Mac firewall issues w. cs3/ftp

I'm running DW CS3 in a new Mac.
I have the native Mac firewall going, plus "Little Snitch", firewall app.
Everytime I start DW (and only on the 1st FTP attempt), I get this system message (likely from the Mac firewall - not a Little Snitch type window) ...
In the Mac Firewall, the allow rult for DW is there; I tried nuking the rule and give it permission once more, but this annoying box still comes back.
any thoughts on this?
thanks,
Gary

I'm also running into the same issue. I have a public domain name, and have run Windows FTP servers for about 5 years without any problems. My ISP doesn't provide reverse DNS. So Because I own the Domain name mycompany.com that points to my public IP 24..*. , if you do DNS lookup from anywhere in the world for my domain name you will get my public IP but if you do a reverse lookup for my IP you will get random123.dyn.optonline.net. When ever a client tries to connect to the FTP it takes a very long time about 60 seconds to even get the authentication. If the Users are able to authenticate its so slow it's not even usable. What is strange is that AFP over the internet works perfect, I guess it doesn't rely on reverse DNS. I also tried to add the dyn.optonline.net zone to the internal DNS server but still didn't help.
ANYONE have any suggestions??

Similar Messages

  • CS3 FTP will not connect!

    I am quite furious with Adobe. I paid the $450 to upgrade
    from 8 to the Creative Suite 3 Web Standard package and installed
    it last night. The main reason for the purchase was for Dreamweaver
    CS3. I manage about 10 sites for clients and wanted to upgrade from
    Studio 8 to CS3.
    The installation went smoothly, no glitches... I fired up
    Dreamweaver and began trying to connect to all of my sites.
    Dreamweaver could only connect to three of my 10 sites. All other
    sites gave me the standard login in inocorrect or wrong password
    notice.
    I then checked to make sure the firewall settings were
    correct and the timeout set at something greater than 2 seconds. No
    luck.. the program still will not connect to my sites.
    I do a search on Google and discover that this appears to be
    a well known issue with Dreamweaver CS3 but I can't find any real
    answers as to how to fix the problem. One would think that Adobe
    would address this on their own site but I can't seem to find a fix
    there either.
    I am using Windows XP Pro with Service Pack 3 installed. My
    old version of Dreameweaver (8) still functions and can connect to
    all sites.
    I find this absolutly maddening that such a well known issue
    has not been corrected by Adobe. They have posted nothing about a
    fix or workaround. They continue to sell a product that obviously
    has issues.. one of the most important issues.. being able to FTP
    from the program.. one of the features I have loved about all
    previous versions of Dreamweaver.. now seemingly rendered
    useless... but I still pay a premium to upgrade to a program that
    does not work.
    Mad, you bet! Macromedia did not have these issues.. and just
    try to get tech support to help you at Adobe.. I end up in
    Bangalor, wait forever and then "Mike" puts me on hold afterwhich I
    get disconnected and a dialtone.
    Has anyone been able to solve the FTP probelm with DW CS3? Is
    there documentation somewhere? Is there a webpage that clearly
    outlines what to do to fix this issue? I'm out $450 here and mad as
    hell!

    I finally got CS3 working by removing all the sites currently
    definded from the program then recreating them all over again...
    That's not the way this should work and I still can't believe Adobe
    has not addressed the problem in some manner. I searched and
    searched for info on this issue and found nothing but posts
    regarding firewall issues and 2 second timeouts.. none of which
    would have solved my problem.
    Adobe's switch to outsourced "help" is a further irritant.
    Several times I have called support and ended up being disconnected
    when the support guy could not "fix" the problem.
    I bought a CS3 updgrade for Dreamweaver months ago but it
    would not install because I had the Studio 8 product. I was
    informed that I had to buy the CS3 Suite to upgrade Dreamweaver. So
    I was out the money for the store bought boxed upgrade.. Adobe told
    me to submit a LOD "Letter of Destruction" along with proof of
    purchase and they would refund the money... that was over six
    months ago and I have yet to see a dime. Every time I call about it
    I end up talking to "Mike" in India and the connection gets
    dropped.
    Needless to say I am very dissappointed with Adobe these
    days... on a number of levels.

  • Cannot install any apps from Creative Cloud in corporate environment.  Suspsected Firewall issues.

