in the browser.
Right click and select 'Save'.
|
|
|
Assorted Tips & Tricks |
|
|
Every once in a while, you may find your filedia system
variable turned off. This means when you save or open
a file, you will see the prompt on the command line, but
no dialog box. You can type ~ at the command line
and the dialog box will come up. Then switch the
filedia system variable back on by typing FILEDIA, 1 at
the command line.
You can copy entities nested inside of blocks using the
Express Tools (included free in 2004!).
- Type NCOPY at the the command line.
- Select the entities you want to copy.
- Pick your base point.
- Pick your insertion point.
Done!
Toggle your XREF type between Attach and Overlay.
- Open the XREF Manager dialog by typing XREF at
the command line.
- In the list of XREFs, look for the column named
Type.
- Simply double click on the xref's type to toggle
between Overlay and Attach.
You can change your MTEXT line spacing using the
following method:
- Select the MTEXT object.
- Right click and select Properties.
- Select the Line Space Style Option under Text.
- Click on At Least to change it to Exactly.
This makes the distance between all the lines equal.
|
|
|
Revit's Easter Egg |
|
|
The Easter Egg in Revit is hidden in the same place
whether you have Release 5 or Release 6.
To access it, hold down Control + Alt + Shift and then
select 'About Revit' from the Help menu.
You'll see the list of the entire Revit team.
|
| Quick Links... |
|
|
