[nychic0013]

I recently got a new Macbook and I am looking for suggestions about what sites people use to download music from. Although it is a Mac I want the safest sites possible (spyware and virus free). Thanks

[slpdLoad]

I use all of them, all at once, all the time.

The rest of the time I buy from iTunes.

[mduell]

iTunes or eMusic.com are pretty much the only choices on a Mac... all of the rest of the sites use Windows Media DRM, which OS X doesn't support.

[C.A.T.S. CEO]

Originally Posted by nychic0013 

I recently got a new Macbook and I am looking for suggestions about what sites people use to download music from. Although it is a Mac I want the safest sites possible (spyware and virus free). Thanks

iTunes. There are no viruses for Mac so you don't have to worry about that.

[JennieR]

Since I live outside the countries where you can buy music from iTunes , I use Acquisition, a P2P network for downloading music. No spyware or adware.

[mduell]

Originally Posted by JennieR 

Since I live outside the countries where you can buy music from iTunes , I use Acquisition, a P2P network for downloading music. No spyware or adware.

And the forum rules say no talking about copyright infringement.

[ghporter]

Originally Posted by JennieR 

Since I live outside the countries where you can buy music from iTunes , I use Acquisition, a P2P network for downloading music. No spyware or adware.

You CAN buy music from iTunes - buy iTunes gift cards (seen them on eBay?) and you can buy music wherever you are.

On the other hand, your assertion that you're not getting spyware or adware through Acquisition is either exceptionally naive or just lucky. ALL P2P networks are used as vectors for spyware, adware, and malware of all forms. If you're using a Mac, you miss 99.99% of that crap-and probably chalk it up to a bad torrent. But it's there and it's a major problem. Quite aside from the fact that we don't support or encourage music piracy here, your post makes it sound like your downloads are both free and safe, which they are not.

[Sherman Homan]

I watched a demonstration about the "human component" in network security. The presenter went on Limewire, on a Mac, and downloaded an mpeg music file. The suggestion for the song was taken at random from the audience. He downloaded it, it was immediately obvious from the file size that is wasn't going to be a song... It was disgusting even for the IT boys club in the audience. My prediction: This is how the first Mac virus will emerge.

[analogika]

Originally Posted by Sherman Homan 

My prediction: This is how the first Mac virus will emerge.

But: Unless it exploits a know security hole (which are generally patched within days/weeks of discovery, so that's a short window for distribution), it will still require the users' password in order to do anything worthwhile.

[Big Mac]

Originally Posted by Sherman Homan 

This is how the first Mac virus will emerge.

First, the file would be pulled from the download service pretty quickly after being identified. And secondly, there's still little chance it would be a Mac virus because Windows will always remain a much better target.

When MP3 downloading first became I popular, I thought it would be a really easy way to circulate viruses. It turns out that doesn't happen very often.

[ghporter]

I agree with Sherman, but I want to add that it won't be a mainstream song, and it won't be identified as a problem quickly. Besides, how well coordinated are the P2P originators at removing identified malware? I know that there are a huge number of pretty well known seeders that Windows users (those that think, anyway) stay away from like the plague because odds are that even if a file IS a song, it's been corrupted. The whole "stand in a circle and sing folks songs" attitude a major part of the Mac community has about "information should be free" IS going to backfire on a lot of very trusting souls. The big, bad Internet isn't a "free information paradise." It's a swamp, and you have to watch your step to keep from stepping in quicksand or some ugly animal's poo. These forums are a good example of a nice high spot in the swamp-we're pretty dry and free from poo, but leave here and you need to be very cautious.

[mduell]

Originally Posted by analogika 

But: Unless it exploits a know security hole (which are generally patched within days/weeks of discovery, so that's a short window for distribution), it will still require the users' password in order to do anything worthwhile.

Does "rm -rf ~username/*" throw a password prompt? I don't think so.

[ghporter]

Is it so easy to harvest a username that a script with that line would be effective?


Oh, and I'm finally getting around to thinking about moving this thread. It's not at all hardware specific, so it doesn't belong in the MacBook forum. The Lounge? This is such a squirrelly thread that it's hard to decide.

[analogika]

Originally Posted by mduell 

Does "rm -rf ~username/*" throw a password prompt? I don't think so.

Notice that I said "anything worthwhile".

If you can explain to me how it is even in the *slightest* "worthwhile" to delete some poor schmuck's home folder, I'm all ears.

No recognition. No headlines. No propagation. No control. No money.

As I said in another thread, it's like opening a jar of soup, peeing in it a little, and putting it back on the shelf in the supermarket.

I'm sure there's one or two people who'd get a kick out of doing that in a prankster-sort-of way.

But beyond that, a completely pointless exercise.

[analogika]

Originally Posted by Sherman Homan 

I watched a demonstration about the "human component" in network security. The presenter went on Limewire, on a Mac, and downloaded an mpeg music file. The suggestion for the song was taken at random from the audience. He downloaded it, it was immediately obvious from the file size that is wasn't going to be a song... It was disgusting even for the IT boys club in the audience. My prediction: This is how the first Mac virus will emerge.

Another thing:

Have you ever downloaded an application and then double-clicked it after installing?

Even the dumbest user is going to go "huh?" if the mp3 he just downloaded throws up a dialog box that says "You are opening the application 'Bar-Kays_-_Holy_Ghost_(Extended).mp3' for the first time. Are you sure you want to do this? Only click 'Yes' if this application comes from a trusted source." or some such, don't you think?

Let alone ask for a password.

(BTW that song is a nice example, since the extended version was, AFAIK, never released on CD...)

[Sherman Homan]

analogika, I completely agree, and it is not a mistake you or I would make. However, you must know people who will whack the enter key without reading or thinking about it.

[analogika]

Yeah - especially Windows switchers, who aren't used to dialog boxes actually *meaning* things.

But as the original poster himself proves, enough people ARE aware of the potential risks associated with downloading stuff off "questionable" sources that it's unlikely this will ever become a widespread problem.

[mduell]

Originally Posted by analogika 

Notice that I said "anything worthwhile".

If you can explain to me how it is even in the *slightest* "worthwhile" to delete some poor schmuck's home folder, I'm all ears.

No recognition. No headlines. No propagation. No control. No money.

As I said in another thread, it's like opening a jar of soup, peeing in it a little, and putting it back on the shelf in the supermarket.

I'm sure there's one or two people who'd get a kick out of doing that in a prankster-sort-of way.

But beyond that, a completely pointless exercise.

Actually yes, a virus that deletes your files made headlines 3 years ago. And released just earlier this month, a virus that deletes your MP3s and made headlines. Instead of deleting your files, the virus could encrypt or subtly corrupt your files and demand payment to undo it.

Corrupting or attacking the OS isn't really valuable, since it can be easily restored off the install media. But too many idiots don't keep backups of their files, which are very valuable to them.