A feature that was introduced in previous versions and in 3ds Max 2022 it just got…
My first impression is:
- Rather than SAFER, it makes 3ds Max look like an UNSAFE software, that people can use to ruin your life.
- It does not only prevents embedded code in scenes to run, but also external code.
- The UI gets cluttered with “this” kind of antivirus buttons (wow)
- It DOES NOT provide any benefits or safety, plain truth. DO NOT RELIE ON THIS FEATURE.
- It seems like a waste of development resources, when there are so many other things to improve.
I really could not find positive thing about the new “Security Feature”, but all the contrary.
What could be done then to prevent real malicious code to be embedded or run from a scene file?
- Do not allow scripts to be embedded in scene in first place. Who want to embed a hidden script in a scene after all? Isn’t just that behavior look the scene suspicious?
Just to verify what I stated, here is a silly script showing how dangerous 3ds Max is (it won’t do anything bad to your system, but shows the potential.)
- Run the script, save the file, open the file (it is now an embedded script).
- Select the box and go to the Modify Panel.
I bet we could do the same with controllers and even write a C++ stream to the file and execute it. I wonder how dangerous could that be?
( delete objects bx = box isselected:on def = attributes ca ( rollout params "Malicious CA" ( button bt0 "Create File" width:160 height:24 button bt1 "Delete File" width:160 height:24 local theFile = @"C:\delete_me.exe" on bt0 pressed do ( file = createfile theFile format "file created: %\n" file close file ) on bt1 pressed do ( format "file exist: %\n" (doesfileexist theFile) format "deleted: %\n" (deletefile theFile) ) on params open do ( bt0.pressed() messagebox "Hey, be careful!!\n\nPeople can do malicious things here." doscommand theFile sleep 0.2 bt1.pressed() ) ) ) custattributes.add bx def #unique baseobject:on )
What do you guys think?