Canadian Mac Forums at ehMac banner
1 - 20 of 20 Posts

·
Registered
Joined
·
802 Posts
Discussion Starter · #1 ·
Over the last couple of weeks, I have read items which refer to certain Mac software as spyware, specificly mentioned are Limewire and SpeedDownload. I installed Limewire once and uninstalled it a short time later. I am not too attached to my machinery but, everytime I ran this software I thought I could hear my poor mac screaming with pain as though it was being tortured and my own viscera felt like they were in the grasp of some clawed monster. My experience with Speed Download is different. It does work for me - without the feelings of horror mentioned above. Perhaps it is more cunning and subdued, failing to upset my crude alarms.

Lars has mentioned in another thread that MacUpdate refuses to link with SD. Gordguide has mentioned a couple of possible reasons for this - one is that SD may be spyware. I thought to start a separate thread for this in an attempt to gather as much information. opinion and advice as possible on this topic - to guide the uninformed.

What is spyware and why are Limewire and Speed Download thought to be spyware? Anyone?
 

·
Registered
Joined
·
136 Posts
Spyware is software that sends information back to whoever from your system about various things such as your online activities...
 

·
Premium Member
Joined
·
6,795 Posts
I installed Limewire once and uninstalled it a short time later. I am not too attached to my machinery but, everytime I ran this software I thought I could hear my poor mac screaming with pain as though it was being tortured and my own viscera felt like they were in the grasp of some clawed monster

This might have more to do with LimeWire being slow running, ugly, and unintuitive to use than anything else. (at least the last version that I used).

FWIW, Limewire says right on their site "no spyware". So if there is any, it's probably not coming from them.
 

·
Registered
Joined
·
802 Posts
Discussion Starter · #4 ·
Spyware is software that sends information back to whoever from your system about various things such as your online activities...
Adobe does something like this when you have their software installed. To prevent it, there are particular files you remove (in OS 9, at least). Where does spyware abide in a system? How do you find it? How do you eliminate it?
 

·
Premium Member
Joined
·
6,795 Posts
Adobe does something like this when you have their software installed. To prevent it, there are particular files you remove

The Adobe registration check thing is something I don't think I'd call spyware, though it does have many similar characteristics. All it is supposed to do is talk with the registration server and confirm you are using a legal copy of their software, the only people who really need to worry about this check are people using illegal copies.

Spyware is meant to maliciously transmit data about you to someone, more often than not this data is to do with your web browsing habits and such so that advertising can be streamlined to your tastes which would increase the chances of you actually clicking said ads. Usually the spyware that does this is in the form of an internet cookie or some other file installed through IE.

I've not personally heard of any spyware on the Mac, at least nothing as widespread as on Windows.
 

·
Registered
Joined
·
8,774 Posts
Speaking of cookies...

I have my browser preferences set to show all cookies as they come in. I refuse pretty much ALL of them except from Yahoo (my home page and email service) and from ehmac.

I also regularly go into preferences and delete all cookies that I have had to accept, in order to get a site to work properly. I do this, like, every fourth day or so.

It's amazing how many cookies get blasted at you when you are linking to some web pages. Especially the newspaper based ones. I have almost worn out my Pro Mouse while "not accepting" hundreds of these things.

PB...you are pretty canny about this stuff. Care to expound more on the "cookies" question?

Is this the most likely way to inadvertently allow some sort of spyware garbage onto the Mac platform?

Or am I just being paranoid?


What do they do...and why are they there...and how come 90% of the sites that I visit work just fine even when I refuse or decline to accept ALL of the cookies that they try to send to me?
 

·
Premium Member
Joined
·
5,247 Posts
Just to be clear, I didn't say Speed Download was spyware; but there have been other apps in the category of "Browser Speed Improvers" that were of questionable utility; in that they didn't do what they said they were supposed to, and instead had the potential to report back on your habits.

Speed Download may be just fine, for what it does. I'm sure we'll find out soon enough.

I do trust MacUpdate more than VersionTracker, which will list any program that is submitted to them (their Windows site has pretty much all of the "bad" programs listed and available).

In my experience MacUpdate will remove programs of questionable pedigree, something other sites don't appear to want to do. Maybe that means they're more willing to drop apps that they personally don't like, such as has been mentioned as a possibility with Speed Download. Doesn't bother me; it's easy enough to get elsewhere, but just for the record that could be all there is to it.

However, I do find it suspicious that all of a sudden we need a new "update" site that didn't exist before and that Speed Download defaults to it.

The authors of the app seem to be saying that it's a 3rd-party "feature" they though they would add in as a "bonus". That is pretty much the pattern adware and spyware has been using in the Windows world, and it does raise an eyebrow to me.
 