    Hello all. 
    I subscribed successfully and easily to CC on my home PC (iMac) and downloaded a few apps.  All is fine. 
    I wanted to download those same few apps on a remove machine I use several times a week (Win 7).
    After many many attempts of trying to download CC and getting a generic error message, I learned it could be a firewall issue here at this work/office. I found this in Adobe's forums:
    Many organizations use a hardware firewall and proxy server that can prevent software from accessing an FTP server. A hardware solution applies to all computers within the corporate network. Most home networks do not use hardware firewall or proxy technology. 
    Contact your company's IT department to obtain firewall or proxy information.
    Configure your browser with proxy or firewall information.
    Configure your corporate firewall to by-pass the servers. The following servers are accessed:
    ccmdl.adobe.com:80
    swupmf.adobe.com:80
    swupdl.adobe.com:80
    Having nothing to loose, I put in a request and had these addresses/ports opened up in our firewall.  That seems to partially fix the problem.
    Now the problem is the speed and traffic is so terribly slow with CC that nothing installs with out failing and giving error. For example, I am trying to install PhotoShop CC and it will take a couple of HOURS to even get to 10% and then it fails.  Usually, it doesn't get that far.  CC just gives me the generic message:
    "Installation Failed - Learn More."
    Download error.  Press Retry to try again or contact customer support.(-7).
    Our network admins swear that there is nothing wrong with the ports/firewall and yet all this works fine at my home.  Can anyone offer any suggestions or advice?  My internet connection here is fine.  All other sites load and work fine.  I simply cannot download any of the CC aps here with any reasonable speed.
    Help!
    PS - The URLs and ports ping just fine.

    Hi RedBirdOBX1,
    I'd recommend checking out the two pdf documents in the
    Adobe Creative Cloud Service Access Documentation for IT section on this page:
    http://www.adobe.com/devnet/creativesuite/enterprisedeployment.html
    Adobe Creative Cloud Network Endpoints
    Adobe Creative Cloud Controlling Service Access
    and if you're still struggling this might be another alternative:
    http://prodesigntools.com/adobe-cc-direct-download-links.html
    Hope that helps,
    -Dave

  • Can't scan from Lexmark multifunction printer - firewall issue?

    Hi there!
    I got a Lexmark printer/scanner combo which used to work fine on my arch install. However, its mobo died, so now I'm back at another install which refuses to scan. Scanning is done through the browser via a java applet residing on the printer's webserver. The applet does start (so it's not a java issue), but refuses to receive data from the scanner. Within the printer's web interface, it reads
    If using Windows XP, the Windows XP personal firewall must be disabled before using Scan to PC profiles.
    , so I'm assuming it might be a firewall issue. Lexmark's website provides the following advice:
    The following two command lines will open the port 5353 for incoming and outgoing connections:
    iptables -I INPUT -p udp -m udp --sport 5353 -j ACCEPT
    iptables -I OUTPUT -p udp -m udp --dport 5353 -j ACCEPT
    NOTE: These steps will work on most distributions configured with IPTABLES. There is no common command to make these rules persistent.
    As I don't know anything about IP tables, I've simply copied these commands (as root, obviously). Still, I can't scan.
    So, my questions are:
    1. Has anybody else ever come across an issue like this?
    2. I don't even know for sure, whether this is a firewall issue - What iptabled magic would I need to temporarily disable the firewall to check?
    3. I tried checking my rules by "iptables -L". How can I tell "iptables -L" to specify the ports it is working on (as I did in the commands copied from lexmark's website)?
    Best wishes,
    Rufus

    Hi Bob
    I believe so.  We put the install disc into this mac back when we bought it to set up the printer.  I'm assuming the scanning drivers were there as well since it's a multifunctional printer/scanner/fax wireless printer.
    We've tried it both ways.  If I press the button scan on the printer, it reads can't find computer (or something like that).  When we go thru the HP icon on my computer screen and choose scan to computer, it does nothing.
    We don't scan that often.  So the few times when we ran into this problem, we just did something else (like take a pic from our iPhone and email the pic...kinda stupid but did the trick.
    But I want to have the function of the scanner available.  So that's why I'm here asking...thought others had this issue and had a solution.

