[bgotori]

Hey All

I've read and seen on all the Mac boards that I visit, that OS X automatically blocks all the ports so no WebSite can open them and check you out.

Well this ISN'T TRUE...

One of the Lab kids I work with, started getting all this Porn Ads in her E-mails... She like me is running OS X 10.3.7. She said she only let her Boyfriend us it when his XP machine crashed and he had a grant do... Well I look at the WebSites that were visited from her Cookies and Cache... From some Porn Sites on them. I asked her if she new anything about this, and her answer was NO... She Called her Boyfriend, he said No at First, but later after some prodding he said he did...

Well I then visited those WebSites with my Pismo to see if they were the cause, three of them were the problem... I Run the Internet Clean-up program, that everyone says is like kind of SpyWare... Well it asked me if I wanted to allow Port 80, and so on to allow a connect, I said NO. Well as of today I haven't gotten any Porn E-mail, that was 3 week ago that I did this...

So Whats Up with this...


Have Great Holiday's!!!

Brad

[shiny]

If I am not mistaken, Port 80 is the regular port used for internet traffic. If you block port 80 incoming, you can't surf the internet.

Besides, the porn in the email has less to do with which port is open than the websites that she has or her boyfriend has given her email address to.

Originally posted by bgotori:
Hey All

I've read and seen on all the Mac boards that I visit, that OS X automatically blocks all the ports so no WebSite can open them and check you out.

Well this ISN'T TRUE...

One of the Lab kids I work with, started getting all this Porn Ads in her E-mails... She like me is running OS X 10.3.7. She said she only let her Boyfriend us it when his XP machine crashed and he had a grant do... Well I look at the WebSites that were visited from her Cookies and Cache... From some Porn Sites on them. I asked her if she new anything about this, and her answer was NO... She Called her Boyfriend, he said No at First, but later after some prodding he said he did...

Well I then visited those WebSites with my Pismo to see if they were the cause, three of them were the problem... I Run the Internet Clean-up program, that everyone says is like kind of SpyWare... Well it asked me if I wanted to allow Port 80, and so on to allow a connect, I said NO. Well as of today I haven't gotten any Porn E-mail, that was 3 week ago that I did this...

So Whats Up with this...


Have Great Holiday's!!!

Brad

[TETENAL]

By default no services are running, so Mac OS X is safe by default. Ports are only blocked if the Firewall is turned on. You don't get spam from visiting porn sites.

Originally posted by bgotori:
I Run the Internet Clean-up program, that everyone says is like kind of SpyWare...

I don't understand this sentence. What did you do?

[spiky_dog]

a small bit of knowledge without comprehension is both a dangerous thing, and annoying to read about

[Fusion]

Originally posted by spiky_dog:
a small bit of knowledge without comprehension is both a dangerous thing, and annoying to read about

[Earth Mk. II]

OS X ships with all services disabled. That means that no ports are open by default - which is entirely different from having all ports blocked or filtered.

The spam (porn in this case) is probably coming from someone submitting their e-mail address to the sites, and has nothing to do with what ports are open.

PEBKAC.

[Tick]

Hey look, a bunny, with a pancake on its head:


http://images.google.com/images?q=pa...a=N&tab=wi

[yukon]

Lol, that was weird to read. Agreed with the knowledge thing and the pancake-headed bunny.

Suffice to say, the things you think follow from another, don't. OS X is safe default, as it isn't _serving_ anything. Spam isn't an attack (in the traditional sense). Macs do not make Spam go away, but mail.app has a nice filter. Macs do not make pop-ups go away, there's a preference in safari (in the /Applications folder), www.iCab.de , www.mozilla.org, www.omnigroup.com 's omniweb, and www.mozilla.org 's firefox, that you can set to remove pop ups. There is no spyware to speak of on the MacOS (what there is, it is no longer in circulation, limeshop), you may be thinking of one of the many spyware removal programs on Windows, such as http://security.kolla.de 's spybot, or maybe LittleSnitch as you seem to be talking about blocking port 80 via this software.

[Millennium]

Originally posted by TETENAL:
You don't get spam from visiting porn sites.

If you give them your e-mail address, then certainly you will get spam from them. Soundsto me like we're dealing with a truly idiotic boyfriend here.

Either way, OSX has no ports open for listening by default. Although this is not quite the same thing as blocking them, the end results are basically the same: no machine on the Internet can connect to yours.

Well I then visited those WebSites with my Pismo to see if they were the cause, three of them were the problem...

