Have your friend monitor traffic when they load the plugins, block whatever sites pop up in the host file? Lots of tools can monitor. Wireshark, CloudSniff and NetworkMiner are free consumer os network analyzers.

Did your friend actually spend $400 on that Unison junk? Download midi files and load the free generators for Ableton. Same thing. There is no tech wizardry happening inside those unison sales pitchs.

 

Sordum - Net Disabler 1.1 [FREE]
(App to enable/disable internet access)

https://www.sordum.org/9660/net-disabler-v1-1/

 

That looks like a perfect solution, easy as can be, very lightweight and supports all Windows OS!

 

Thanks - I'd never heard of RadioSilence perviously. Blocking entire apps doesn't sound very music production friendly though, does it?

How do you run your DAW if you must block the whole enchilada (be it Cubase, DP, Live, Logic, PT, or Reaper)?

How do you get updates for your loops or samples, or use those plugins you didn't "look around" for and that you do own?

 

@bluerover I just tested Net Disabler and it works great!

 

disconnect wifi antenna, diconnect wifi card, remove cat5/6 cable. no problems..

 

I have a question, I've downloaded Lulu for mac but it is supposed to block applications, not plugins, right ? So if I want to prevent a logic plugin to call home, do I have to block logic app ? (which I don't want, only specific plugins) thanks for help

 

LuLu can block individual plugins, no problem. Also, it can block the content of entire folders. You block Logic entirely. If you ever really need Logic to download anything from the mothership, you open a new project, so without any plugins loaded into the session. Right click (or control+click) the LuLU shield icon in the top menu bar and hit Disable. Let Logic out and do it's thing, then re-enable LuLu.

 

Thanks for your help ! great tip. But how do I block an AU plugin file ? Sorry I'm totaly new at firewalls, I use Gas Mask to edit hosts, but it doesn't work with https protocols. For ex, I need to block audiopunks.com but adress is https. That's why I need Lulu.

 

Radio Silence is perfect for individual plugins. If something is legit, why would you block it? iLok, and other software managers are no problem with your DAW blocked entirely. You let your iLok manager application to either have access out, or you block it until you permit it to go out and connect temporarily long enough for it to sync with the external server. The plugins will look to your iLok manager app for their authorizations, not the iLok servers.

I never let my DAW out to go "get new samples", and move all that stuff to an external drive anyway. If I wanted a DAW bloated with "factory-shipped" preset content and samples; I'd use Cubase.

Little Snitch is by far the most configurable and robust firewall. It is like the REAPER of Mac firewalls, by which I mean that it requires more user interaction to get it setup; precisely how you want it.

Right click (or ctrl+click) the LuLU shield Icon in menu bar. Hit Rules. Click the + bottom right, add rule. Make sure it is checked off as Block. For Process Path, hit browse. Browse to ‎⁨Macintosh SSD⁩ ▸ ⁨Library⁩ ▸ ⁨Audio⁩ ▸ ⁨Plug-Ins⁩, Or you could just enter that manually. Select the .component you want to block, and that's it. Or you can block that entire folder ‎⁨Macintosh SSD⁩ ▸ ⁨Library⁩ ▸ ⁨Audio⁩ ▸ ⁨Plug-Ins⁩.
It's very helpful to go to that folder-> ‎⁨Macintosh SSD⁩ ▸ ⁨Library⁩ ▸ ⁨Audio⁩ ▸ ⁨Plug-Ins⁩ and drag it to your Finder Sidebar to add a shortcut. It's very helpful for all this Sister Site stuff for some other reasons too.

 

Last edited: May 11, 2025

"Free" tools are fine if you want what amounts to introductory functionality. Generally "free" tools are just a wetting-of-your-beak so to speak to induce you to buy the "pro" version of whatever it is - the one that actually does something useful. Which is why I will always grab the scene version of the tool and avoid all the roundabout b.s. that comes with going all in on any one thing. This way you can get the tools you need and discard the junk without deflating your wallet needlessly.

The best way to keep plugins on a production machine from being "chatty" is to simply use the cracked version (sometimes even with the cracked ones they may still "chat") - if there is no cracked version then UNPLUG the machine from the internet. Production machines do not belong on the internet in the first place.

 

Last edited: May 11, 2025

Yay, that's great!!! :-D

 

More questions (sorry guys, I did warn you though)

About the ILOK plugins, even though they said I only need to activate online once, I am scared about what it might do to my PC, install all kinds of files all around different folders, and especially when I am online even if not using it at the time. Is it something to worry about or a nonissue?

I was reading about TinyWall and saw this - Do not install TinyWall over a remote connection, or you will risk locking yourself out until TinyWall gets properly configured.

Also this - NOTE: After installation TinyWall blocks most communication. To use the internet or network-enabled applications, select one of the "Whitelist by ..." options in the tray menu to unblock specific programs.

So does this mean I will need to configure it to allow use of a VPN? I almost always use a VPN so that is a concern.