  • ITunes sharing - using AirTunes and older Mac (Firewall)

    iTunes lives on my 27" iMac and I would like share the library out to home computers. I plan to have an older iMac G4 publicly accessible so visitors can control the music on the home stereo. I can access iTunes via the iMac G4, I can get to my main library without problem. However, when I try to connect to my Airport Express Air Tunes I get a firewall issue. Specifically, the G4 gives me a message to change my firewall settings. The help information for itunes with Mac OSX Firewall tells me to click sharing ->Firewall ->iTunes Music Sharing ->Advanced -> deselect "Block UDP traffic." I have done this on the G4 firewall and the 27" firewall isn't even turned on. However, I am still not having any luck. Any ideas? FWIW, all software and OS are up to date.
    My wife's MacBook Pro can connect to the AE Air Tunes.
    Message was edited by: K J

    Did you ever solve your problem? I just got a macbook with airport extreme card and then got an airport express mainly to play itunes through a stereo in another room. The macbook does this with no problem. However, I wanted to use an older powerbook G4 (867Mhz) with an airport (not airport extreme) card to run airtunes. The G4 gave me the same incorrect firewall warning even after I've changed the settings. Even with the firewall off, it only plays for a few seconds, then cuts out. I'm running 10.4.11 on the G4 and 10.6.2 on the macbook. I'm beginning to think the airport card just can't handle the bandwidth, even after I narrowed the multicast to to 1mbps.

  • Issues connecting to FTP sites from OS/X Computers

    Hello,
    I have a network that is mixed with Windows and OS/X Lion, Snow Leopard machines. We access external FTP servers to download files that are needed. None of my OS/X machines are able to connect to the FTP servers while all of my Windows machines are able to without a problem. What is even more strange is that if I attemp to connect to the server using a port such as 221 instead of 21, waiting for it to fail, and then connecting on 21, it works.
    Our network is using private ip addresses and the firewall is a Firebox appliance.
    Any ideas?
    Here is a log from terminal ftp:
    ftp> open ediftp.XXXXXXXXX.com
    Connected to ediftp.XXXXXXX.com.
    220 Gene6 FTP Server v3.10.0 (Build 2) ready...
    Name (ediftp.XXXXXXX.com:jim): USERNAME
    421 Service not available, remote server has closed connection.
    ftp: Login failed
    ftp>
    And here is the log from Filezilla that shows a connection when using the invalid port trick:
    Status:          Resolving address of ediftp.xxxxxxx.com
    Status:          Connecting to xxx.xx.xxx.xxx:21...
    Status:          Connection established, waiting for welcome message...
    Response:          220 Gene6 FTP Server v3.10.0 (Build 2) ready...
    Command:          USER xxxxx
    Error:          Could not read from socket: ECONNRESET - Connection reset by peer
    Error:          Could not connect to server
    Status:          Waiting to retry...
    Status:          Resolving address of ediftp.xxxxxxx.com
    Status:          Connecting to xxx.xx.xxx.xxx:221...
    Error:          Connection attempt interrupted by user
    Status:          Delaying connection for 1 second due to previously failed connection attempt...
    Status:          Resolving address of ediftp.xxxxxxx.com
    Status:          Connecting to xxx.xx.xxx.xxx:21...
    Status:          Connection established, waiting for welcome message...
    Response:          220 Gene6 FTP Server v3.10.0 (Build 2) ready...
    Command:          USER xxxxxx
    Response:          331 Password required for xxxxxx.
    Command:          PASS **********
    Response:          230 User xxxxxxx logged in.
    Command:          SYST
    Response:          215 UNIX Type: L8
    Command:          FEAT
    Response:          211-Extensions supported:
    Response:           AUTH TLS
    Response:           CCC
    Response:           CLNT
    Response:           CPSV
    Response:           EPRT
    Response:           EPSV
    Response:           MDTM
    Response:           MFCT
    Response:           MFMT
    Response:           MLST type*;size*;create;modify*;
    Response:           MODE Z
    Response:           PASV
    Response:           PBSZ
    Response:           PROT
    Response:           REST STREAM
    Response:           SIZE
    Response:           SSCN
    Response:           TVFS
    Response:           UTF8
    Response:           XCRC "filename" SP EP
    Response:           XMD5 "filename" SP EP
    Response:           XSHA1 "filename" SP EP
    Response:          211 End.
    Command:          CLNT FileZilla
    Response:          200 Noted.
    Command:          OPTS UTF8 ON
    Response:          200 UTF8 OPTS ON
    Status:          Connected
    Status:          Retrieving directory listing...
    Command:          PWD
    Response:          257 "/" is current directory.
    Command:          TYPE I
    Response:          200 Type set to I.
    Command:          PASV
    Response:          227 Entering Passive Mode (173,56,68,239,115,193)
    Command:          MLSD
    Response:          150 Data connection accepted from xx.xx.xxx.xxx:37545; transfer starting.
    Response:          226 Transfer ok.
    Status:          Directory listing successful
    Jim

    this is most likely a local firewall issue on the the Vista computer combined with your NAT not doing hairpinning.  please see Matthew Kaufman's detailed treatment of the NAT/firewall issue at
       http://forums.adobe.com/message/1064983#1064983