How did you figure out that there were three of them?

I Run the Internet Clean-up program, that everyone says is like kind of SpyWare...

What program is this? Could you provide a link, please?

Well as of today I haven't gotten any Porn E-mail, that was 3 week ago that I did this...

I'd imagine you didn't give your e-mail address to anybody. That would explain why you didn't get any porn spam.

It sounds to me like this boyfriend hasn't been entirely honest about his activities.

[spauldingg]

In general, you don't need to give your email to porn sites to get porn spam. Other seemingly legit sites that you may not mind giving your email address to may sell or trade addresses. Always check out a websites privacy policy, and if they don't have one, then don't deal with them, nor give an email address.

[TETENAL]

You don't need to give out your e-mail address to anyone to get spam. Spammers will just mail to any thinkable e-mail address.

[spauldingg]

True, but "real" addresses have more value. Also, never click the "remove me from your list" link in an email, that just verifies you're human, and puts you on the A list.

[msuper69]

Originally posted by Earth Mk. II:
...
PEBKAC.

ID 10 T error.

[Big Mac]

Originally posted by spiky_dog:
a small bit of knowledge without comprehension is both a dangerous thing, and annoying to read about

my thoughts exactly!

[bgotori]

Hey Millennium

The Internet Clean-up program is a Program by Allume, it runs all the time(Boot-up)and checks the ports and IP's that are being accessed by any server thats trying to connect to your computer or your trying to connect to. It runs a program that called knsard, and nsapAgent if you bring up the Activity Monitor... Some people call these a SpyWare thing...

As far as giving out an E-mail Address, I Really Don't think so... Especially off her computer, and he didn't clean the Cache or Cookies out. As far as knowing how to do that, well he runs the one of Med Labs(UCLA Medical)computer sites, so I believe he would know how to do that if he thought it was important... Plus wouldn't it be going to the E-mail address he would submitting and Not hers???

Also were on a different IP's...

The Porn sites he brought up were just Pic Sites... No membership required(Free Sites)... from what I saw.

Well I put the Allume program on her LapTop and will see...

The Allume Program showed that it was sending out a connect to a few WebSites about 8 four different ports that OS X wasn't blocking, but since it was started by her laptop I guess it wasn't supposed block them.

The Sophos-Anti Virus I loaded on her laptop found 12 Viruses and 4 Spyware Programs, the Allume also found the same SpyWare programs, but Not the Viruses. But I don't know if they were all cause by him. Sophos-Anti Virus is a Program that any UCLA Student or Fac can load and get Free updates all the time it runs in the Backround and checks the updates depending on the setting you have set them to. I have all my computers check once very hour.

Crap... had them written down but can find the paper... If I find it I'll pass them on.

As far a him being truthful he's a lapboy to her, doggy fetch the stick kind of thing... So I can't see him Not being honest to Her...hahaha


Thanks!!!

Brad

[bmedina]

You do know that you'll get porn spam even without giving your email address to anyone, yeah?

[Anubis IV]

Originally posted by bgotori:
<snip>
The Sophos-Anti Virus I loaded on her laptop found 12 Viruses and 4 Spyware Programs, the Allume also found the same SpyWare programs, but Not the Viruses.
<snip>

We ARE talking about a Mac computer, right? One that is running OSX? I mean, I know you said that earlier, but I guess I want to hear it again since as far as I know there are not that many viruses in existence for Mac OSX (except in labs, perhaps). Sounds to me that something is a bit fishy here.

Anyway, if any ports were open they would've had to have been manually switched to being open by an admin. As has already been said, by default they are not open.

[PurpleGiant]

Originally posted by bmedina:
You do know that you'll get porn spam even without giving your email address to anyone, yeah?

Exactly what I was thinking. An email from a porn site has nothing to do with blocked ports, firewalls and the like. It's just spam, you delete it and move on with your day.

[Chuckit]

There have been two "viruses" (they were pretty pathetic little things, but that's what people called them) and one spyware program for Mac OS X Any more "viruses" are almost certainly Windows bugs that came in the mail and aren't really capable of doing any harm.

Anyway, I don't know how you imagine these sites were able to tell the e-mail address just through an http request. It doesn't make much sense to me either.

[Tick]

This sounds pretty plausible. Anyone can install anything they want with admin rights. Just insert your admin password here.

"HEY, HONEY... BRING ME A BEER. OH YA, WHAT'S YOUR "ADMIN PASSWORD" thingy?!"


