[SMacTech]

I started using Little Snitch a few days ago and I am puzzled by some things that it alerts me to when browsing this forum. The alert does not show up on all pages, and I cannot find a reference in the source to the url it is trying to connect too. But if you go to this page Snitch will bring up the alert that it is trying to connect using port 81 to cp16924-a.roose1.nb.home.nl (213.51.169.12). I cannot ping that address or do a traceroute. Is there a webbug in someone's sig? What is going on with this?

[SMacTech]

I figured it out, it is Sniffer's
signature.

[[APi]TheMan]

Why are people so enthralled with Spyware detection on MacOSX? I'm under the impression that Apple doesn't give applications nearly as much to the system as Microsoft does.

Yesterday I was working on cleaning up a friend's system (Dell running WindowsXP) and three of the programs that I uninstalled popped up an Internet Explorer window and loaded each particular company's website asking why I uninstalled. Applications shouldn't know when I trash them, that's ridiculous.

Also, trying to clean up her task bar I was editing various preferences and using msconfig to disable startup of unneeded items. If they didn't have a cryptic name and path (such as something like "CySTCs", who the heck knows what that means? Hello, PC developers, you're stupid), then they simply did not have a preference to not startup.

Windows... bugs me.

[SMacTech]

I am not enthralled with the spyware detection as much as understanding somethings going on under the hood. I have found quite a bit of spyware on the many Windows computers I admin and I found a Mac with a keyboard logger that sent the files to a local machine on our LAN. That person was fired.

[-Q-]

And unfortunately, more and more companies are going towards having some sort of spyware/reg authorization component to their software. Proteron is doing it with Maxmenus and Bias has implemented it recently too. It's a growing epidemic.

From MacFixit
Stopping applications from "phoning home"
Yesterday we reported on an anti-piracy measure which is gaining popularity among developers (using the audio application Bias Peak LE as an example), but can cause problems for legitimately registered users of some applications.

Some applications "phone home" - connect to an authorization server that checks the serial number and in some cases registration information, to verify that the software being installed is legal. The problem is that some applications can incorrectly deny installation of fully licensed software copies, and also transmit private user information.

MacFixIt reader Wes Palmer suggest using the application FireWalk to deny applications access to the network connections:

"You can set the default up to not allow any applications access to the network. When a new application attempts to connect to the network, you can be notified and given the opportunity to allow or deny access to that application. It also checks for applications being changed (e.g. an masquerading as a different one). It does not use, but can be used in conjunction with, IPFW. Support is excellent, and the price is reasonable (US $ 35).

Kevin Lepard suggests using Little Snitch, which allows you to monitor applications' use of network resources, and stop them in their tracks.

"If you're a little more sophisticated, you could monitor your traffic and see what port it's accessing and block it with ipfw, but LittleSnitch makes this really easy. Frankly, I like to know if an application is trying to 'phone home' without my permission or knowledge."

[[APi]TheMan]

Originally posted by SMacTech:
I am not enthralled with the spyware detection as much as understanding somethings going on under the hood. I have found quite a bit of spyware on the many Windows computers I admin and I found a Mac with a keyboard logger that sent the files to a local machine on our LAN. That person was fired.

Understood. I guess I misunderstood your post as another one of the concerned and not so informed Mac users so used to PC spyware horror stories that they blindly assume Mac software implements these techniques as well.

A Mac with a keylogger? Glad you found and fired that person, that's ridiculous. I apologize for my original rant, SMacTech. Keep up the good work.

Originally posted by -Q-:
And unfortunately, more and more companies are going towards having some sort of spyware/reg authorization component to their software. Proteron is doing it with Maxmenus and Bias has implemented it recently too. It's a growing epidemic.

What a shame.

[Bobby]

Why not create a SpyWare monitering program that sends the results to an external source so they can be tracked better???

[besson3c]

ApiTheMan:

For the next time you need to clear Spyware off of a PC, I recommend using Lavasoft's Adaware to do this.

It is nothing short of AMAZING how many spyware components some people have that this program will detect and remove.

http://www.lavasoftusa.com/

[SMacTech]

I use the lavasoft products on all of our PCs regularly. It's amazing how much crap gets installed by just browsing the web and not even installing things.
Bobby : I am not sure I understand your comments. Do you mean install my own SpyWare program to monitor the potential ones being installed and send that info back to me? That's almost as bad as spyware, even though I admin the machines. I have been building a list of dll and .exe that spywares install and use an inventory monitoring program that runs at startup on PCs, so it is kind of spyware. I call it steveware. Before installing any OS X software in production, I want to make sure they are not calling home.

[adamberti]

I think Bobby means to write an app that hijacks the information to be sent and captures it, so you as a user know exactly what was going to be sent. It doesnt make it to the destination, instead the info gets written to a file.

The only problem with that is that some applications (most probably) may not send data untill they confirm over a secure connection that they are talking to the proper host.

So most likely you wouldnt get any info out of those applications.

[darrick]

imho, bobby is making a joke: saying use spyware to track spyware.... lol

[[APi]TheMan]

Originally posted by besson3c:
ApiTheMan:

For the next time you need to clear Spyware off of a PC, I recommend using Lavasoft's Adaware to do this.

It is nothing short of AMAZING how many spyware components some people have that this program will detect and remove.

http://www.lavasoftusa.com/

Hey thanks. I'll go download this on a few of my PC friends' computers just for the fun of it... I'm very interested on how much I can get rid of.

Thanks for the tip.

[yukon]

I really like this program now, much more realistic than me reading through netstat etc all the time.

btw, if any of you run natd, it didn't see it at first on my machine. killed my net and network connections. after a while, it saw natd and allowed traffic.

true, it could be spyware, but i think it's just as dangerous as running ANY closed source program (hint OS X hint ;-). this way, i'm more likely to catch littlebuddy.apple.com next time ;-)

[SMacTech]

CodeTek's Virtual Desktop wants to phone home every time it is launched!!!!
Add another one to the list of apps that are doing this unwanted communications.

[Jerommeke]

Originally posted by SMacTech:
Snitch will bring up the alert that it is trying to connect using port 81 to cp16924-a.roose1.nb.home.nl (213.51.169.12).

That's an IP from @Home, located in North Brabant (Netherlands), most probably in or near Roosendaal

[SMacTech]

I figured it out, it is Sniffer's
signature.

Yes, I figured it out. Some redirection going on, but his sig is coming over port 81, instead of 80.

[nsxpower]

Windows has been plagued by spyware of all forms. By far the worst is this Gator thing, you see it poping up everywhere --- even on legit sites of *decent* companies.

Anyhow, Adaware does a pretty good job of cleaning up WinBoxes. Do note, however, that removing spying componenets from some programs will break them!

As far as items/components installing while browsing (w/o asking). Disable AutoInstall/Setup in your browser and always so NO to certificates that you did not specifically request.

Its OK when M$ Certificae pops up when at Windows Update, but its NOT OK when some random company requests you authorization on some random website (of questinable authenticity) out of the blue.

This whole thing is especially an issue on WinBoxes.

A simpler solution for OS X is to fine tune your Firewall to block all this rubbish Which is not to difficult!

[simonmartin]

Originally posted by nsxpower:
[BA simpler solution for OS X is to fine tune your Firewall to block all this rubbish Which is not to difficult! [/B]

nsxpower,

Come on then. Tutorlial please

Simon