[Win2k] Stopping sw from phoning home

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Note: I do not want to use a sw firewall to do this.

How do I prevent Musicmatch Juke from phoning home? There must be a way
to stop the software from phoning home in MS Security settings
somewhere. I'm just not sure where. IPSEC maybe? Please advise.

I've got a DI-604 router but there doesn't seem to be a way to prevent
the sw in question from venturing out on the Net w/o permission in those
settings.

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Check all the options on it for configuration to see if you can disable it
from doing so. If that will not work you would need to find what IP
addresses and port/protocols it is using. You could use a packet sniffer,
check your routers logs, use netstat -an while it is actively accessing the
internet, or a tool such as port reporter as shown in the link below. Once
you know that information you could configure an ipsec filtering policy or
your router to stop access. It may be difficult if it uses port 80 TCP since
that is used for your internet access unless it uses the same IP address all
the time in which case you could block access to the specific IP addresses
it uses. A software firewall such as Zone Alarm could easily stop such
activity but you seem to be against using such. If you can track down the
executable that is used for automatic internet access with something like
port reporter you could try to delete the file [save a copy] or change
permissions on the file so that user and system have full control deny
permissions. --- Steve

http://www.microsoft.com/downloads/details.aspx?FamilyID=69ba779b-bae9-4243-b9d6-63e62b4bcd2e&displaylang=en

"ignisfatuus" <ignisfatuus3267nospam@cox.com> wrote in message
news:cyFUe.76750$Ji4.10382@fed1read03...
> Note: I do not want to use a sw firewall to do this.
>
> How do I prevent Musicmatch Juke from phoning home? There must be a way
> to stop the software from phoning home in MS Security settings somewhere.
> I'm just not sure where. IPSEC maybe? Please advise.
>
> I've got a DI-604 router but there doesn't seem to be a way to prevent the
> sw in question from venturing out on the Net w/o permission in those
> settings.

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Mr. Umbach:

The good news is that the sw in question uses 2 very specific IP
addresses and ports each time it phones home. The bad news is that the
source port is 80. I'm going to mess with IPSEC and see if I can create
a policy to block this annoying behavior. I've never done it before but
am about to learn. I'm starting here.

http://support.microsoft.com/kb/813878#XSLTH4153121121120121120120

Any further advise would be appreciated. Thx.



Steven L Umbach wrote:
> Check all the options on it for configuration to see if you can disable it
> from doing so. If that will not work you would need to find what IP
> addresses and port/protocols it is using. You could use a packet sniffer,
> check your routers logs, use netstat -an while it is actively accessing the
> internet, or a tool such as port reporter as shown in the link below. Once
> you know that information you could configure an ipsec filtering policy or
> your router to stop access. It may be difficult if it uses port 80 TCP since
> that is used for your internet access unless it uses the same IP address all
> the time in which case you could block access to the specific IP addresses
> it uses. A software firewall such as Zone Alarm could easily stop such
> activity but you seem to be against using such. If you can track down the
> executable that is used for automatic internet access with something like
> port reporter you could try to delete the file [save a copy] or change
> permissions on the file so that user and system have full control deny
> permissions. --- Steve
>
> http://www.microsoft.com/downloads/details.aspx?FamilyID=69ba779b-bae9-4243-b9d6-63e62b4bcd2e&displaylang=en
>
> "ignisfatuus" <ignisfatuus3267nospam@cox.com> wrote in message
> news:cyFUe.76750$Ji4.10382@fed1read03...
>
>>Note: I do not want to use a sw firewall to do this.
>>
>>How do I prevent Musicmatch Juke from phoning home? There must be a way
>>to stop the software from phoning home in MS Security settings somewhere.
>>I'm just not sure where. IPSEC maybe? Please advise.
>>
>>I've got a DI-604 router but there doesn't seem to be a way to prevent the
>>sw in question from venturing out on the Net w/o permission in those
>>settings.
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Steven L Umbach wrote:
> Check all the options on it for configuration to see if you can disable it
> from doing so. If that will not work you would need to find what IP
> addresses and port/protocols it is using. You could use a packet sniffer,
> check your routers logs, use netstat -an while it is actively accessing the
> internet, or a tool such as port reporter as shown in the link below. Once
> you know that information you could configure an ipsec filtering policy or
> your router to stop access. It may be difficult if it uses port 80 TCP since
> that is used for your internet access unless it uses the same IP address all
> the time in which case you could block access to the specific IP addresses
> it uses. A software firewall such as Zone Alarm could easily stop such
> activity but you seem to be against using such. If you can track down the
> executable that is used for automatic internet access with something like
> port reporter you could try to delete the file [save a copy] or change
> permissions on the file so that user and system have full control deny
> permissions. --- Steve
>
> http://www.microsoft.com/downloads/details.aspx?FamilyID=69ba779b-bae9-4243-b9d6-63e62b4bcd2e&displaylang=en
>
> "ignisfatuus" <ignisfatuus3267nospam@cox.com> wrote in message
> news:cyFUe.76750$Ji4.10382@fed1read03...
>
>>Note: I do not want to use a sw firewall to do this.
>>
>>How do I prevent Musicmatch Juke from phoning home? There must be a way
>>to stop the software from phoning home in MS Security settings somewhere.
>>I'm just not sure where. IPSEC maybe? Please advise.
>>
>>I've got a DI-604 router but there doesn't seem to be a way to prevent the
>>sw in question from venturing out on the Net w/o permission in those
>>settings.
>
>
>