And boom, software is there. Someone could make some random software, post it on vt and mu, and it's out there ready for the taking. Not only that, but since most of the mac community in general is pretty secure in itself, there is a ideal of "it doesn't hurt to try x software because os x is secure" is a general thing now, anyone could use that to install random extra software on people's machines.


Spyware and viruses are a real possibility with os x. All you have to do is convince someone to run it

Just a thought

[bgotori]

Hey Millennium

What I quoted as Viruses where things that were download, that Sophos Anti-Virus said was a Virus, but I checked my backlog of them and there extention was .php looking this up its something that is a XP thing from what I've been told, but they did know what it could be... The others were programs that were downloaded that were Widows SpyWare, and Viruses... Funny if eveything was blocked how did it get active for the downloads if I didn't activate them...


Have Great Holiday's!!!

Brad

[goMac]

There is no spyware for Mac. My mom gets porn ads in her email all the time, and I doubt she goes to porn sites. What those cleanup programs you are running are most likely finding are cookies, which just save information from web sites and are not spyware and can't harm your machine. Finally, OS X ships with the firewall off, because Windows viruses do not work on Macs, for a variety of technical reasons.

In short, the computer probably doesn't have any spyware. Most likely your friends email is just having the same problems everyone else's is these days.

[bgotori]

Hey Chuckit

Yea, the Viruses were Windows things...

It also seemed funny to me that these WebSites had the ability to access her computer and download her E-mail address, I've been told that in Windows it pretty easy to get all that info off them...

Sophos Anti-Virus runs up to now 62 Virus extentions for OS X, plus all the Windows ones, from what Ive seen... Even though it doesn't effect us we could be spreading this through our E-mails if thats possible... This would not be good for people like me, I deal with NIH, NCI and all the other Cancer Labs throughout the country... We up load and download there data and send tons of E-mails back an forth... Most of these guys are using XP on there LapTops... Wish they'd convert to OS X or Linux or...


Have Great Holiday's!!!

Brad

[Tyler McAdams]

You have a firewall yes, but any time you execute and outgoing request it can be the equivalent of breaking your firewall. For example you open your web browser and want to load a site. This communication is done on port 80. The traffic is routed and the requested information comes in. This does not mean that there is no possible exploit just because you've got a firewall. For example the .jpeg buffer overflow exploit on windows that was found about a month ago... you send an outbound request for a website... the website has infected jpgs... the jpgs make it to your unpatched windows box (or whatever box) by the transmission of the webpage... now you've got an infected machine AND a false sense of security.

The bottom line is that firewalls work to defend *unrequested* inbound traffic... but that's about it. There are firewalls that govern outbound traffic or plugin apps like "little snitch" that monitor the same but this is not how the default firewall in OS X works. It simply blocks incoming traffic on your system.

So there are really hundreds of things to watch out for... if you're going to keep a port open you need to know that. You also need to know that if you keep AIM on all the time or any other application that produces outbound traffic. It is essentially another exploit on your box waiting to happen. I recommend a host of things to protect your system... like little snitch, a good firewall (I like firewalkX), snort (you could use henwen) virus protection and a good, patched system/patched applications. Some people think it's overkill but it's not at all. Just know that the only protected system is a system that is not connected to the network, and the only safe service is a firewalled, disabled one or better yet an uninstalled service... OS X disables all serivces by default but does not start the firewall... once your system is broken in to, any of these serivces can be enabled and used against you... you might have heard of this type of exploit as a "rootkit".

[Amorya]

Originally posted by Chuckit:
There have been two "viruses" (they were pretty pathetic little things, but that's what people called them) and one spyware program for Mac OS X Any more "viruses" are almost certainly Windows bugs that came in the mail and aren't really capable of doing any harm.

Anyway, I don't know how you imagine these sites were able to tell the e-mail address just through an http request. It doesn't make much sense to me either.

I don't think there have been any viruses. There have been a few pathetic little trojans - is that what you're thinking of?

Amorya

[Chuckit]

Originally posted by Amorya:
I don't think there have been any viruses. There have been a few pathetic little trojans - is that what you're thinking of?

As I said, that's just what the panicky masses called them. I'd call them "pretty funny if their creators actually thought they were making decent malware."

[bgotori]

Hey Tyler McAdams

Nice write-up!!! You must do this for a living.

Funny seems like lots of people Don't seem to know this, but there ALL EXPERTS...hahaha

My kid has a PowerBook came back for the Holiday's. I loaded the Sophos-AntiVirus program on his machine, it found and destroyed 900 plus things and freed almost 10mb's of space... Even though they don't seem to work they do take up space. Now he can wait to upgrade or get a New PowerBook when the G5's come out. He's got loads of games, and DVD kind of stuff for his Movie Making.


