Author Topic: Remove XDRX  (Read 2406 times)

0 Members and 1 Guest are viewing this topic.

JohnK

  • Administrator
  • Seagull
  • Posts: 10627
Re: Remove XDRX
« Reply #15 on: January 11, 2024, 11:44:15 AM »
I agree with Kerry, and even Paul. The package screams malware. I can completely understand a non-professional developer focusing on the content only--and putting off developing documentation and packaging--but a package such as this really should have a good clear/honest method for install and removal and good documentation. There seems to have been a lot of work into this package for a very long time, I just don't understand why more time and effort wasn't devoted to making it more polished and rounded.

I'm not a professional--like Paul and others--but my thoughts:
1. I don't know INNO SETUP but every packager I've used, I spent just as much time on the uninstaller as the installer (you MUST keep the system as clean as you can!).
2. I've always spent more time on the documentation then the actual coding. Professionals can chime in here, but I thought that was normal in tool development.

When, Paul (pkohut) made the post--he to linked to above--I expected more of a follow-up. -i.e. That would have gotten my attention, if I were the developer.

On the topic of extending AutoCAD/AutoLisp functionality.
If you want a lisp only library, you have real professional developers here that I'm sure would be willing to chime in on procedures and process on how we, non-professionals, can use to develop our own lisp-based library. The use of other stuff (c#, python, arx, etc) can also be worked in/on/etc (there are tons of ideas, concepts, advice, recommendations, etc. here ripe for the picking), look at all the stuff Dan has been doing with Python! ...ask questions! create conversations!
TheSwamp.org (serving the CAD community since 2003)
Member location map - Add yourself

Donate to TheSwamp.org

domenicomaria

  • Swamp Rat
  • Posts: 724
Re: Remove XDRX
« Reply #16 on: January 11, 2024, 12:40:25 PM »
at this point XDCAD should say something about the many issues mentioned

JohnK

  • Administrator
  • Seagull
  • Posts: 10627
Re: Remove XDRX
« Reply #17 on: January 11, 2024, 12:52:42 PM »
I know XDCAD has stated that the tool(s) are not open-source because of "certain factors" but if the tool(s) were to open-source, that would/could offer up the possibility of TheSwamp members adding and making improvements -building a un/installer, writing documentation, building examples.
TheSwamp.org (serving the CAD community since 2003)
Member location map - Add yourself

Donate to TheSwamp.org

pkohut

  • Bull Frog
  • Posts: 483
Re: Remove XDRX
« Reply #18 on: January 11, 2024, 03:46:08 PM »
Firstly, the body of work XDRX brought us is most impressive. Much respect to you sir.

I look at this from a security point of view and someone living in the US. It is not worth my reputation or job to install software from a suspect source, software from China is very suspect.  From a VM, Chrome complained the file could be malware and sandboxed the file.  Windows Defender complained about the rar fille during the decompression stage.  No further analysis was done.

Even without the above "false alarms", some concerns I would have now, 
  • Can the Chinese government force XDRX to create a special addition?
  • Can the software install a persistent backdoor?
  • Can it weaponize dwg files by adding payloads?
  • How do I know drawings shared with county and state municipalities are safe?
  • How about drawings shared with partners?
  • Are our networks being probed from the inside?


New tread (not retired) - public repo at https://github.com/pkohut

JohnK

  • Administrator
  • Seagull
  • Posts: 10627
Re: Remove XDRX
« Reply #19 on: January 11, 2024, 05:26:42 PM »
Firstly, the body of work XDRX brought us is most impressive. Much respect to you sir.
--->%

I agree with that as well! There is no doubt the XDRX-API must have taken a very long time to develop and seems very impressive.
TheSwamp.org (serving the CAD community since 2003)
Member location map - Add yourself

Donate to TheSwamp.org

Atook

  • Swamp Rat
  • Posts: 1029
  • AKA Tim
Re: Remove XDRX
« Reply #20 on: January 11, 2024, 06:05:36 PM »
Interesting conversation.

pkohut summarized my thoughts on it well. I didn't get as far as downloading the rar files, I smelled malware and noped out.

@xdcad: It seems like a very well developed piece of software, congratulations.

