| Author |
Topic: online via ITunes8 w/o protection? |
Phil Halton
From:
Holyoke, Massachusetts, USA
|
Posted 27 Jul 2009 9:56 am |
|
I have installed ITunes8.2.1 (latest ITunes) on my DAW, which has virtually no internet protection software installed -- I never go online with the DAW. Now, can I safely access the Apple online ITunes store via the built-in ITunes app? I won't be using the IE browser, just accessing ITunesStore via the ITunes app.
Its just my screwy luck that the computer I use to access the web won't install ITunes8 for some reason, but it installs and works just fine on the unprotected DAW machine. |
|
|
 |
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 27 Jul 2009 3:31 pm
|
|
Phil;
You posed an interesting question: "is it safe to go on the Internet with my Digital Audio Workstation with just iTunes reaching out?"
The answer really depends on a couple of factors. I will post the conditions and you must meet them to be safe.
To safely allow the DAW to connect to the Internet you must...
- Have a software or hardware firewall (e.g. router) between the public Internet and the modem used to get online. Plug that PC directly into a modem, without an incoming firewall, and it will be compromised in less than 60 seconds.
- Make sure that no other applications, other than iTunes and Apple Software Update are trying to access the Internet from that PC.
- Install Apple Software Update and set it to automatically check for updates daily.
- Keep iTunes patched to prevent remote exploitation.
- If you have a software firewall, like ZoneAlarm, or the XP firewall, deny Internet access to Internet Explorer and Outlook Express, or, raise the security slider for the Internet Zone to the highest (most secure) setting to disable ActiveX, Java and active scripting.
- Turn ON Automatic Windows Updates and set them to notify only.
- In case you do need to go to any websites, please install the latest version of Firefox and allow it to check for updates automatically (Allow MSIE temporarily to download Firefox).
- Do not install Adobe Flash Player (uninstall any existing versions)
- Do not install Adobe Reader (uninstall any existing versions)
- Do not install Apple QuickTime, or uninstall if present.
- Do not install Winamp or Real Player
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Phil Halton
From:
Holyoke, Massachusetts, USA
|
Posted 27 Jul 2009 4:17 pm
|
|
Thanks Wiz,
A few of those are deal breakers for me, like not installing Winamp--its a big part of my DAW. Also, Apple QuickTime is an integral part of ITunes I believe, its bundled in with ITunes.
It might be best for me to hold my nose and install some firewall and AntiVirus software on the DAW. Although, I plan to use the ITunes store very spareingly, and I would want the least intrusive AV and Firewall software--something that I could turn off when not online.
I currently use AVG InternetSecurity Version 8.5 and don't really want to install it on the DAW because its "always on" and can't really be turned off while not online as far as I know.
Could you make some recommendations for a suitable firewall and whatever protection software I could get by with without bogging this Fine DAW down with alot of protection software? |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 27 Jul 2009 9:43 pm
|
|
| Phil Halton wrote: |
I currently use AVG InternetSecurity Version 8.5 and don't really want to install it on the DAW because its "always on" and can't really be turned off while not online as far as I know.
Could you make some recommendations for a suitable firewall and whatever protection software I could get by with without bogging this Fine DAW down with alot of protection software? |
Phil;
Why don't you try Avira AntiVir Free? It protects against viruses and some spyware and the AntiVir Guard realtime module can be enabled or disabled by right-clicking on its tray icon.
ZoneAlarm makes a free software firewall that you can configure completely to your liking. Read the help manual that ships with it, or read the online FAQ's.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
b0b
From:
Cloverdale, CA, USA
|
Posted 28 Jul 2009 7:51 am
|
|
ZoneAlarm will issue an alert when any program tries to access the internet. You can easily set it to only allow iTunes and Apple Software Update. When Apple Software Update updates iTunes, ZoneAlarm will see iTunes as a new application requesting access, and ask you if you want to allow it.
