OSX Sequoia security advise needed

Discussion in 'Software' started by Pedra Sofia, Dec 2, 2024.

  1. Pedra Sofia

    Pedra Sofia Ultrasonic

    Aug 6, 2023
    Likes Received:
    Just curious what people here would block as incoming connections, I started getting replicator alerts every minute, I then found python3 and other stuff like idc in my firewall incoming connections turned on.

    I have Lulu ad little snitch for Mac,
    I use the host to block those call outs via a free app or directly with the terminal
    I am trying to narrow down any weird data leaks or info stolen from my computer
    been I tested things from the sister site etc, what should I be doing to intercept any intrusion or info stolen?

    Nembrini audio announced their discontinuing to work with iLok as well as Howard Benson and possibly STL tones all together, not sure if its a expense, routine issue or simply the complaints many made about feeling extorted by the ilok mafia., I do have ilok and many plugins I purchased synced, annoying as it is I had no issues with it psychically but two purchased plugins which turned out to be stolen licenses from store packages un sold.

    So please share your Mac security advise, again
    little snitch
    host file apps
    suggested incoming firewall configurations?
    • Interesting Interesting x 1
    • List
  3. Swatch

    Swatch Producer

    Jan 8, 2014
    Likes Received:
    Hey Pedra,
    I also use Lulu and a long Hosts file list which i got from this forum to block some hosts.

    I wanted to create a new thread, but maybe i find answers here.

    Actually i have 2 OSX Systems on my MBP M1 in Dualboot.
    One for working and one for The music Apps. Some Music apps are "keyed", so i wanted to isolate the Music OS from the normal OS.
    Actually i realised this with FileVault. NOT to enter the password from the other OSX Volume, when the OSX is booted.
    So i hold and press the Power button and then i can choose which OS gonna starts.

    If you really want to isolate it, then i need to install both OS new and need to create 2 Containers. Theyre completly isolated from each other.

    But now i come to my question:
    When i use apps, also some keyed apps from trusted sources like the sister site, AND i make just a second user profile, can this be enough?
    Can some harmful apps go to the second user profile in a Mac System?
    Or should i continue working with 2 OSX Systems and keep isolating them?

    I don´t have critical data, but Banking, Gmail, Web Orders etc.
    BUt i also have everything secured with 2FA/MFA.
    I´m not so scared about getting hacked in critical Logins.

    Would be nice to hear your opinions and lets stay safe :cheers:
  4. fiction

    fiction Audiosexual

    Jun 21, 2011
    Likes Received:
    Lulu didn't work properly here on latest 15.3.1 and Little Snitch is too expensive for my taste, so I'm now trying Vallum and it works well so far.
    With Vallum, you'll need some basic understanding of what each process does and where it should be able to connect to and where it shouldn't.

    It also seems to have the "NetFlows" app included, it's quite handy to see what's happening.
  5. clone

    clone Audiosexual

    Feb 5, 2021
    Likes Received:
    Try Radio Silence. It will block both Applications and Plugins network access. Keep doing and using whatever you are already using. Double Bag it, so to speak. https://radiosilenceapp.com

    You will not even notice it running. Unlike LuLu, you can shift+select many files at the same time in your plugins folder. Just remember to not block plugins/any apps which actually need connectivity (example: ilok or other paid plugin manager apps).
    • Like Like x 2
    • Agree Agree x 1
    • Love it! Love it! x 1
    • List
  6. tzzsmk

    tzzsmk Audiosexual

    Sep 13, 2016
    Likes Received:
    Heart of Europe
    Little Snitch, and block everything,
    if anything stops working or breaks, just delete the rule(s) and next time you get a popup you may pick allow for a minute or two
    • Useful Useful x 2
    • Like Like x 1
    • List
  7. Swatch

