Does the plugin need to be instantiated or the app running to enable calling home?

 

Yes. But an application can also be started and running in the background before you even reach the Windows desktop. Like a RAT.
You shouldn't see this from some audio application. Your firewall should still catch any outbound.

 

The process needs to be running for said process to call home, yes.
Some plugins/companies have license/app managers that may run in the background, so keep that in mind.

 

My firewall settings are very strict on "call home" permissions: no apps are allowed to do that, unless I deliberate choose so. I care about my privacy and I think we all should

 

Which firewall are you using ?

 

For free ones, i prefer TinyWall (no popups!), but i also heard that SimpleWall and Evorim Free Firewall are great. I hate windows firewall, because some apps will create rules themselves (also windows itself auto-allows some unwanted services or other junk).

 

Don't sweat it. Most applications don't call home at all. And most vendors wouldn't even know what to do with it because an IP address doesn't hold any personal information until they pursue the painstaking process of going to court and demand who uses this IP? There are however clever programs that call home and disable your use of the program like meldaproduction, Positivegrid and Ikmultimedia. But these are few exceptions to the rule that hardly any vendor uses any call home option.

Just follow the instructions of for instance R2R in adjusting the host file. That's usually sufficient enough to prevent them from calling home. No need for sophisticated firewall software that frankly saying most users don't really know how to to deal with anyway.

Let's face it. Most of you are not an IT security experts. So are you going to to install a third party firewall and configure all the tcp/udp ports you want or don't want it to connect to?

That's the issue. Most people will advise you to install this or that firewall program. But you will also need to know how to configure it. If you don't it will just replace the standard Windows firewall and be just as stupid as where you started off.

The standard Windows firewall has already all that you need. But do you exactly know what url, tcp or udp port to block to prevent a program from calling home? You don't! And any sophisticated firewall program you install won't either!

So again, don't sweat it. Just follow the instructions of the cracker and go make music!

 

You do not need to be a security expert in 2023 to configure a basic firewall ruleset for outbound traffic. You should be using a real Firewall, no matter what. If a bad actor is looking to break into machines, a simple portscan across wide IP blocks is how that often starts. You are not blocking ports to stop your own apps and plugins from being "online". You are blocking them via their Process ID. It does not matter what the source port or target port of that application is. It will be blocked.

You may be correct about software vendors capturing telemetry information. There is no chain of custody on the data in some text file. But what the application can do is download a simple text file blacklist or scrap object which the plugin/app can search for locally and de-authorize the plugin. It's why when people have problems, they have to run Revo to remove the stuff preventing reinstallation. Not all of them have a static filename.

Windows firewall may work for this but it is a product designed for average user to prevent them from getting randomly hacked by people using portscanners and other script kiddy toys. If someone wants more flexibility than that, it does not hurt for them to look into the subject a learn a tiny little bit about it.

If developers were not at least somewhat *decent* programmers, we would have every single last plugin. Outsmarting your Windows firewall with an application you grant permissions to is not as difficult for them as you seem to think.

 

I’m using Hands off (macOS). A good one is also Little snitch

 

Try LuLu: https://objective-see.org/products/lulu.html It is free, lighter than LS, and still developed unlike HandsOff. You can block individual .component plugins in about 4 clicks. Create a Finder sidebar icon to your plugins folder first.

 

The best defense is a good offense against such things. Eliminate ANY internet connection on production machines. Everything is safe, no need for firewall, or a/v suite junk running in the background eating up resources.

 

if you're on Windows, invest (time/money) into NetLimiter 5 and enjoy

yes, NetLimiter 5 or 4, for older Windows system;
or Little Snitch, or Hands Off, or LULU on MacOS - all being behavioral firewalls are amazing and simple to get go

in my humble opinion, Little Snitch is better than Hands Off, both are fantastic though

being legally free, it's my go-to on legit/business Mac workstations, even when doing nothing shady, control over network I/O is very welcome and useful

 

Little Snitch is a very good firewall, unfortunately my OS is not supported anymore. Yes: it’s definitely time to update the machine, I’m thinking about a Mac Mini M2

 

Don't underestimate developers: they know a lot more than you about how to fully exploit their customers' data without you even realizing it. Try this: when you install an app, instead of clicking "next - next .." go through the contract, reading all the disclaimers: it makes you want to delete everything immediately

 

There is nothing in their little audio applications which is going to "fully exploit" data. Telemetry information contains more data than just an IP in cleartext. But it is also a Windows machine allowing outbound solicitations to pass the firewall. Maybe someone is having a bad day. That's a good recipe for developing some more serious computer problems. Most of the "slim" Windows versions people run also have Windows Updates disabled.