Using ZoneAlarm, you can easily deny WinAmp and QuickTime access to the internet. I think that the free version of ZoneAlarm is all you need. Since you you aren't receiving email or even browsing the Internet on this machine, you don't need to scan for viruses or anything like that.
ZoneAlarm can be turned off easily, but I wouldn't turn it off if the network cable is plugged in.
A small disclaimer: Wiz is more cautious than I about these things. If he disagrees with me, take his advice, not mine!
_________________
-𝕓𝕆𝕓- (admin) - Robert P. Lee - Recordings - Breathe - D6th - Video |
|
|
|
Phil Halton
From:
Holyoke, Massachusetts, USA
|
Posted 28 Jul 2009 8:25 am
|
|
Okay thanks,
I just downloaded the ZoneAlarmSetup.exe file and it was only 265KB -- did it twice thinking it was a download error. Is this "cloud" installation or something? I guess I just run it from the unprotected machine cause it'll probably want to go online for setup files?
Also, have you heard of "DropMyRights" from Microsoft? it's a method of running internet-facing programs like IE MS outlook Winamp etc with limited user rights instead of full administrative rights. Its a small prprogram that is run with the target program specified as a parameter. Example C:\DropMyRights.exe "c:\Program Files\Winamp\Winamp.exe".
There's a lot of good articles on this on the web -- sorry, I don't have a specific link. |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 28 Jul 2009 12:29 pm
|
|
| Phil Halton wrote: |
Okay thanks,
I just downloaded the ZoneAlarmSetup.exe file and it was only 265KB -- did it twice thinking it was a download error. Is this "cloud" installation or something? I guess I just run it from the unprotected machine cause it'll probably want to go online for setup files? |
That is a setup that downloads additional components, as they are needed. You should make sure that your XP computer has the Windows Firewall turned ON, for the network adapter you will use to go online. If you are on dial-up, have it protect the dial-up networking adapter. If broadband through an Ethernet port, protect that network connection.
The Windows XP Firewall is a one way (incoming) firewall only. The Windows Vista and 7 firewall is a full two way stateful art inspection firewall.
| Quote: |
| Also, have you heard of "DropMyRights" from Microsoft? it's a method of running internet-facing programs like IE MS outlook Winamp etc with limited user rights instead of full administrative rights. Its a small prprogram that is run with the target program specified as a parameter. Example C:\DropMyRights.exe "c:\Program Files\Winamp\Winamp.exe" |
Yes, I have used it. I chose to drop all rights by operating as a Power User, in XP Pro and Windows 2000. I operate the same in Ubuntu Linux. Power Users can upgrade already installed programs and even install those designed for "standard" users.
People running XP Home Edition cannot become Power Users. They must be Administrators or Limited Users. Limited Users can elevate their privileges to Administrator by right-clicking an executable file and selecting Run As (Administrator), then input any Admin password and away you go. These rights die as soon as that file has run and finished or been closed out.
I find it simpler to always run with reduced privileges, then elevate via Run As - Administrator, using the good password I created to protect that account. I have found that some programs must be launched with Administrator privileges and have altered their shortcuts to open the Run As screen when I d-click on the icons. One radio box option and a typed password, and Administratin' I go!
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Phil Halton
From:
Holyoke, Massachusetts, USA
|
Posted 28 Jul 2009 5:01 pm
|
|
Unfortunately, Zone Alarm, while it may be a great little free firewall, isn't "blind friendly" enough for my liking. That is, it doesn't lend itself well to use with a screen reader. The firewall in AVG InternetSecurity works great with my JAWS screen reader, and that's why I use it. Unfortunately, you have to take the rest of AVG IS along with it. Ain't that the way it always goes.
On the other hand, my need to get my DAW online has gone away, I fixed the problem with ITunes on my internet machine and its working fine there. Now I can leave the DAW offline. But, this has been a great introduction to security do's and don'ts. Learning about limited user rights and how to "dropMyRights" was most useful.
Thanks Wiz, B0B and everyone else for your help. |
|
|
|
