Just curious what people here would block as incoming connections, I started getting replicator alerts every minute, I then found python3 and other stuff like idc in my firewall incoming connections turned on.

I have Lulu ad little snitch for Mac,
I use the host to block those call outs via a free app or directly with the terminal
I am trying to narrow down any weird data leaks or info stolen from my computer
been I tested things from the sister site etc, what should I be doing to intercept any intrusion or info stolen?

Nembrini audio announced their discontinuing to work with iLok as well as Howard Benson and possibly STL tones all together, not sure if its a expense, routine issue or simply the complaints many made about feeling extorted by the ilok mafia., I do have ilok and many plugins I purchased synced, annoying as it is I had no issues with it psychically but two purchased plugins which turned out to be stolen licenses from store packages un sold.

So please share your Mac security advise, again
Lulu
little snitch
host file apps
suggested incoming firewall configurations?

 

Hey Pedra,
I also use Lulu and a long Hosts file list which i got from this forum to block some hosts.

I wanted to create a new thread, but maybe i find answers here.

Actually i have 2 OSX Systems on my MBP M1 in Dualboot.
One for working and one for The music Apps. Some Music apps are "keyed", so i wanted to isolate the Music OS from the normal OS.
Actually i realised this with FileVault. NOT to enter the password from the other OSX Volume, when the OSX is booted.
So i hold and press the Power button and then i can choose which OS gonna starts.

If you really want to isolate it, then i need to install both OS new and need to create 2 Containers. Theyre completly isolated from each other.

But now i come to my question:
When i use apps, also some keyed apps from trusted sources like the sister site, AND i make just a second user profile, can this be enough?
Can some harmful apps go to the second user profile in a Mac System?
Or should i continue working with 2 OSX Systems and keep isolating them?

I don´t have critical data, but Banking, Gmail, Web Orders etc.
BUt i also have everything secured with 2FA/MFA.
I´m not so scared about getting hacked in critical Logins.

Would be nice to hear your opinions and lets stay safe

 

Lulu didn't work properly here on latest 15.3.1 and Little Snitch is too expensive for my taste, so I'm now trying Vallum and it works well so far.
With Vallum, you'll need some basic understanding of what each process does and where it should be able to connect to and where it shouldn't.

It also seems to have the "NetFlows" app included, it's quite handy to see what's happening.

 

Try Radio Silence. It will block both Applications and Plugins network access. Keep doing and using whatever you are already using. Double Bag it, so to speak. https://radiosilenceapp.com

You will not even notice it running. Unlike LuLu, you can shift+select many files at the same time in your plugins folder. Just remember to not block plugins/any apps which actually need connectivity (example: ilok or other paid plugin manager apps).

 

Little Snitch, and block everything,
if anything stops working or breaks, just delete the rule(s) and next time you get a popup you may pick allow for a minute or two

 

Thank you so much. Will have a look on this.
I also have the feeling, that LULU, doesn´t block everything.
Especially Plugins in the Host, while the Host IS blocked.

 

Ooooh. I like the looks of Radio Silence, thanks for the tip. I'm gonna try the free trial first, and then its very affordable! Little Snitch is getting too big and expensive. Lulu sometimes has problems with phoning home plug-ins.

 

I bought legit LS, and I use LuLu anyway for the same reason. It's lighter. You can find a shared version of Radio Silence , I'm not sure if there are any demo limitations.

 

Your solution is on sisite. "Little Snitch 6.2 (7147) Multilingual macOS"

 

what clone said, but i solely depend on LS, which i have bought as well. i've tried the free options but they were a bit to confusing at the time.

 

Yeah, I've been using LuLu for a year or so, have Little Snitch, and LuLu has been absolutely light, doesn't have the host blocking and some other features, but as clone said and recommended, RadioSilence etc are in use by me as well.

With apologies for the crude analogy, double/triple bagging here isn't a bad idea.

It concerns me that with more recent macOS's, there are processes that occur ~before~ some of this software is running, (gee, why is my browser loading things prior to those even having been boot even as login items etc), and without going too deep into it, I keep a separation of church and state on this stuff in regards to running my music production stuff if it includes some of the variety provided with extended trials etc... and apple itself precedes a lot or some or all of it's checks prior to LS or Lulu or some host blocking, or RadioSilence perhaps from what I know etc).