  • Gradient banding issues in CS3

    CS3 has a gradient banding problem that no-one seems to be openly acknowledging or addressing.
    If i make a graduated background in either Illustrator or Photoshop there is obvious banding in the gradient fill.
    I have researched the problem on the net and it seems that many people are experiencing this problem but that there is no known solution or patch form Adobe to fix this. Only useless suggestions about work arounds for this simple exercise. Interestingly several people report never experiencing this problem until they upgraded from CS to CS3. I also fit this category.
    I run a mixed Mac/PC network and CS3 produces fairly large background gradients perfectly in PS on my PC, though not in Il. My macs fail to produce gradients of any useful size without significant banding in both PS and Il.
    I know that many other people have this issue - when is Adode going to publish something useful to address it?

    John,
    Where do you get the idea that Document Raster Effects settings should match a "document resolution" of 5080 or 2540?
    > "300" is way too low ( if you are referring to document resolution, not image resolution )
    Document Raster Effects
    is a raster image resolution setting: it's the resolution of the raster images that are created by Illustrator's raster effect features. Specifying a raster resolution that is 1:1 with an imagesetter's dpi is ridiculous.
    Further, where exactly is it that you "usually" set a "document resolution" in Illustrator CS3? The document resolution setting in earlier versions was simply the flatness setting, and defaulted to "800 dpi" (which is a flatness of 3, assuming a 2400 dpi imaging device). That setting is no longer even present in Illustrator, since (as I recall) AI 10. Flatness had nothing to do with grad fills; it affects curve accuracy.
    You guys are talking about a problem with banding--the OP implying that he has been investigating the problem for some time--responders even offering suggestions to "fix" it. Yet no one in this thread has yet stated any of the
    specifics that are necessary to even talk about banding:
    Where
    is the problematic banding occurring? Paddy Rogers does not even say whether he is talking about banding
    on screen or in
    output.
    Assuming the banding is in printed output, what kind of device is it? If it's an imagesetter, is it using PostScript level 3?
    What are the CMYK color values between stops of the of the page-size grad fill?
    What is the size of the page (distance the grad spans)?
    What is the halftone ruling being used?
    These suggested "fixes" are myths:
    Rasterizing the artwork
    This is nonsense. It doesn't matter if the color values across a uniform grad are from vector commands or actual colors of pixel bands. Raster grads yield banded results just as easily as vector grads do. Banding is a function of the dot size and halftone ruling of a printing device. Rasterizing doesn't magically increase the resolution of a printing device.
    Setting Raster Effects Resolution to a higher value
    This has nothing to do with grad fills in Illustrator. A grad fill is not a raster effect.
    Transparency Flattener Settings
    Again, has nothing to do with banding in grad fills. A low setting may result in pixelation, not banding.
    Antialiasing
    Has nothing to do with banding in graduated fills.
    Paddy, you claim that you are experiencing increased banding in both Photoshop CS3 and Illustrator CS3, as compared to the CS versions of those apps. Have you actually compared the
    same files being sent to the
    same printing device? If so, provide the specifics of a page-size grad that reliably produces the problematic banding. Be sure to state exactly what device you are printing to.
    JET

  • Unsolvable OS X firewall issues

    Since switching from TWC to Verizon High Speed Internet, I've been unable to download Netflix, play Yahoo Backgammon, send email via Network Solutions server, send or receive email from mobile me account, and connect to a JSTOR server for downloading articles on my iMac, OS X 10.6.6. I suspect that it's a firewall issue, but haven't been able to confirm that with Verizon customer service.
    The first time I called about the email, after verifying that we had an internet connection, Verizon said that it must be Network Solutions. I called Network Solutions and found that everything was in order there. I phoned Apple, and found that everthing was in order on my machine and software. Navigating the Automated Call Distrbution and hold times at each of these places took about 3 hours, which included about 40 minutes of trouble shooting - most of it by Apple. I had to go to work.
    On my next day off I called verizon and asked to have my call escalated to a higher tier mac support technician, but they said that they didn't have higher tier technicians. We went through a laborious troubleshooting process, and the tech couldn't find the problem within 50 minutes, and I had to leave for an appointment. I couldn't call back that week. Verizon phoned a day or two later and left a message on my answering machine that invited me to call a toll free number if my issue had not been resolved. I called before leaving for work a few days later, got through to a Verizon mac OS tech, and went through the same laborious trouble shooting process to no avail. I asked to be transferred to a higher level tech, and the tech just put me back in the hold queue. The new service tech wanted to go through the same protocals that I had already been through, which I found unacceptable. As this was my forth attempt to correct this problem, I asked him to read the notes from previous service techs. The only note he could find said "Unable to connect to the internet."
    I believe I'm beyond my 30 day trial, but I desperately want out of my contract with Verizon. Does anyone have any suggestions?