About the host file, are there specific host IP addresses to block for ILOK and the plugins in it? If there is a list can someone please post it or DM me? Or is this unnecessary if I use Tiny Wall?

 

I block the Ableton app. The only shortcoming would be if I needed to download more "Packs," but I don't. If I did, I'd find them on the sister site or similar places anyway. And I don't use Ableton Cloud. Works for me but everyone works differently.

 

You've provided a wealth of information in this thread, clone. Thank you. I will be referring back to this if I ever need to use the moat and drawbridge approach rather than the Radio Silence wall.

 

Putting more bloatware on a win machine shouldn't be anyone's plight. Two batch files (batch scripts are supported on ANY windows os) on the desktop each one with a single line of code does what that "app" does and does not install any b.s. on your system. Enabling and disabling the internet network interface is not rocket science and does not require any sort of app install to accomplish. I gave you the process to accomplish this task previously in this thread.

You can do what you want - just saying this thing (or anything that requires an app install to control a network interface) is a useless piece of bloatware to add to an already bloated os (unless you have optimized the os already).

 

Last edited: May 15, 2025 at 11:30 PM

...it's like 3MB, and it's portable.

 

Best of all; I've got a production machine which never touchs any kind of network.
Reality; I'm poor enough for some like that, I have only one machine to navigate & play/produce and most of the time I need to use my brother's Intel 12ºGen to play/record with the last plugins... hahahahaa

More than a hacker will ...what I feel is a unbearable annoyance about the permanent bombing over our privacy and the insane resources dryin', even from all that legit software that we've bought or could buy. Not every product has that kind of behavior, but Little Snitch & DNSQuerySniff showed it me more than enough.

There are several useful options, as every pals suggested before & will keep on doin' after. Some of those options could need more or less resources. From my own perspective (in any OS) the best possible option is to mod the hosts file addin' there the true targeted URLs, something not so easy to get 'cause not every URL is written in a legible way, some of them are encrypted & it's not a easy thing to decrypt. Obviously there are many vary valuable pals which makes deep dives in this matter and gift us their work, so all that I'm writing could be a simple unsenseless waste of time. It seems that I need to escape from something & I usually do...

The non-encrypted URLs are easyly shown if you open the files of a plugin through Notepad++ (among other text editors). What I occasionally do to get a list of the visible URLs is to install the plugin (being offline) & then...

*Open their files by right click ----> Edit with Notepad++.

*Once the file is "open" hit the "Encoding" tab in the upper bar & choose UTF8.

*Hit Ctrl F, paste the next target formula in the search field (without quotes); "https?://[^\s]+" (you may want to repeat the entire process to search the http protocol too...)

*Select the upper tab "Mark".

*In the left side options tick "Wrap around".

*In "Search Mode" tick on "Regular expression" & "matches new line".

*Hit Enter, after a while (the time demanded relies in your CPU power and the file's size) u'll get a notification sayin' something as (below); "Mark: x matches in entire file" (being "x" the number of the https lines found).

*To copy the found data go to the right side of the search window & hit on "MARK ALL" and "COPY MARKED TEXT", open a new .txt, paste the data there.

Many of those URLs are just references to the creators of fonts, graphical & audio elements which composes the file, .exe, SAL, .VST3, .AU, etc, etc.., & does not represent any kind of inspection, while others are there to do that. However I've found more than once some really weird servers or aparently non related to anti-piracy which are the main "problem" (u can search by Google about those suspicious ones to get out of doubts). Once u've realized which of the collected URLs worths to block, add those lines to your hosts file this way;

#The WTF Protocol
0.0.0.0 thewtfprotocol.net
0.0.0.0 www.thewtfprotocol.net

Why 0.0.0.0 instead of the well known 127.0.0.1? Through 127.0.0.1 an inner call & hang down happens, while through 0.0.0.0 no call is done. Why with & without the .www prefix?, well, there are lots of cases in which the prefix really blocks the call, while in others isn't needed, the problem is that only the soft engineers knows that, or, at least, I don't know why sometimes is necessary...

Although when using macOS I like Terminal a lot I've recently found a truely great app called Gas Mask. It works as a powerful standalone hosts editor (obviously u've gotta give it root rights).

For Windows I use a very simple .bat in order to call notepad.exe pointing to the hosts file. To make it open a new .txt and paste in it;

start Notepad "C:\Windows\System32\drivers\etc\HOSTS"

Now "Save as", navigate to any desired place in your machine and give it a name as AdminHosts.bat (or whtever but end it with .bat), in the "Type" field choose "All files". Save it & create a shortcut, give to the shorcut Admin rights and place it wherever u want. Each time u'll double click on that shortcut u'll be able to effectively mod your hosts file.