    Swatch Producer

    Jan 8, 2014
    Likes Received:
    Thank you so much. Will have a look on this.
    I also have the feeling, that LULU, doesn´t block everything.
    Especially Plugins in the Host, while the Host IS blocked.
  8. soundog

    soundog Member

    Mar 3, 2021
    Likes Received:
    Ooooh. I like the looks of Radio Silence, thanks for the tip. I'm gonna try the free trial first, and then its very affordable! Little Snitch is getting too big and expensive. Lulu sometimes has problems with phoning home plug-ins.
  9. clone

    clone Audiosexual

    Feb 5, 2021
    Likes Received:
    I bought legit LS, and I use LuLu anyway for the same reason. It's lighter. You can find a shared version of Radio Silence , I'm not sure if there are any demo limitations.
  10. saccamano

    saccamano Audiosexual

    Mar 26, 2023
    Likes Received:
    CBGB omfug
    Your solution is on sisite. "Little Snitch 6.2 (7147) Multilingual macOS"
  11. statik

    statik Audiosexual

    Jul 3, 2014
    Likes Received:
    under your bed
    what clone said, but i solely depend on LS, which i have bought as well. i've tried the free options but they were a bit to confusing at the time.
  12. sisyphus

    sisyphus Audiosexual

    Apr 29, 2014
    Likes Received:
    Yeah, I've been using LuLu for a year or so, have Little Snitch, and LuLu has been absolutely light, doesn't have the host blocking and some other features, but as clone said and recommended, RadioSilence etc are in use by me as well.

    With apologies for the crude analogy, double/triple bagging here isn't a bad idea.

    It concerns me that with more recent macOS's, there are processes that occur ~before~ some of this software is running, (gee, why is my browser loading things prior to those even having been boot even as login items etc), and without going too deep into it, I keep a separation of church and state on this stuff in regards to running my music production stuff if it includes some of the variety provided with extended trials etc... and apple itself precedes a lot or some or all of it's checks prior to LS or Lulu or some host blocking, or RadioSilence perhaps from what I know etc).

    It's obviously 'best' to not be online at all with your work machine, but there are a lot of us who are legit on many things, and some require some phoning home for authorization (which is not ideal, but sometimes has to be used).. and I don't work with anything that might phone home I don't want to while online.

    And I don't fool myself to that's enough, as others have pointed out, there are phone home processes that will occur regardless, and one makes a personal decision with what they feel their exposure in that regard is.

    I certainly wouldn't be running a k'd daw with cableguys or goodhertz and some others while browsing... and while I don't know the specifics on all, and know there are those far more educated on this than I am, I listen to what they have to say.

    Host blocking on later macOS is not as easy as it once was (and has been demonstrated by those aforementioned with higher pay grades in skill/knowledge on that, and often times can be essentially worthless from what I have read...)

    This is a different time than it was 10-15 years ago.. when one could be a little more reckless perhaps...

    (and I freely admit to not being an expert on this, and following and parroting those know more than I in regards to specificity).
    • Interesting Interesting x 2
    • List
  13. saccamano

    saccamano Audiosexual

    Mar 26, 2023
    Likes Received:
    CBGB omfug
    I haven't used apple stuff in forever and I am just trying to get a picture in mind here so bear with me... Am I understanding you correctly when what it seems like you're saying here is that the apple OS is circumventing these tools abilities to adequately block running code that you do not want accessing the internet?
    • Interesting Interesting x 1
    • List
  14. sisyphus

    sisyphus Audiosexual

    Apr 29, 2014
    Likes Received:
    No worries saccamano, and again, I can provide more references later when I have time to look back at my research and readings on this...

    but yeah, to my understanding, not only apple, but google (if one uses gmail or their services etc with little snitch etc), can circumvent these tools to block code you do not want accessing the internet, and apologies if I am explaining this wrong or sloppy, ... apple performs (or can perform) some checks before Little Snitch or Lulu is even opened and doing it's job etc.. as well as some software that I and others used to employ that performed well as a general host blocker etc like "GasMask", are worthless on numerous levels with different software (and creates confusion with people as they don't understand what's going on with, say, their Adobe patch or whatever), or even regular straight up manual host blocking re: terminal, can act as a false panacea to what you might think it is actually doing on modern macOS...

    This isn't just 'them' (macOS) from my understanding (but more relevant to my interest in this specificity), but iirc, I've been presented demonstratively reasonable evidence that there are absolutely online connections, and code intended to be blocked by the user, that aren't upon starting ones system before these processes are instantiated and running (and some during, ala Google etc). And believe me, I'd love to be wrong on that. Or told I'm wrong on that, and shown how....

    But there have been some issues with Little Snitch over the last few releases of both LS and macOS, that maybe have or haven't been addressed, host blocking on recent macOS is sketch at best (and often leads to user failure and confusion as said (not as cut and dry or simple as on some other os's)), and down the river it goes...