If it's really a gift to the CAD coding community, publish the source, not only will we use it and thank you, we'll even ask to improve it.


xdcad

  • Bull Frog
  • Posts: 484
Re: Remove XDRX
« Reply #21 on: January 11, 2024, 06:38:55 PM »
I know XDCAD has stated that the tool(s) are not open-source because of "certain factors" but if the tool(s) were to open-source, that would/could offer up the possibility of TheSwamp members adding and making improvements -building a un/installer, writing documentation, building examples.

As you said,
1. The XDRX API was developed over the past 20 years as we continued to solve work problems. It is not professional, and I am not a professional programmer. I am an engineer, and my creed is the most Get the job done quickly.

2. Someone quoted a passage in the above. in github, about:
The API of this project is only for personal study and research.
only for personal study and research

Let me explain this sentence first. It was not in github,the above article at the earliest. Because after I came here, some people discussed possible copyright issues and added it later. So, I don’t want to Helping others while causing trouble for myself, just one sentence, sample disclaimer.

3.Speaking of security issues, I said it was a false positive, because there is a SHELL part in the API, and there are third-party libraries that directly read and write EXCEL files. They may have read the code of sensitive directories. Do you believe it is a false positive? , I naturally believe it, because your focus is on whether it can solve your problem. If you don’t believe it, no matter what I say, it’s useless... As a technical person, a simple logic, if I have the ability to do things that endanger safety Do I need to spend so much effort and spend 20 years writing an API for drawing software to do this?

4. I don’t want to say more about other things. If I have time, I might as well write more code for you. The reason why I have written so many applications is that I believe that the best way to learn APIs is by understanding them.

5. My original intention is to help engineers who are looking for efficient work. If you find it useful, use it. If you find it useless or even dangerous, ignore it.

6.I know some friends are worried that because of ARX, I cannot guarantee whether the next version of AUTOCAD will still be usable and will continue to support updates. However, 20 years ago, some people have been asking. I am now using 2004 and 2005. Can AUTROCAD still use XDRX API?

7. Someone mentioned above about open source,
At present, there is no way to open source the ARX part. LISP (including the LISP function library written with API, some of which are 100% open source), you can go to http://bbs.xdcad.net to find more resources. This website is currently It is still inconvenient to post and edit, and there is no way to better classify and publish),
If you are interested in some functions of ARX, you can post a discussion and I will try to reply to it.

8. Everyone is working in technology, and their purpose is to support their families. Therefore, I prefer to focus on how to improve my work. If I make my work more efficient, I don’t have the energy to think about too many "other" issues. I don’t want to be bothered by these “others” either.

9. At present, various BBSs at home and abroad are affected by smart phones, and the discussion atmosphere is not very good. Everyone cherishes it.
« Last Edit: January 11, 2024, 07:59:41 PM by xdcad »
The code I wrote uses XDRX-API,which can be downloaded from github.com and is updated at any time.
===================================
[XDrx-Sub Forum]
https://www.theswamp.org/index.php?board=78.0
https://github.com/xdcad/XDrx-API
http://bbs.xdcad.net

pkohut

  • Bull Frog
  • Posts: 483
Re: Remove XDRX
« Reply #22 on: January 11, 2024, 08:35:48 PM »

3.Speaking of security issues, I said it was a false positive, because there is a SHELL part in the API, and there are third-party libraries that directly read and write EXCEL files. They may have read the code of sensitive directories. Do you believe it is a false positive? , I naturally believe it, because your focus is on whether it can solve your problem. If you donít believe it, no matter what I say, itís useless... As a technical person, a simple logic, if I have the ability to do things that endanger safety Do I need to spend so much effort and spend 20 years writing an API for drawing software to do this?

I would not be able to get buyoff from management to install this on company computers.  Again, from a security point of view, I will not look at this outside of a VM no matter the reassurance that the code is safe. 

What has not been clear is if XDRX is an individual, a team, or a company.  I believe the county of origin is PRC, hence my concern that the government could force future builds have special payloads.