Have Great Holiday's!!!

Brad

[bgotori]

Hey All

I was Wrong about the .php things that Sophos-Anti-Virus found... they weren't .php extentions but something else... Getting Old, and Now I can seem to remember the extention... I wrote that when I should have gotten some sleep... Sorry About That!!!


Have Great Holiday's!!!

Brad

[bgotori]

Hey Chuckit

It might have seemed lame, but he got it on the Computers... Thats a BAD START, for Problems, and just the First I would assume...


Have Great Holiday's!!!

Brad

[Chuckit]

Originally posted by bgotori:
It might have seemed lame, but he got it on the Computers... Thats a BAD START, for Problems, and just the First I would assume...

If you allow your computer to be hacked in the first place, all bets are off. That doesn't make viruses a legitimate threat to Mac users. (No matter what people say about how there's "potential" or whatever, they aren't a threat right now. I've only ever heard of one person who got a virus for OS X.)

[Amorya]

Originally posted by Chuckit:
As I said, that's just what the panicky masses called them. I'd call them "pretty funny if their creators actually thought they were making decent malware."

Sorry - misread.

Amorya

[DeathMan]

this has to be a troll.

[Angus_D]

Originally posted by DeathMan:
this has to be a troll.

or an idiot.

[Tyler McAdams]

Originally posted by bgotori:
Hey Tyler McAdams

Nice write-up!!! You must do this for a living.

Funny seems like lots of people Don't seem to know this, but there ALL EXPERTS...hahaha

My kid has a PowerBook came back for the Holiday's. I loaded the Sophos-AntiVirus program on his machine, it found and destroyed 900 plus things and freed almost 10mb's of space... Even though they don't seem to work they do take up space. Now he can wait to upgrade or get a New PowerBook when the G5's come out. He's got loads of games, and DVD kind of stuff for his Movie Making.


Have Great Holiday's!!!

Brad

I *do* do this for a living... And I would highly suggest buying little snitch (I think $25) and downloading henwen (it's free)

When you first install little snitch you'll see all sorts of network activity that you more than likely did not even know about... system communications... applications dialing home... etc. LS has a broad range of settings to get your system communicating the way YOU want it to and not the way greedy software developers want. You might ask if you can even trust that product... I think you can.

Also snort via henwen will give you tons of settings and a log that you can check to see what types of communications are going on... file sharing, porno...etc It's almost like spyware that you control yourself. You'll be able to tell exactly what's been going on on your box as log as you don't tell anybody about it (don't run letterstick, the other app that comes with henwen.. it will give alerts in realtime to whoever's on the box) Hide the henwen app somewhere on the hard drive and check the logs when you suspect something. It also defeats all sorts of intrusion attempts and thus works in concert with other security software on your box like antivirus, little snitch, firewall...etc

[wadesworld]

the way YOU want it to and not the way greedy software developers want.

That's a little over-the-top, don't you think?

Most software only phones home to check on new version availability.

Most software developers are neither greedy nor rich.

Wade

[Tyler McAdams]

Originally posted by wadesworld:
That's a little over-the-top, don't you think?

Most software only phones home to check on new version availability.

Most software developers are neither greedy nor rich.

Wade

I don't usually reply to people who can't supply empirical evidence to their claims but let me ask you this... Do you want you're software to phone home? Is that the extra feature you're looking for in all your software? Is that the question you ask yourself when you're about to buy a piece of software for your computer? "Hmmm I would buy this word processor, but damn! It does not phone home to let everybody know my computer specs and my favorite color... all my favorite sites and what I'm using it for!" Do you really want to make the extra effort, or let them do this without your permission or even w/o asking you for the option while installing? Were you even told it would? Bill Gates is a software developer and most good software developers are very well paid. You'll have to give me an example... I'm sorry, you've lost me. A lot of my friends are software developers and are all in 6 figures... maybe you're a level of income above me.

You of all people here need little snitch.. once you see how many programs you take for granted start making unrequested communications you might start to wonder if this is really needed. Patching software is one thing.. putting your entire life on display for an entire company to make a marketing, statistical regression, pig picking Bar Be Que out of is another thing. I buy all my software and I'm glad to say I don't own any pirated, downloaded, warzed out crap on my computer. I should at least be told of the option is my point. In fact I don't care and have given permission to most of my apps that do this... because I really have nothing to hide but I still feel that this is easily exploitable and software today is already easily exploitable enough and in a lot of cases it's exploitable by design... And I can think of absolutely NO reason to *encourage* this w/o first being made aware that the app behaves as such.