    Log into the modem using the following Usernames/Passwords at http://192.168.1.1/
    admin/password
    admin/password1
    admin/admin
    admin/admin1
    Yout Verizon Username and Password
    Set the Firewall to Disabled and see if your applications begin working. The Wireless key can be gotten from the Wireles Settings section.
    ========
    The first to bring me 1Gbps Fiber for $30/m wins!

  • How Do I Correct A Media Player Issue In CS3?

    I am using Dreamweaver CS3 with Mac OS 10. 9.5.  When I insert an .mp3 file to my web page with a media plug in and attempt to preview it in Safari, I don't see a player control strip.  Also, when I'm in the Dreamweaver working environment, and I attempt to play the .mp3 file via the plug in properties palette, Dreamweaver crashes and I get an error report screen.  I have not encountered any other issues with CS3 in this version of Mac OS. 

    Unless you have an appropriate player and browser plugins installed on your system, embedded media files don't do anything.  If DW is crashing, it may be that your media file is way too big.
    Going forward, the contemporary approach is to use HTML5 <audio> which is supported by all modern browsers including mobile & tablet devices.  As an example, copy and paste this code into a new, blank document and preview in browsers.
    <!doctype html>
    <html>
    <head>
    <meta charset="utf-8">
    <title>HTML5 Audio Demo</title>
    <!--[if lt IE 9]><script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script><![endif]-->
    <style>
    header {
        width: 500px;
        margin: 0 auto;
        text-align: center
    audio { color: red }
    figure {
        margin: 20px auto;
        padding: 20px;
        width: 500px;
        text-align: center;
        border: 1px #ccc dashed;
        clear: both;
    figcaption {
        display: block;
        clear: both;
        text-align: center;
        font-style: italic;
        padding-top: 15px;
    dl {
        text-align: left;
        margin-left: 40%
    dt {
        clear: both;
        float: left;
        width: 4.5em;
        font-weight: bold;
        line-height: 150%
    dd {line-height:150%; color:maroon}
    </style>
    </head>
    <body>
    <header> <h1>HTML5 Audio Demo</h1>
    <p><a href="http://www.w3schools.com/html/html5_audio.asp">HTML5 Audio Tutorial</a></p>
    </header>
    <figure>
    <audio preload="auto" controls >
    <!--replace demo audio files with your own-->
    <source src="http://alt-web.com/Media/Fake-Empire.ogg" type="audio/ogg">
    <source src="http://alt-web.com/Media/Fake-Empire.mp3" type="audio/mp3">
    Looks like your browser is outdated and doesn't support the audio element.
    Please upgrade to a modern browser that does. </audio>
    <figcaption>HTML5 Audio using OGG &amp; MP3 files. <br>
    Works in all current browsers &amp; mobile devices.<br>
    </figcaption>
    </figure>
    <dl>
    <dt>Title:</dt>
    <dd>Fake Empire</dd>
    <dt>Year:</dt>
    <dd>2007</dd>
    <dt>Artist:</dt>
    <dd>The National</dd>
    <dt>Album:</dt>
    <dd>Boxer</dd>
    </dl>
    </body>
    </html>
    Nancy O.

  • Should I turn of Mac firewall to allow Cyber Security firewall to work without interference ?

    Recently purchased Cyber Security Pro and that company said I need to turn off Mac firewall so it won't interfere with their firewall. Is that the right decision ?