So I am not your target audience.
New tread (not retired) - public repo at https://github.com/pkohut

xdcad

  • Bull Frog
  • Posts: 484
Re: Remove XDRX
« Reply #23 on: January 11, 2024, 10:23:14 PM »

3.Speaking of security issues, I said it was a false positive, because there is a SHELL part in the API, and there are third-party libraries that directly read and write EXCEL files. They may have read the code of sensitive directories. Do you believe it is a false positive? , I naturally believe it, because your focus is on whether it can solve your problem. If you donít believe it, no matter what I say, itís useless... As a technical person, a simple logic, if I have the ability to do things that endanger safety Do I need to spend so much effort and spend 20 years writing an API for drawing software to do this?

I would not be able to get buyoff from management to install this on company computers.  Again, from a security point of view, I will not look at this outside of a VM no matter the reassurance that the code is safe. 

What has not been clear is if XDRX is an individual, a team, or a company.  I believe the county of origin is PRC, hence my concern that the government could force future builds have special payloads.

So I am not your target audience.

This is not a "technical" issue at all ...
Let's keep it simple,

You're wrong, I don't have a target audience
"Giving roses to others leaves a lingering fragrance"
The code I wrote uses XDRX-API,which can be downloaded from github.com and is updated at any time.
===================================
[XDrx-Sub Forum]
https://www.theswamp.org/index.php?board=78.0
https://github.com/xdcad/XDrx-API
http://bbs.xdcad.net

kdub_nz

  • Mesozoic keyThumper
  • SuperMod
  • Water Moccasin
  • Posts: 2135
  • class keyThumper<T>:ILazy<T>
Re: Remove XDRX
« Reply #24 on: January 12, 2024, 03:04:51 AM »
Relating the original question :
For anyone interested, the unins000.exe does not remove everything.
Manual editing of the registry,  trusted path lists, profiles will be required.
Search the registry and configs for XDSOFT.

Not sure if I got everything, but that will do for now.

Regards,
Called Kerry in my other life
Retired; but they dragged me back in !

I live at UTC + 13.00

---
some people complain about loading the dishwasher.
Sometimes the question is more important than the answer.

xdcad

  • Bull Frog
  • Posts: 484
Re: Remove XDRX
« Reply #25 on: January 12, 2024, 12:48:38 PM »
Relating the original question :
For anyone interested, the unins000.exe does not remove everything.
Manual editing of the registry,  trusted path lists, profiles will be required.
Search the registry and configs for XDSOFT.

Not sure if I got everything, but that will do for now.

Regards,

The API will be updated on the 13th. You should be able to uninstall it cleanly.
The code I wrote uses XDRX-API,which can be downloaded from github.com and is updated at any time.
===================================
[XDrx-Sub Forum]
https://www.theswamp.org/index.php?board=78.0
https://github.com/xdcad/XDrx-API
http://bbs.xdcad.net

Jeff H

  • Needs a day job
  • Posts: 6150
Re: Remove XDRX
« Reply #26 on: January 15, 2024, 06:59:29 PM »

3.Speaking of security issues, I said it was a false positive, because there is a SHELL part in the API, and there are third-party libraries that directly read and write EXCEL files. They may have read the code of sensitive directories. Do you believe it is a false positive? , I naturally believe it, because your focus is on whether it can solve your problem. If you don&#38;#38;#38;#38;#38;#8217;t believe it, no matter what I say, it&#38;#38;#38;#38;#38;#8217;s useless... As a technical person, a simple logic, if I have the ability to do things that endanger safety Do I need to spend so much effort and spend 20 years writing an API for drawing software to do this?

I would not be able to get buyoff from management to install this on company computers.  Again, from a security point of view, I will not look at this outside of a VM no matter the reassurance that the code is safe. 

What has not been clear is if XDRX is an individual, a team, or a company.  I believe the county of origin is PRC, hence my concern that the government could force future builds have special payloads.

So I am not your target audience.