[TETENAL]

Originally posted by Tyler McAdams:
Do you want you're software to phone home?

Update notifications are a useful feature, yes.

[Tyler McAdams]

Originally posted by TETENAL:
Update notifications are a useful feature, yes.

For you. Not for me. That's my position and I respect yours. My solution is little snitch. That's as deep as it goes and that's where it stays and where it will continue to stay.

[Gavin]

Originally posted by bgotori:

Plus wouldn't it be going to the E-mail address he would submitting and Not hers???

Not if he wanted to get in quickly and had no way of checking his own email. Most sites, including macnn, verify your email address by sending email to it with a link you have to click. It's her computer so why not use her address? He can check it easily and, boom, he's in.

The Allume Program showed that it was sending out a connect to a few WebSites about 8 four different ports that OS X wasn't blocking, but since it was started by her laptop I guess it wasn't supposed block them.

Port blocking is generally for things trying to get in, not you (or software you are running) trying to get out.

I don't think OS X actually 'blocks' any ports. It simply doesn't have anything listening to any ports waiting to answer. If you want your computer to respond to the outside you have to set that up on purpose. In other words the web server, remote log in, file sharing, etc. are all off by default.

The Sophos-Anti Virus I loaded on her laptop found 12 Viruses and 4 Spyware Programs, the Allume also found the same SpyWare programs, but Not the Viruses. But I don't know if they were all cause by him.

If she gets spam sent to her, she gets viruses sent to her. The virus checker may have found attachments in her junk mail box. This is email waiting to be deleted, not a virus that managed to install itself, there's a big difference. I bet I have one or two in mine right now but they are not a threat to me, they may cause problems for windows users if I forwarded it to them though.


Anyway, her address could have been compromised in many ways. Maybe her mom's computer had some spyware that sent the contents of her mom's address book to a spammer.

Ever get one of those messages forwarded to you with that joke or cute cat pictures? The one with a hundred people cc'd? One of those people in the list sent it on to a spammer, with your email address and everybody else's too.

The spammers sell lists of addresses to each other. Once you've been picked up you're screwed.

So the boyfriend's porn excursion and the girlfriend's porn spam could be totally unrelated.

If she hasn't had any since it could just be that her spam filter has learned to spot it.

[Gavin]

Originally posted by bgotori:
My kid has a PowerBook came back for the Holiday's. I loaded the Sophos-AntiVirus program on his machine, it found and destroyed 900 plus things and freed almost 10mb's of space... Even though they don't seem to work they do take up space.

Sounds like he needs to clean out his junk mail folder more often.

Also lots of times you'll find viruses and trojans disguised as something else on your seedier websites, message boards, music file sharing, etc. The link says .jpg or .mp3, but it's really a .exe

I wonder just how much porno, music and funny videos of guys lighting themselves on fire you can download in a semester.

[Chuckit]

Originally posted by Tyler McAdams:
I don't usually reply to people who can't supply empirical evidence to their claims but let me ask you this... Do you want you're software to phone home? Is that the extra feature you're looking for in all your software? Is that the question you ask yourself when you're about to buy a piece of software for your computer? "Hmmm I would buy this word processor, but damn! It does not phone home to let everybody know my computer specs and my favorite color... all my favorite sites and what I'm using it for!"

As somebody who develops inhouse software and is currently working on a project for wide release, I'm going to have to ask where the empirical evidence for this is. I understand that some developers are unscrupulous, but I think most of the major Mac software companies are pretty reputable. Just because software wants to phone home doesn't mean it's telling people the last four digits of your Social Security number and your mother's maiden name. I don't really like the insinuation. Quite frankly, Google's cookie is probably more invasive than most programs get.

[Tyler McAdams]

Originally posted by Chuckit:
As somebody who develops inhouse software and is currently working on a project for wide release, I'm going to have to ask where the empirical evidence for this is. I understand that some developers are unscrupulous, but I think most of the major Mac software companies are pretty reputable. Just because software wants to phone home doesn't mean it's telling people the last four digits of your Social Security number and your mother's maiden name. I don't really like the insinuation. Quite frankly, Google's cookie is probably more invasive than most programs get.

9

Do you trust all and every application you download? Why is there a patch for broken software? How far do you trust people you don't know?