    I don't know what has been fixed, or what has been broken with recent updates on everything, and I could be speaking completely out my ass and wrong... (hope I am tbh), but I've found reasonable concern enough to not turn on my internet until after I''m sure these things are running, and certainly not to blindly trust these tools while using certain things online.

    I've never had anything get shutdown/timeout/revoked on me in the last year or more by taking that extra step or two of precaution, and for software I have that needs to phone home once a month or so for authorization, I do, and do it through a freeware app that I can select the au/vst etc and whatnot, and good to go. (and even that is problematic I imagine given how we have been told, or rumored, or bs'd about with what iLok or UAD does etc)... so I don't think I'm completely protected. But 'reasonably' so, or at a level I can live with...

    but I certainly wouldn't suggest running a k'd version of Ableton with k'd Cableguys Shaperbox 3, some goodhertz plugs, updating Kontakt libraries with Native Access and and what have you while being online. Or people trying to use k'd waves server bullshit or whatever with shared presets and sessions collaborating online etc.... no...

    But I don't know, I just like my stuff to work. I may fall on the overly cautious side, but I'd rather look both ways twice, or measure twice.. and it doesn't take much longer... and even if a car isn't coming that I may be mistaken on, or I've got that life vest onboard that I don't need... meh... I'm ok with that... as I read so much stuff with incredulity that some people are reckless on and then wonder why their systems aren't working...
  15. statik

    statik Audiosexual

    Jul 3, 2014
    Likes Received:
    under your bed
    no issues on macos 14.7.2 with LS, and they recently released LS3, which needs a new license unfortunately.
  16. Swatch

    Swatch Producer

    Jan 8, 2014
    Likes Received:
    Hey guys :)
    Short question here.

    So i found out that many Problems in my fresh installed FL 2024 (LEGIT) comes from a very long edited hosts file.
    I always used hosts file in Windows, to prevent the plugins from calling home.
    i used ******.com

    My short question to the Radio Silence App.
    I could´nt try it so much, now the trial is over.
    Do i need to edit the Hosts file also when i use RS? Or can RS also block the Plugins in my DAW?
    And how to block the plugins? From what i saw is, that i need to manually add Programms which i want to block.

    Thank you :) And happy sunday
  17. shinyzen

    shinyzen Audiosexual

    Sep 28, 2023
    Likes Received:
    you can block every app in Lulu by inputting a * into program path in a rule.
    • Agree Agree x 1
    • Useful Useful x 1
    • List
  18. Swatch

    Swatch Producer

    Jan 8, 2014
    Likes Received:
    Also the plugins?
    For example I wanted to activate a keyed plugin. Lulu blocked the DAW
    But the plugin said invalid key.
    After I deactivated the wifi the key was accepted.

    I can tweak my host file. I trust the Host file.
    But I asked myself is there is a trustworthy software firewall which really blocks plugins.

    Thank you
  19. clone

    clone Audiosexual

    Feb 5, 2021
    Likes Received:
    LuLu does block plugins. The reason why these things can make it out past a firewall is because they can be using the Process ID number of an unblocked application, like your DAW. If you load a plugin that wants to "phone home" you can see it do the exact same behavior if you load it into the standalone version of BlueCats Patchwork, or any other plugin host. Look at your Activity Monitor.

    This is why editing Hosts file to block domains is a good "backup plan". Using Radio Silence will also block plugins, and the reason why I like it is the lack of user interaction, but also because you can select many plugins at once to add them to your blocked applications list.

    Little Snitch is a very capable program, but you need all this protection most when you are running your DAW. Little Snitch is unfortunately the most resource-using solution of the bunch.

    Here are some other Mac utilities you might want to take a look into: https://objective-see.org/tools.html. Look into Netiquette, BlockBlock, Dylib Hijack Scanner. For learning more than for using even. You do not need a million of these applications slowing down your DAW sessions.

    Don't forget, the Mac System Firewall is great for "set and forget" purposes on applications that never have a reason to access the network.

    I would advise against using the combination of LuLu and Little Snitch, but particularly if you also use Transmission bit torrent client.
    Last edited: Mar 3, 2025
    • Like Like x 1
    • Useful Useful x 1
    • List