    1. This is a comment on what you should—and should not—do to protect yourself from malicious software ("malware") that circulates on the Internet and gets onto a computer as an unintended consequence of the user's actions. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the computer, or who has been able to log in to it remotely. That threat is in a different category, and there's no easy way to defend against it.
    The comment is long because the issue is complex. The key points are in sections 5, 6, and 10.
    OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
    2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user. Internally Apple calls it "XProtect."
    The malware recognition database used by XProtect is automatically updated; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
    The following caveats apply to XProtect:
    ☞ It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
    ☞ It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
    As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.
    3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
    Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
    ☞ It can easily be disabled or overridden by the user.
    ☞ A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
    ☞ An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
    Apple has so far failed to revoke the codesigning certificates of some known abusers, thereby diluting the value of Gatekeeper and the Developer ID program. These failures don't involve App Store products, however.
    For the reasons given, App Store products, and—to a lesser extent—other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. Sandbox security is based on user input. Never click through any request for authorization without thinking.
    4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
    5. The built-in security features of OS X reduce the risk of malware attack, but they are not, and never will be, complete protection. Malware is a problem of human behavior, and a technological fix is not going to solve it. Trusting software to protect you will only make you more vulnerable.
    The best defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "Trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the scam artists. If you're smarter than they think you are, you'll win. That means, in practice, that you always stay within a safe harbor of computing practices. How do you know when you're leaving the safe harbor? Below are some warning signs of danger.
    Software from an untrustworthy source
    ☞ Software of any kind is distributed via BitTorrent, or Usenet, or on a website that also distributes pirated music or movies.
    ☞ Software with a corporate brand, such as Adobe Flash Player, doesn't come directly from the developer’s website. Do not trust an alert from any website to update Flash, or your browser, or any other software.
    ☞ Rogue websites such as Softonic and CNET Download distribute free applications that have been packaged in a superfluous "installer."
    ☞ The software is advertised by means of spam or intrusive web ads. Any ad, on any site, that includes a direct link to a download should be ignored.
    Software that is plainly illegal or does something illegal
    ☞ High-priced commercial software such as Photoshop is "cracked" or "free."
    ☞ An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission.
    Conditional or unsolicited offers from strangers
    ☞ A telephone caller or a web page tells you that you have a “virus” and offers to help you remove it. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
    ☞ A web site offers free content such as video or music, but to use it you must install a “codec,” “plug-in,” "player," "downloader," "extractor," or “certificate” that comes from that same site, or an unknown one.
    ☞ You win a prize in a contest you never entered.
    ☞ Someone on a message board such as this one is eager to help you, but only if you download an application of his choosing.
    ☞ A "FREE WI-FI !!!" network advertises itself in a public place such as an airport, but is not provided by the management.
    ☞ Anything online that you would expect to pay for is "free."
    Unexpected events
    ☞ A file is downloaded automatically when you visit a web page, with no other action on your part. Delete any such file without opening it.
    ☞ You open what you think is a document and get an alert that it's "an application downloaded from the Internet." Click Cancel and delete the file. Even if you don't get the alert, you should still delete any file that isn't what you expected it to be.
    ☞ An application does something you don't expect, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
    ☞ Software is attached to email that you didn't request, even if it comes (or seems to come) from someone you trust.
    I don't say that leaving the safe harbor just once will necessarily result in disaster, but making a habit of it will weaken your defenses against malware attack. Any of the above scenarios should, at the very least, make you uncomfortable.
    6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
    Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
    Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it—not JavaScript—in your browsers.
    Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
    Stay within the safe harbor, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself.
    7. Never install any commercial "anti-virus" (AV) or "Internet security" products for the Mac, as they are all worse than useless. If you need to be able to detect Windows malware in your files, use one of the free security apps in the Mac App Store—nothing else.
    Why shouldn't you use commercial AV products?
    ☞ To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. This technique is a proven failure, as a major AV software vendor has admitted. Most attacks are "zero-day"—that is, previously unknown. Recognition-based AV does not defend against such attacks, and the enterprise IT industry is coming to the realization that traditional AV software is worthless.
    ☞ Its design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere. In order to meet that nonexistent threat, commercial AV software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
    ☞ By modifying the operating system, the software may also create weaknesses that could be exploited by malware attackers.
    ☞ Most importantly, a false sense of security is dangerous.
    8. An AV product from the App Store, such as "ClamXav," has the same drawback as the commercial suites of being always out of date, but it does not inject low-level code into the operating system. That doesn't mean it's entirely harmless. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
    An AV app is not needed, and cannot be relied upon, for protection against OS X malware. It's useful, if at all, only for detecting Windows malware, and even for that use it's not really effective, because new Windows malware is emerging much faster than OS X malware.
    Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else. A malicious attachment in email is usually easy to recognize by the name alone. An actual example:
    London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe
    You don't need software to tell you that's a Windows trojan. Software may be able to tell you which trojan it is, but who cares? In practice, there's no reason to use recognition software unless an organizational policy requires it. Windows malware is so widespread that you should assume it's in everyemail attachment until proven otherwise. Nevertheless, ClamXav or a similar product from the App Store may serve a purpose if it satisfies an ill-informed network administrator who says you must run some kind of AV application. It's free and it won't handicap the system.
    The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have all the disadvantages mentioned in section 7.
    9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
    10. As a Mac user, you don't have to live in fear that your computer may be infected every time you install software, read email, or visit a web page. But neither can you assume that you will always be safe from exploitation, no matter what you do. Navigating the Internet is like walking the streets of a big city. It's as safe or as dangerous as you choose to make it. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices.