 

Last edited: Sep 21, 2023

If we would be bothered by these 'EULA's' nobody would even be running Window or Mac OS!

 

Also add iOS and Android. They created the perfect trap and we all fell into it: there is no escape

 

What do you mean by ‘wide IP blocks’? We have 65,535 ports. It’s just a few of those that use common protocols we use every day. Scans are done on TCP and UDP ports targeting ‘your’ IP address! Common ports are like 20/31 for FTP, 80 for Hypertext, 443 for HTTPS, etc. But hackers are looking for breaches of programs that use ports outside the common set.
If you want to see what can be scanned and how the state of your own system is being secured? Then go to: https://www.grc.com/x/ne.dll?bh0bkyd2

This can only happen if you run your login on full admin! But anyone doing this is beyond help anyway. No firewall can prevent anything if you do this!

That’s the big misconception that most people have about firewalls? They always think that 3rd party programs are always better than the standard Windows one. They think they have some sort of magic inside that the build in Windows firewall doesn’t have? But they all do the same thing. In fact after installing they all copy the settings of the Windows firewall and take it from there. The added value is only that they come with some wizards that may simplify things a bit for users. But on the other hand may force them to make wrong decisions?
But most of all, also those glorified 3rd party firewalls can’t tell you what plugin needs what port to be blocked for it to prevent it from calling home! Because they also simply don't know!

Again, it’s not that simple or straightforward. And again, every firewall being it Windows or any other 3rd party one.They all need to know what you want them to block besides the standard stuff. A firewall is just as smart as you tell it to be! That goes for the Windows firewall as well as any 3rd party version!

 

What are the IP blocks?

An IP block (otherwise known as an IP range), a continuous segment of Internet Protocol addresses assigned to an organization or country.

Ranges. If a known exploit exists on some OS version, or other conditions which identify them and may affect them all such as an installed trojan server; what will be scanned for later probing/attack will be 1 port across enormous IP ranges looking for those vulnerable machines. If you think Windows Firewall is good enough? Use it. Many other users on here put Tinywall on their machines, or other 3rd party firewall application. Like Glasswire.

As an example; say they are looking to find exploitable machines with something like PCAnywhere on them. They would first scan huge ranges of ip addresses on port 5631 looking for targets. If it is something more nasty like a RAT server, they are configurable and will run on whatever port is configured. There is nothing stopping them from using a port which your firewall deems "common", in hopes that your ruleset will allow an inbound connection to the machine. You also need to keep in mind that outbound solicitation allowed by your firewall for normal day to day things using that port normally, the firewall will expect to see an inbound reply; because it is *trusted*. If not configured correctly, again it becomes another possible attack vector. That is a classic example of how C+C of a botnet is conducted by criminals. The machine outbound connects to a middleman server which becomes trusted, and commands are piped by a third party thru to the first machine. Like a relay.

Google "Malware Disrupted" or "Botnet Takedown". There is a story from last month some time, and it discusses thousands of victim/compromised machines. This is a frequent occurence. Do you think all these people had Windows Defender and firewall disabled? Most of them don't even know how to do that. I think you should never recommend someone "less security". There is 0 upside to that, only possible blame.

 

Last edited: Sep 24, 2023

Again! All firewalls do exactly the same. They block what windows tells them to block and 'additionally' what 'you' tell them to block! Using another firewall because people think it's better is just marketing BS. Just because people think they are better and they think they are easier to configure doesn't make them necessarily better? They all deal with same rules on the same 65,535 ports!

Yes, acknowledged! We agree that a firewall is vital on any computer connected to the Internet!
But what proof can you present that any 3rd party firewall program is better than the embedded one in Windows? That's my point!
I don't believe that 3rd party programs are any better! IMO It's just a load of marketing BS that lives between the ears of some people that have embraced that anything offered within windows must always be inferior to 3rd party programs!

But to actually return to the actual topic? What to do about apps and plugins that call home?

No firewall, Windows or 3rd party, will know how to block this unless you know exactly 'what' to block!

So what's the added value of 3rd party firewall in this respect?