Or just don't use this kind of software. Why use software that
misbehaves? Just because it's made by MS doesn't mean it's good for you.
MS software is made to benefit MS, not you. Be suspicious of _anything_
made by MS, and find a substitute ASAP.

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

You can use an ipsec filttering policy that contains a rule that has a
filter list with those IP addresses and a block filter action. The link
below may also be of help in that it shows the basics of an ipsec filtering
policy. --- Steve

http://www.securityfocus.com/infocus/1559

"ignisfatuus" <ignisfatuus3267nospam@cox.com> wrote in message
news:ndKUe.76780$Ji4.64527@fed1read03...
> Mr. Umbach:
>
> The good news is that the sw in question uses 2 very specific IP addresses
> and ports each time it phones home. The bad news is that the source port
> is 80. I'm going to mess with IPSEC and see if I can create a policy to
> block this annoying behavior. I've never done it before but am about to
> learn. I'm starting here.
>
> http://support.microsoft.com/kb/813878#XSLTH4153121121120121120120
>
> Any further advise would be appreciated. Thx.
>
>
>
> Steven L Umbach wrote:
>> Check all the options on it for configuration to see if you can disable
>> it from doing so. If that will not work you would need to find what IP
>> addresses and port/protocols it is using. You could use a packet sniffer,
>> check your routers logs, use netstat -an while it is actively accessing
>> the internet, or a tool such as port reporter as shown in the link below.
>> Once you know that information you could configure an ipsec filtering
>> policy or your router to stop access. It may be difficult if it uses port
>> 80 TCP since that is used for your internet access unless it uses the
>> same IP address all the time in which case you could block access to the
>> specific IP addresses it uses. A software firewall such as Zone Alarm
>> could easily stop such activity but you seem to be against using such. If
>> you can track down the executable that is used for automatic internet
>> access with something like port reporter you could try to delete the file
>> [save a copy] or change permissions on the file so that user and system
>> have full control deny permissions. --- Steve
>>
>> http://www.microsoft.com/downloads/details.aspx?FamilyID=69ba779b-bae9-4243-b9d6-63e62b4bcd2e&displaylang=en
>>
>> "ignisfatuus" <ignisfatuus3267nospam@cox.com> wrote in message
>> news:cyFUe.76750$Ji4.10382@fed1read03...
>>
>>>Note: I do not want to use a sw firewall to do this.
>>>
>>>How do I prevent Musicmatch Juke from phoning home? There must be a way
>>>to stop the software from phoning home in MS Security settings somewhere.
>>>I'm just not sure where. IPSEC maybe? Please advise.
>>>
>>>I've got a DI-604 router but there doesn't seem to be a way to prevent
>>>the sw in question from venturing out on the Net w/o permission in those
>>>settings.
>>
>>

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

In article <YGJUe.30333$vN.975121@news20.bellglobal.com>, in the
microsoft.public.win2000.security news group, Wolf Kirchmeir
<wolfekir@sympatico.ca> says...

> Or just don't use this kind of software. Why use software that
> misbehaves? Just because it's made by MS doesn't mean it's good for you.
> MS software is made to benefit MS, not you. Be suspicious of _anything_
> made by MS, and find a substitute ASAP.
>

Your anti-Microsoft bias is showing. You might want to adjust your
glasses and re-read the original post. Last time I checked MusicMatch
Jukebox was not a Microsoft product.