·
Premium Member
Joined
·
2,788 Posts
I your worried about Spyware, try a little app called "Little Snitch". It allerts you to any outgoing traffic from your mac, and gives you the option of denying this traffic either perenantly or temporarly.
 

·
Premium Member
Joined
·
6,795 Posts
Care to expound more on the "cookies" question? Is this the most likely way to inadvertently allow some sort of spyware garbage onto the Mac platform?

As far ass I know, only the least malicious kind. Data such as where you've been or what ads you've clicked on can be stored in cookies and then retrieved later by banner ad services so that they can put up ads they think you are more likely to click on, but that is about it. It can be annoying, but that is about it.

A better practice than deleting cookies would be to use a browser that lets you selectively accept/decline every incoming cookie (Note: Safari doesn't really do this, Camino, OmniWeb, and IE do). This way you can filter out the good from the bad.
 

·
Premium Member
Joined
·
5,247 Posts
Little Snitch is an excellent app; it notifies you of any outgoing traffic and allows you to deny it.

It costs a few bucks though (US$ 25). It operates in a 3-hour time-limited demo mode if you don't pay for it.

Details here.

As for cookies, if you begin the habit (as MacNutt has) of deleting cookies every few days or so, you will find it's a fairly simple procedure that's easy to manage.

If you wait until there are thousands of the damn things, you are most likely to delete cookies you need and will have to re-enter your logins for sites like ehMac. Once you do that and recognise which ones you really need, it's pretty simple.

It's a lot faster than clicking "accept/deny" every time you visit a site as you must do in IE, although it's pretty informative when you discover some sites need about 20 cookies just to launch the startup page.

It might be worth noting that many sites use cookies to offer specific content to you; there are even a few retail sites that will give you a different price depending on the cookies stored on your computer.

[ February 17, 2004, 02:45 PM: Message edited by: gordguide ]
 

·
Registered
Joined
·
136 Posts
keeping your system clean of cookies is always a good idea since they are information portals but spyware has more to do with code embedded in apps that works invisibly while the program is doing what it is supposedly meant for than it does with cookies as far as I know...

there are a number of utilities to help with this problem - likely their sites would explain this further

do an online search about spyware you'll get plenty of returns
 

·
Registered
Joined
·
68 Posts
We are big users of Speed Download and I can assure you that Speed Download is absolutely NOT spyware. Whoever orignally worte claiming it was must not be very computer saavy. All Speed Download does (like 99% of software today) is check to see if there is a newer version of the software available. This is a service to you (the user) to ensure that you always have the latest and greatest version. You can easily turn off this check simply by going into the Speed Download preferences.

As for not being listed on MacUpdate, here is the real reason straight from the horse's mouth.

http://www.yazsoft.com/devnotes.html

Hope that helps
 

·
Premium Member
Joined
·
6,795 Posts
Speed Download is absolutely NOT spyware. Whoever orignally worte claiming it was must not be very computer saavy.

If you'd bother to read, no one said it was, just that many apps of the same type are.
 

·
Registered
Joined
·
802 Posts
Discussion Starter · #14 ·
gordguide - I apologize for the confusion re: SD and spyware. That was my fault.

Thanks for all the responses so far. I've downloaded and run Little Snitch - very useful. I've run all of my applications without anything suspicious occuring. I then installed Limewire and Acquisition. Whoosh - what a lot of connection activity. I realize these applications rely on a lot of network connections but they come at you so quickly. How the h**l am I supposed to know what all these server addresses might be hiding. I see what you mean about inadvertently downloading bad things this way. I am going to try out the Spyware detection applications I find. I looked at Macscan but decided against it after reading the user reviews about the disastrous results many had.

Another question. I had my router configured to send me activity reports by email. I would receive hourly reports that looked like this:

--- Log Begin ---
Unrecognized attempt blocked from 4.13.153.47:1030 to UDP port 137
Unrecognized attempt blocked from 67.24.80.203:1027 to UDP port 137
Unrecognized attempt blocked from 212.93.154.214:1026 to UDP port 137
Unrecognized attempt blocked from 24.165.239.150:2126 to TCP port 135
Unrecognized attempt blocked from 24.165.239.150:2126 to TCP port 135
Unrecognized attempt blocked from 210.100.150.3:55386 to TCP port 21
Unrecognized attempt blocked from 206.116.8.82:2875 to TCP port 135
Unrecognized attempt blocked from 24.165.239.150:2126 to TCP port 135
Unrecognized attempt blocked from 206.116.8.82:2875 to TCP port 135
Unrecognized attempt blocked from 209.139.239.216:1028 to UDP port 137
Unrecognized attempt blocked from 61.33.131.159:1027 to UDP port 137
Unrecognized attempt blocked from 206.116.20.48:1108 to TCP port 139
Unrecognized attempt blocked from 206.116.20.48:1108 to TCP port 139
Unrecognized attempt blocked from 206.116.20.48:1108 to TCP port 139
Unrecognized attempt blocked from 206.116.136.173:3949 to TCP port 135

Usually about 50 attempts/hour on a wide range of ports. Is this normal for an always-on internet connection?
 