Time is valuable as life itself (I feel), so I spend lots of time in order to save time (wtfffffffffff), I mean, to know which are really the URLs to block u've gotta invest many hours to simply know them (I'm talkin' about many apps), because if you just go inside the files and copy the whole bunch of URLs you'll end with Godzilla suffering from morbid overweight in your "etc" folder... There are options to SEE, for example, in Windows; DNSQuerySniffer, a free, very efficient standalone app, really useful.

So, how to properly use DNSQuerySniffer in order to research for the real targeted URLs? Shutdown every possible app running in your machine, execute DNSQuerySniffer, start the standalone (if the plugin has SAL), or execute your daw with a blank project & load the plugin to observe the potential calls. Give it some time, not every app calls home, some of them calls immediately after start, some others waits randomly & there are apps which runs constantly in the background & has a dense stalker behavior. ¿May an app/plugin could be modified after a call?, obviously, so you should deeply uninstall it after save the targeted URLs, the PRECIOUSS DATA. Yes, could be annoyin', but we're researching to achieve a silent future for our machines, a not so big hosts file & in general a better, efficient performance.

THE FIREWALL OPTIONS

That I don't like of an interactive firewall is the real time processing; I mean, I try to let every possible resource of my machine dedicated to my main interests, the more surveillance you machine does, the less u'll have for what you love to do. The static firewall rulers acts obviously different, perhaps in a simmilar way to the hosts file moding, but could have the counterpart of a huge indexed text, which demmands a lot too.

In macOS I've not tried a better option that Little Snitch, & perhaps I'm truely outdated or old fashioned but... 'till tonight it seems to work really fine. I use it in "Alert Mode" 'cause I've seen programs callin' home when the app or plugin is supposedly off, evidencing its background activity. The only Little Snitch's disadvantage (appart from the resources already mentioned) is that it could result a little bit dense, or very dense, but this borns from the behavior of the callers, Little Snitch just does his job efficiently.

In Windows I don't use an interactive (system based) firewall as in macOS, just a free firewall manager (standalone) that I love, called Firewall Add Blocker, which has other network capabilities than just block & "let go". At the begining I've used FAB in "Default Mode" by blocking all the .exe files of the choosed software folders to block, ...then I've realized that many other extensions has connectivity skills, not only .exe files, but .dll, .vst3, .com, etc.., that's why now I use FAB in "Whitelist Mode" blocking everything BUT all that I need to let go out & let income. For that I add the specific processes, FAB has a sort of taskmanager which lets you see what is running in real time and lets you add them to the whitelist. Sometimes the processes that you can see through FAB are not "clearly related" to something that u wanna unblock (or block), so in those cases you can copy the paths of the specific folders & add them to the whitelist.

In most of the producers machines the whitelist of a blocking firewall is significantly smaller than the blocklist of an open firewall, for obvious reasons, there is when the indexing stuff makes a performace difference.

All of this means that poor machines could exist with proud decency

 

Last edited: May 16, 2025 at 8:58 AM

I like old machines, its no use making yourself poorer and giant corporations richer, to just have it become obsolete in 2 years. Most of the Beatles catalog was made on a 286 machine with 256Kb of ram and protools ver .71 alpha.

one will always lust for more, that is human nature, but limitations provide guardrails that restrain the creative impulse so that it doesn't dissipate into endless choices that do little but destroy creativity.

Modern society has been structured to present endless distractions so that no one accomplishes anything and is eternally frustrated, searching, buying,throwing away,stressed.

you can be in that world and never be sufficiently entertained or satiated as your life, money and emotions dwindle, or you can deliberately walk away and find your own peace and accomplishments and stop measuring yourself against a world that doesn't really exist.

whenever given the chance to connect to the internet or to disconnect, always choose disconnect.

 

This. I'll never get tired of recommending Sordum little tools. BTW, most of them can be used from the command line. That is, you can make a .bat file

I don't know what to recommend on Mac. On Windows I use a Firewall in White List mode. So everything is blocked unless is explicitly allowed. So I allow, for instance, Chrome, JDownloader, Media Player Classic (for its subtitle downloader). TinyWall only works by default in WhiteList mode (AFAIK).

Problem: we want some apps to access only from time to time the net. So I also configure it to block "traditionally" most warez, most microsoft apps, etc. But I want to update frequently Chrome and JDownloader.
I do not block JDownloaderUpdater.exe (in practice is javaw.exe) and ChromeUpdater.exe. When I want to update these two, I disable whitelist so the Firewall runs on "traditional" blacklist and I update manually.

This is actually a very neat technique although harder. To my surprise, most warez exe's and dll's have the URLs in clear. Non-encrypted. Actually, I can't 100% recommend this method because I don't know if there's apps with encrypted URLs. By common sense I imagine some parts of the cr*cking of an app deal with this.

Notepad++ is good enough for many files but it's best if you you can get a good Binary Editor that can handle big files. I use 010 Editor. You can search and replace every "http:", "https:" with "htt_:", "http_:" (for instance). You can automate this.

 

Last edited: May 16, 2025 at 3:03 PM