--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

In article <ndKUe.76780$Ji4.64527@fed1read03>, in the
microsoft.public.win2000.security news group, ignisfatuus
<ignisfatuus3267nospam@cox.com> says...

>
> Any further advise would be appreciated. Thx.
>

Have you actually looked at the options in MusicMatch to see if you can
prevent it from communicating that way? Also, do you have any idea what
the software is actually doing when, as you say, it is "calling home"?
Have you actually checked their privacy policy? Chances are that you've
simply got the check for updates feature turned on.

--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Actually, Mr. Adare, one of my day jobs in a former life was to "break"
software so I know from whence I speak when I express that there is *no
way* to disable the phoning home feature without rewriting the code
and/or creating an IPSec policy, configging the router if possible.

Whatever the sw is transmitting is irrelevant to me. I don't care
*what* it's doing. I just *don't* want it making contact with the
mothership period. There isn't a need for it. Previously the same sw
was installed on a box that had a sw firewall like Sygate and the fact
that it couldn't phone home in no way impeded the usage. My box, my
rules. Nothing phones home without my specific permission.




Paul Adare wrote:
> In article <ndKUe.76780$Ji4.64527@fed1read03>, in the
> microsoft.public.win2000.security news group, ignisfatuus
> <ignisfatuus3267nospam@cox.com> says...
>
>
>>Any further advise would be appreciated. Thx.
>>
>
>
> Have you actually looked at the options in MusicMatch to see if you can
> prevent it from communicating that way? Also, do you have any idea what
> the software is actually doing when, as you say, it is "calling home"?
> Have you actually checked their privacy policy? Chances are that you've
> simply got the check for updates feature turned on.
>

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Paul Adare wrote:
> In article <YGJUe.30333$vN.975121@news20.bellglobal.com>, in the
> microsoft.public.win2000.security news group, Wolf Kirchmeir
> <wolfekir@sympatico.ca> says...
>
>
>>Or just don't use this kind of software. Why use software that
>>misbehaves? Just because it's made by MS doesn't mean it's good for you.
>>MS software is made to benefit MS, not you. Be suspicious of _anything_
>>made by MS, and find a substitute ASAP.
>>
>
>
> Your anti-Microsoft bias is showing. You might want to adjust your
> glasses and re-read the original post. Last time I checked MusicMatch
> Jukebox was not a Microsoft product.
>

Sorry, the OP wording seemed to me to imply it was an MS product. My
error, it seems.

Regardless, I do _not_ like programs that "phone home" without good
reason, I don't care who makes them. MS seems to build this into much of
their product as a matter of course. I don't mind Automatic Updater
"phoning home" to check for security patches etc, but that's a necessary
part of that particular service. In most other software I have that
checks for updates, I've turned off that feature, and initiate the check
myself. I'm rather paranoid...

Do I have a bias against MS? No more than against any company that tries
to manipulate the market. I'm a radical free marketeer in economic
philosophy, and MS does not play by free market rules. I think the
government's role is ensure the market is as free as possible, which
paradoxically means enforcing the rules of the free market, as in
anti-trust legislation, etc. It just hasn't gone far enough, and under
recent administrations, the US's free market regulation, which was IMO
the best in the world, has been pretty thoroughly gutted, and/or the
Justice Department has been muzzled. Pity. The EU appears to have
overtaken the USA in enforcement of free market principles.

But that's just one side of the free market equation. A free market also
requires knowledgable customers, and that takes work. IMO, very few
people have grasped that the customer also has a responsibility to keep
the market free, by learning as much as possible about the products
(s)he is contemplating buying. I've seen ads that extol and encourage
the customer's _ignorance_ - you know, the ones that tell the
prospective buyer that they don't need to know all that geeky stuff,
just know of what's cool, and they won't go wrong. Good grief!

But enough of ranting.