·
Premium Member
Joined
·
5,247 Posts
It is a P2P networking application.

From the developer's site:

" ... With the launch of Speed Download 2, we introduced the ability to bookmark the URLs of your favorite downloaded files and share them with other Speed Download 2 users. Speed Download 2 is the ONLY download manager that gives you the power to create users and passwords in order to access shared URL favorites on your machine.

Starting with version 2.1 we are taking this innovation one step further and allowing FILE TRANSFERS between Speed Download 2 machines. Speed Download 2 now allows you to not only view shared URL favorites on another machine but, to also transfer downloaded files from that machine onto yours!

Connect to any Mac running Speed Download 2 remotely across the internet or via Rendezvous on your local network, to view its shared URL favorites and transfer downloaded files onto your machine. ..."

Again, that in itself means nothing. To many that's a great feature; to me it's a security risk until I know more about it.

I'm going to go with the "wait and see" approach, personally.
 

·
Registered
Joined
·
802 Posts
Discussion Starter · #16 ·
gordguide - that's interesting. Thanks for the info. I'm learning that I should do more research instead of assuming thingsabout software.
 

·
Premium Member
Joined
·
5,247 Posts
" ... usually about 50 attempts/hour on a wide range of ports. Is this normal for an always-on internet connection? ..."

Yes, it's normal. That's not to say it's good.

You are being scanned for Windows services on ports 135-139 (and a couple of others). It could be accidental, the work of kids, or a precursor to a serious attempt to break in to your Machine.

Not really an issue for Macs; assuming the worst they are trying to collect information about a Windows machine (1) or trying to find shared folders or directories on a Windows machine (2). The next step after finding the open directory is to install Back Orifice on the Windows shared volume, typically.

If there are Windows machines on your network it's critical that you block UDP and TCP access to these ports (in particular port 137).

Anyone who bothers to set up a logging of the attempts from the internet to break into computers will be shocked; I sometimes get upwards of 600 scan attempts a day.

My current SNORT log shows 1 alert every 78 seconds, although most of these are very normal network behaviors, a very few are Windows UPnP scans (16 today), which I have been unable to completely block for some reason.

I currently have a Win98 machine on the LAN, and for a long while I couldn't figure out why I couldn't stop it from scanning the LAN for UPnP. Now I know they come from the internet at large. Again, not a problem for Macs, but a service that is best turned off in Windows.

The Linksys router has had some buggy firmware that doesn't properly deal with UPnP, and that's probably it. Since it's not a big deal (the Windows box is configured safe for these scans) and firmware upgrades can cause new problems, I'm just living with it for now.

Just one example of the stuff that's out there and how common scans are every day.

[ February 19, 2004, 02:17 AM: Message edited by: gordguide ]
 

·
Premium Member
Joined
·
3,742 Posts
Very interesting Gorguide,

Does this mean that it would be a mistake placing my Pb in the DMZ? I am having serious difficulties making iChatAV work on my router and the interface makes it difficult to follow Apple's instructions regarding port opening, etc.

Thanks
 

·
Premium Member
Joined
·
5,247 Posts
I can't really address how "safe" it would be except to say that there are legitimate reasons to open some ports (eg Port 80 must be open or there's no WWW for you) and that you should close any port you don't actually use or need.

Your Mac's firewall will offer some protection; opening up the DMZ on your router will affect others behind the router so consider that first.

However, there's no point in getting crazy about it. After all, opening up some ports on your router is not much different than no router at all, and your PB isn't exactly bombarded with evil under that condition.

Take some reasonable precautions, and then forget about it and go on with your life unless you hear someone alert you to a problem that affects you.

The whole port thing is confusing at best, it doesn't help that there are thousands of them on every computer. Do some googling and see what you can come up with.

I find it helpful to search for more than one OS because it helps explain behaviour that might seem puzzling if you don't, and you get buried under irrelevant Windows info if you don't do at least one search for OSX or Mac or UNIX for example.

So, perhaps do some searches ("port 137" used here as example) under all of:
port 137 windows
port 137 mac
port 127 security

or in your case try:
iChat ports used osx

Ideally you discover which ports it uses, open them and lock down the rest (except the ones you need now, iChat or no iChat).

... etc.

[ February 19, 2004, 07:25 PM: Message edited by: gordguide ]
 
1 - 20 of 20 Posts
Top