Hello
Im new here. so im trying to write a pro-tips question with answers post. Hope it helps. Hope it opens your eyes for safety.
I couldn’t find any subject on security in this forum or GH related so deeming it a business risk, i thought this subject should be part of the forum - but it’s nice to see a unaffected field. Also it would be nice to share any incidents - it might avoid any of us repeating the same mistake! We adapt and hopefully work smarter faster and longer with this in mind - i do so professionally.
Also, I dont want to scare anyone but it’s a serious risk if you download and open a GH file. Not sure your AV will smell it or see it coming - if there’s some obfuscated phyton code that deletes or encodes any files available to the user!
Beware of parametric Greek Horses (i made an animal pun on GH!) as they say.
How?
Im admin of my PC (could be linux or mac - dont know) so i give the right to download and open a gh file in rhino. I can do almost anything on my PC with possibly catastrophic results (not if but when since i download “code” come the net) which might cost you an IT tech budget you’ll regret (assuming you didn’t loose the disk encryption key too - saved on the locked out computer!).
These things really happen!
My experience
I work in a highly secure IT environment since 20 years (no Rhino/CAD anywhere kind of company but equally complex and data rich). My home PC runs Rhino for hobbies.
Trades off between perf and restricting stupid users doing stupid things (at work).
So the message here is:
Im worried about downloading a Grasshopper script that could do bad things on my PC.
What are basic and advanced protection against this?
I would like to share basics of security to avoid disasters:
Use a non-admin user to run Rhino,
- Run Rhino on a VM or via RDP (yuk for perf)
- Restricted file access and Local security lock in (on windoze/nix for example)
- Restrict per project directory (read on all projects but only write on current project directory)
- Backup and serialize changes instead of overwriting the same file - trust me on this.
- AV/FW/fishing user education.
Threats:
- scripts
- save file as path… allowed…
- i haven’t explored yet the rest (like pen testing). But it’s a concern. Yet, i can’t help wonder at the wonderful and amazing examples all over this forum and other videos.
But i was wondering what less intrusive ways exist? (GPOs on windows, cloud vm sessions (yuk))…
Any user methods/rules/discipline to follow you find productive or safer?
What other key factors help avoid disaster in your shop or company (and keep perf to a maximum)?
Obviously any security measure is a recurrent pain and fact of life. Not trying to scare anyone. Just saying it’s happened before in other programs with macros enabled…
Design and prosper
Xavier