  • Windows Firewall issue, Inbound rule opend all, still not the same as turning off

    This is Windows Firewall issue on Windows 8.1 Pro. 
    Backup Exec server cannot expand a computer node in selection list. I drill down to Microsoft Windows Network/Domain/Computers, then when I tried to expand a Windows 8.1 Pro computer node, it hangs out. 
    I narrowed this problem to Windows firewall related issue on Windows 8.1 Pro computer. 
    When I turn off Windows Firewall on Domain profile, Backup Exec Selection expands the computer node of the Windows 8.1 Pro computer. So, I created an inbound rule opening all to BAckup Exec server as following, but it's still not the same as turning off
    Windows firewall specifically on Windows 8.1 Pro computer;
    Any Local IP address, Any Remote IP address, Any port, Any protocol, All Interface, All Programs and Services, All profiles(Domain, Private, Public)
    And there are no rules blocking any which may override the above rule. 
    Ethernet on Windows 8.1 Pro computer shows profile is linked with Domain, but just to make it work, I selected all profiles.
    Even though I opened all available in inbound rule, it's still not the same as turning off windows firewall. Why am I missing? 

    It looks as something related to RPC(UDP 135), but even when inbound rule is all open, why it matters? RPC seems working fine only when firewall is turned off on domain profile. 
    Protocol 17 is UDP
    Port: 135
    ===============================
    Event ID 5152
    The Windows Filtering Platform has blocked a packet.
    Application Information:
    Process ID:
    0
    Application Name:
    Network Information:
    Direction:
    Outbound
    Source Address:
    192.168.1.120
    Source Port:
    0
    Destination Address:
    192.168.1.11
    Destination Port:
    0
    Protocol:
    1
    Filter Information:
    Filter Run-Time ID:
    245836
    Layer Name:
    ICMP Error
    Layer Run-Time ID:
    32
    The Windows Filtering Platform has blocked a packet.
    Application Information:
    Process ID:
    0
    Application Name:
    Network Information:
    Direction:
    Inbound
    Source Address:
    192.168.1.11
    Source Port:
    35341
    Destination Address:
    192.168.1.120
    Destination Port:
    135
    Protocol:
    17
    Filter Information:
    Filter Run-Time ID:
    245834
    Layer Name:
    Transport
    Layer Run-Time ID:
    13

  • Mac Enrollment Issue on SCCM 2012 SP1

    Hi Guys,
    I am working on Mac enrollment(10.7) and facing issue during enrollment. Below is the error message when we try to run the enrollment command on Mac :
    “Server connection failed. HTTP Response code is 500 and reason is Internal Server Error"
    Below are Log info:
    Enrollsrv.log : No error message is highlighted.
    Enrollweb.log:
    No error message is highlighted.
    Enrollservice.log:
    [7, PID:7304][10/28/2013 16:40:03] :ConfigManager: ChainStatus error: RevocationStatusUnknown,The revocation function was unable to check revocation for the certificate.
    ;OfflineRevocation,The revocation function was unable to check revocation because the revocation server was offline.
       at Microsoft.ConfigurationManagement.Enrollment.ConfigManager.SplitCACertChain(String base64cert)
       at Microsoft.ConfigurationManagement.Enrollment.ConfigManager.setCAChain(EnrollmentServiceProfile profile, WindowsIdentity requester)
       at Microsoft.ConfigurationManagement.Enrollment.ConfigManager.RefreshCache(Int32 enrollmentProfileId, EnrollmentRecordType type, String template, WindowsIdentity requester)
       at Microsoft.ConfigurationManagement.Enrollment.RequestHandler.ProcessRequestSecurityToken(RequestSecurityTokenType request, WindowsIdentity caller, ActionEnum action)
       at Microsoft.ConfigurationManagement.Enrollment.RequestHandler.EnrollDevice(Message messageRequest)
       at Microsoft.ConfigurationManagement.Enrollment.DeviceEnrollmentService.RequestSecurityToken(Message messageRequest)
    [7, PID:7304][10/28/2013 16:40:03] :FaultCode is: EnrollmentServer and reason is: EnrollmentServerException InitializeFailed
    [13, PID:7304][10/28/2013 17:11:01] :EnrollmentService application stop ...
    [3, PID:956][10/28/2013 17:45:37] :EnrollmentService application start ...
    [3, PID:956][10/28/2013 18:06:38] :EnrollmentService application stop ...
    [3, PID:4700][10/28/2013 18:45:39] :EnrollmentService application start ...
    [7, PID:4700][10/28/2013 19:06:40] :EnrollmentService application stop ...
    [3, PID:5872][10/28/2013 19:45:42] :EnrollmentService application start ...
    [13, PID:5872][10/28/2013 20:06:42] :EnrollmentService application stop ...
    Can someone shed info on resolution of the above issue?
    Also, is there any means by which we can troubleshoot the Mac enrollment issue step by step? Also what entries needs to be checked in all logs for successful enrollment?