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

In article <8d2Ve.323$6Z1.100952@news20.bellglobal.com>,
wolfekir@sympatico.ca says...
> Paul Adare wrote:
> > In article <YGJUe.30333$vN.975121@news20.bellglobal.com>, in the
> > microsoft.public.win2000.security news group, Wolf Kirchmeir
> > <wolfekir@sympatico.ca> says...
> >
> >
> >>Or just don't use this kind of software. Why use software that
> >>misbehaves? Just because it's made by MS doesn't mean it's good for you.
> >>MS software is made to benefit MS, not you. Be suspicious of _anything_
> >>made by MS, and find a substitute ASAP.
> >>
> >
> >
> > Your anti-Microsoft bias is showing. You might want to adjust your
> > glasses and re-read the original post. Last time I checked MusicMatch
> > Jukebox was not a Microsoft product.
> >
>
> Sorry, the OP wording seemed to me to imply it was an MS product. My
> error, it seems.
>
> Regardless, I do _not_ like programs that "phone home" without good
> reason, I don't care who makes them. MS seems to build this into much of
> their product as a matter of course. I don't mind Automatic Updater
> "phoning home" to check for security patches etc, but that's a necessary
> part of that particular service. In most other software I have that
> checks for updates, I've turned off that feature, and initiate the check
> myself. I'm rather paranoid...
>
> Do I have a bias against MS? No more than against any company that tries
> to manipulate the market. I'm a radical free marketeer in economic
> philosophy, and MS does not play by free market rules. I think the
> government's role is ensure the market is as free as possible, which
> paradoxically means enforcing the rules of the free market, as in
> anti-trust legislation, etc. It just hasn't gone far enough, and under
> recent administrations, the US's free market regulation, which was IMO
> the best in the world, has been pretty thoroughly gutted, and/or the
> Justice Department has been muzzled. Pity. The EU appears to have
> overtaken the USA in enforcement of free market principles.
>
> But that's just one side of the free market equation. A free market also
> requires knowledgable customers, and that takes work. IMO, very few
> people have grasped that the customer also has a responsibility to keep
> the market free, by learning as much as possible about the products
> (s)he is contemplating buying. I've seen ads that extol and encourage
> the customer's _ignorance_ - you know, the ones that tell the
> prospective buyer that they don't need to know all that geeky stuff,
> just know of what's cool, and they won't go wrong. Good grief!
>
> But enough of ranting.
Yeah enough ranting. it is not a Microsoft product. deal with it or
take it to the vendor. Your ranting against MS for another vendor's
product appears as really childish...

Brian

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

ignisfatuus,

Can you just make an entry in your local hosts file? I do this all the time
to prevent malware from reinfecting my daughter's computer.

df

"ignisfatuus" <ignisfatuus3267nospam@cox.com> wrote in message
news:xV0Ve.77565$Ji4.28781@fed1read03...
> Actually, Mr. Adare, one of my day jobs in a former life was to "break"
> software so I know from whence I speak when I express that there is *no
> way* to disable the phoning home feature without rewriting the code and/or
> creating an IPSec policy, configging the router if possible.
>
> Whatever the sw is transmitting is irrelevant to me. I don't care *what*
> it's doing. I just *don't* want it making contact with the mothership
> period. There isn't a need for it. Previously the same sw was installed
> on a box that had a sw firewall like Sygate and the fact that it couldn't
> phone home in no way impeded the usage. My box, my rules. Nothing phones
> home without my specific permission.

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

That's actually a really good idea. e.g. 127.0.0.1
musicmatch's.servername.com

A software firewall would be the ideal way to stop this. This functionality
is really not built into Windows 2000. Windows 2000 TCP/IP filtering
techniques like IPSec can block access only per port, not per application.
So if the application uses a common port like TCP 80 that is used by other
applications, then the only options I can think of are an entry in the hosts
file for the host names the software tries to contact, a third party
software firewall, or using a proxy server that only lets requests from your
web browser or from authenticated users out to the Internet.


"David Frankenbach" <sendnospam@nospam.com> wrote in message
news:eLo04buuFHA.4040@TK2MSFTNGP10.phx.gbl...
> ignisfatuus,
>
> Can you just make an entry in your local hosts file? I do this all the
time
> to prevent malware from reinfecting my daughter's computer.
>
> df
>
> "ignisfatuus" <ignisfatuus3267nospam@cox.com> wrote in message
> news:xV0Ve.77565$Ji4.28781@fed1read03...
> > Actually, Mr. Adare, one of my day jobs in a former life was to "break"
> > software so I know from whence I speak when I express that there is *no
> > way* to disable the phoning home feature without rewriting the code
and/or
> > creating an IPSec policy, configging the router if possible.
> >
> > Whatever the sw is transmitting is irrelevant to me. I don't care
*what*
> > it's doing. I just *don't* want it making contact with the mothership
> > period. There isn't a need for it. Previously the same sw was
installed
> > on a box that had a sw firewall like Sygate and the fact that it
couldn't
> > phone home in no way impeded the usage. My box, my rules. Nothing
phones
> > home without my specific permission.
>
>