It's obviously 'best' to not be online at all with your work machine, but there are a lot of us who are legit on many things, and some require some phoning home for authorization (which is not ideal, but sometimes has to be used).. and I don't work with anything that might phone home I don't want to while online.

And I don't fool myself to that's enough, as others have pointed out, there are phone home processes that will occur regardless, and one makes a personal decision with what they feel their exposure in that regard is.

I certainly wouldn't be running a k'd daw with cableguys or goodhertz and some others while browsing... and while I don't know the specifics on all, and know there are those far more educated on this than I am, I listen to what they have to say.

Host blocking on later macOS is not as easy as it once was (and has been demonstrated by those aforementioned with higher pay grades in skill/knowledge on that, and often times can be essentially worthless from what I have read...)

This is a different time than it was 10-15 years ago.. when one could be a little more reckless perhaps...

(and I freely admit to not being an expert on this, and following and parroting those know more than I in regards to specificity).

 

I haven't used apple stuff in forever and I am just trying to get a picture in mind here so bear with me... Am I understanding you correctly when what it seems like you're saying here is that the apple OS is circumventing these tools abilities to adequately block running code that you do not want accessing the internet?

 

No worries saccamano, and again, I can provide more references later when I have time to look back at my research and readings on this...

but yeah, to my understanding, not only apple, but google (if one uses gmail or their services etc with little snitch etc), can circumvent these tools to block code you do not want accessing the internet, and apologies if I am explaining this wrong or sloppy, ... apple performs (or can perform) some checks before Little Snitch or Lulu is even opened and doing it's job etc.. as well as some software that I and others used to employ that performed well as a general host blocker etc like "GasMask", are worthless on numerous levels with different software (and creates confusion with people as they don't understand what's going on with, say, their Adobe patch or whatever), or even regular straight up manual host blocking re: terminal, can act as a false panacea to what you might think it is actually doing on modern macOS...

This isn't just 'them' (macOS) from my understanding (but more relevant to my interest in this specificity), but iirc, I've been presented demonstratively reasonable evidence that there are absolutely online connections, and code intended to be blocked by the user, that aren't upon starting ones system before these processes are instantiated and running (and some during, ala Google etc). And believe me, I'd love to be wrong on that. Or told I'm wrong on that, and shown how....

But there have been some issues with Little Snitch over the last few releases of both LS and macOS, that maybe have or haven't been addressed, host blocking on recent macOS is sketch at best (and often leads to user failure and confusion as said (not as cut and dry or simple as on some other os's)), and down the river it goes...

I don't know what has been fixed, or what has been broken with recent updates on everything, and I could be speaking completely out my ass and wrong... (hope I am tbh), but I've found reasonable concern enough to not turn on my internet until after I''m sure these things are running, and certainly not to blindly trust these tools while using certain things online.

I've never had anything get shutdown/timeout/revoked on me in the last year or more by taking that extra step or two of precaution, and for software I have that needs to phone home once a month or so for authorization, I do, and do it through a freeware app that I can select the au/vst etc and whatnot, and good to go. (and even that is problematic I imagine given how we have been told, or rumored, or bs'd about with what iLok or UAD does etc)... so I don't think I'm completely protected. But 'reasonably' so, or at a level I can live with...

but I certainly wouldn't suggest running a k'd version of Ableton with k'd Cableguys Shaperbox 3, some goodhertz plugs, updating Kontakt libraries with Native Access and and what have you while being online. Or people trying to use k'd waves server bullshit or whatever with shared presets and sessions collaborating online etc.... no...

But I don't know, I just like my stuff to work. I may fall on the overly cautious side, but I'd rather look both ways twice, or measure twice.. and it doesn't take much longer... and even if a car isn't coming that I may be mistaken on, or I've got that life vest onboard that I don't need... meh... I'm ok with that... as I read so much stuff with incredulity that some people are reckless on and then wonder why their systems aren't working...