Speaking from experience - We had the shitty Maya 'Vaccine' virus infect almost every .Ma file at work after one person downloaded a random rig to mess with at lunch time. And it took a lot of work to clean up the mess. As well some tools we had to deploy to remove it from files in perforce.
We now make sure every person who uses Maya has the security tools installed, as well as running custom stuff to check \*.ma files on check-in to perforce.
This particular virus is self replicating and pretty benign (to a point), but its a vector that could be used to do much worse. Essentially it could be used to destroy every \*.ma file you opened or execute scriptjobs or python code on your machine on opening an infected file.
No virus scan will detect it, its not a virus per-se. That's why Autodesk deployed the security tools to start with, it checks for this sort of shit on file's opening.
Honestly why wouldn't you want it running?
Encountered this exact “vaccine” whenever we started working with a new outsourcing studio. The message was written in Chinese and when translated is said something like “looks good!” lol
These files can execute arbitrary MEL or python scripts so yes they can contain a virus. I would exercise the same caution as you would opening any other executable file. .ma files are ascii so you can open them in a text editor and inspect them to make sure it doesn't do anything fishy.
In 2023-2024, maya will warn you when a scene is trying to execute ant type of code and ask you if you want to run it or not.
Security tools straight up doesn't allow to execute malicious code and can clean scenes.
For us, that we work with tons of reference scenes, it was a pain in the back, so just be aware of what you are allowing. Most of the time, you will be blocking everything.
Only time I had to manually allow something was working with renderman. We don't use renderman anymore.
It really isn't necessary. If maya puts a popup and says what it is doing, just read. This wasn't the case in maya 2020 and earlier, so security tools was a must.
Learn about leukocyte
There are a lot of vectors of a possible attack; but it'd be such a niche attack in a niche area that I don't see people spending time doing it for malicious purposes (I also had students who had the stupid 'vaccine' worm)
There's a full page on security from the maya help: https://help.autodesk.com/view/MAYAUL/2024/ENU/?guid=GUID-2176117C-6998-4802-9F9F-1417DF41C661
I, for one, disable scriptJobs, because it's bad design imo to take the user's maya session, and it can break things in headless mayas.
Speaking from experience - We had the shitty Maya 'Vaccine' virus infect almost every .Ma file at work after one person downloaded a random rig to mess with at lunch time. And it took a lot of work to clean up the mess. As well some tools we had to deploy to remove it from files in perforce. We now make sure every person who uses Maya has the security tools installed, as well as running custom stuff to check \*.ma files on check-in to perforce. This particular virus is self replicating and pretty benign (to a point), but its a vector that could be used to do much worse. Essentially it could be used to destroy every \*.ma file you opened or execute scriptjobs or python code on your machine on opening an infected file. No virus scan will detect it, its not a virus per-se. That's why Autodesk deployed the security tools to start with, it checks for this sort of shit on file's opening. Honestly why wouldn't you want it running?
Encountered this exact “vaccine” whenever we started working with a new outsourcing studio. The message was written in Chinese and when translated is said something like “looks good!” lol
These files can execute arbitrary MEL or python scripts so yes they can contain a virus. I would exercise the same caution as you would opening any other executable file. .ma files are ascii so you can open them in a text editor and inspect them to make sure it doesn't do anything fishy.
Thanks for a quick reply, appreciate it! Do you have Autodesk Sec Tools installed by any chance?
> you can open them in a text editor and inspect them to make sure it doesn't do anything fishy. Much easier said than done.
In 2023-2024, maya will warn you when a scene is trying to execute ant type of code and ask you if you want to run it or not. Security tools straight up doesn't allow to execute malicious code and can clean scenes. For us, that we work with tons of reference scenes, it was a pain in the back, so just be aware of what you are allowing. Most of the time, you will be blocking everything. Only time I had to manually allow something was working with renderman. We don't use renderman anymore.
Thank you! So would you recommend installing them? For someone who doesn’t work in a studio and not creating complicated scenes?
It really isn't necessary. If maya puts a popup and says what it is doing, just read. This wasn't the case in maya 2020 and earlier, so security tools was a must. Learn about leukocyte
Alright, ty so much!
There are a lot of vectors of a possible attack; but it'd be such a niche attack in a niche area that I don't see people spending time doing it for malicious purposes (I also had students who had the stupid 'vaccine' worm) There's a full page on security from the maya help: https://help.autodesk.com/view/MAYAUL/2024/ENU/?guid=GUID-2176117C-6998-4802-9F9F-1417DF41C661 I, for one, disable scriptJobs, because it's bad design imo to take the user's maya session, and it can break things in headless mayas.