This is not a "technical" issue at all ...
Let's keep it simple,

You're wrong, I don't have a target audience
"Giving roses to others leaves a lingering fragrance"
Just finished a BS degree in cybersecurity so have been doing some side work to help some firms to get expierence, but the requirements the US government will be enforcing to meet for lowest security requirement which is just to be able to bill for payment, the software as is would cause you to fail an audit. I understand what mean xcad and not arguing with you, but just in my small world where I work and all the different consulants we deal with, I can not think of one who does not do some government work, which would require a seperate and isolated network with additional workstations without the software to contune to do any government work.
Just adding comment so you understand I can not try out the software which looks awesome and helpful because we do government work because any workstation connected or that will be connected to the network has to meet the security requirements, which will not allow installition and if we override to allow it, them we will fail an audit amd not get paid.
« Last Edit: January 15, 2024, 07:12:23 PM by Jeff H »

xdcad

  • Bull Frog
  • Posts: 484
Re: Remove XDRX
« Reply #27 on: January 15, 2024, 11:44:03 PM »

3.Speaking of security issues, I said it was a false positive, because there is a SHELL part in the API, and there are third-party libraries that directly read and write EXCEL files. They may have read the code of sensitive directories. Do you believe it is a false positive? , I naturally believe it, because your focus is on whether it can solve your problem. If you don&#38;#38;#38;#38;#38;#38;#8217;t believe it, no matter what I say, it&#38;#38;#38;#38;#38;#38;#8217;s useless... As a technical person, a simple logic, if I have the ability to do things that endanger safety Do I need to spend so much effort and spend 20 years writing an API for drawing software to do this?

I would not be able to get buyoff from management to install this on company computers.  Again, from a security point of view, I will not look at this outside of a VM no matter the reassurance that the code is safe. 

What has not been clear is if XDRX is an individual, a team, or a company.  I believe the county of origin is PRC, hence my concern that the government could force future builds have special payloads.

So I am not your target audience.

This is not a "technical" issue at all ...
Let's keep it simple,

You're wrong, I don't have a target audience
"Giving roses to others leaves a lingering fragrance"
Just finished a BS degree in cybersecurity so have been doing some side work to help some firms to get expierence, but the requirements the US government will be enforcing to meet for lowest security requirement which is just to be able to bill for payment, the software as is would cause you to fail an audit. I understand what mean xcad and not arguing with you, but just in my small world where I work and all the different consulants we deal with, I can not think of one who does not do some government work, which would require a seperate and isolated network with additional workstations without the software to contune to do any government work.
Just adding comment so you understand I can not try out the software which looks awesome and helpful because we do government work because any workstation connected or that will be connected to the network has to meet the security requirements, which will not allow installition and if we override to allow it, them we will fail an audit amd not get paid.

In the future, change the packaging program and search on GOOGLE for "inno setup virus". You can see that this packaging program is often misreported.

If you have the ability, you can take out the ARX files inside and package them for use.
The code I wrote uses XDRX-API,which can be downloaded from github.com and is updated at any time.
===================================
[XDrx-Sub Forum]
https://www.theswamp.org/index.php?board=78.0
https://github.com/xdcad/XDrx-API
http://bbs.xdcad.net

It's Alive!

  • Retired
  • Needs a day job
  • Posts: 8693
  • AKA Daniel
Re: Remove XDRX
« Reply #28 on: January 18, 2024, 06:13:53 PM »
the software as is would cause you to fail an audit.

Hi Jeff,
Maybe you can expand on this a bit. I’ve also been known to write closed source software, and I’ve also used INNO setup.

@xdcad, you should run your packages through VirusTotal and report false positives. It passed on other online checkers
I’m not against closed source software, only ignoring open source licenses

Personally, I’m trying to avoid writing to the registry. I must add to %PATH% for my python project. At some point I want to try remove that as well.


xdcad

  • Bull Frog
  • Posts: 484
Re: Remove XDRX
« Reply #29 on: January 18, 2024, 08:57:32 PM »
the software as is would cause you to fail an audit.

Hi Jeff,
Maybe you can expand on this a bit. Iíve also been known to write closed source software, and Iíve also used INNO setup.

@xdcad, you should run your packages through VirusTotal and report false positives. It passed on other online checkers
Iím not against closed source software, only ignoring open source licenses

Personally, Iím trying to avoid writing to the registry. I must add to %PATH% for my python project. At some point I want to try remove that as well.

Thanks, Daniel
Recently, I searched GOOGLE and found that the installation package made by INNO SETUP is often misreported.
I used security software to scan the files after installation alone, and there were no security issues.
The code I wrote uses XDRX-API,which can be downloaded from github.com and is updated at any time.
===================================
[XDrx-Sub Forum]
https://www.theswamp.org/index.php?board=78.0
https://github.com/xdcad/XDrx-API
http://bbs.xdcad.net