    the following links may give you some hints:
    http://social.technet.microsoft.com/Forums/en-US/48bc7fcc-3d84-4042-abac-67f30d701121/mac-enrollment-issue?forum=configmanagerdeployment
    http://www.windows-noob.com/forums/index.php?/topic/7391-mac-enrollment-issue/

  • Mac System Issue pop up window has disabled Safari.  Please help?

    I clicked on a video on FaceBook & ended up with a pop up that says I have a serious Mac system issue & I need to call this phone number immediately. 
    I can't do anything at all with Safari now.  Has anyone had this issue?  Know how to get rid of it?  I

    Force quit Safari and relaunch it with the Shift key held down. If that doesn’t work, disconnect the computer from the Internet and try again.
    (115087)

  • Weird issues in CS3

    Hi folks
    i have been having some strange issues in CS3 lately (i actually have CS4 as well, but prefer CS3!) -
    1) i used to be able to make a bitmap selection, with the marquee tool, and then select the crop tool - and i would be able to crop according to the selection. I am now not able to do this - as soon as i click the crop tool, the selction is cancelled.
    2) when selecting an object - i dont see the little blue corner marks anymore - i can see that the object os selected, via the layers panel and the properties panel - but on the canvas - the object doesnt appear to be selected.
    Thanks in advance!!

    wow - interesting, i never tried that before, and yes, its there in CS3.
    i'd still like to know if i can have my old functionality back though

  • RMI firewall issue - opening port 1099 is not enough

    Hello,
    We have a distributed java desktop app that uses RMI with callbacks to communicate amongst the clients. It all works really well at our dev site and at 2 trial sites.
    We are about to deploy out to more customer sites - so I have been doing more testing with firewalls etc and discovered some issues. Our customers are small businesses and typically have between 1 and 10 desktop clients that connect to the server via RMI. These customers are "very NOT technical", so we need to give them set-and-forget firewalls etc.
    This is all on a LAN, with RMI using port 1099. On the firewalls (of the various PCs) we open ports 1099 (RMI) and 5432 (for the Postgres DB).
    Also, I was using "CurrPorts" and "SmartSniff" to monitor the traffic at each PC - so I had a reasonable view of proceedings.
    Basically, opening port 1099 on the server is necessary, but it is NOT ENOUGH. The RMI moves off to ports other than 1099, and the server firewall does not allow the connection.
    Procedure ...
    (1) start the "server" app - which starts the RMI registry - the "localhost" desktop app also starts and it works well to both the database and the RMI.
    (2) start another client - it connects to the DB Server, but NOT the RMI server.
    (3) open the server firewall to all traffic for a few seconds - then the client connects successfully.
    From CurrPort logging I could watch the RMI comms progress over those first few minutes ...
    Initially the comms do include port 1099 on the initial call to the server, but there after there are always 2 or 3 "channels" open, but not to 1099.
    I notice that the Postgres DB keeps using port 5432 for all of its active channels - so it does not have the same firewall issue.
    After we have opened the firewall for a few seconds - to enable the link - then we can turn the client on and off and the client re-connects without issue - so it would seem to be only an issue with the initial connection.
    I am sure that this is all completely standard and correct RMI behavior.
    QUESTIONS:
    1. Can RMI be "forced" to always use port 1099 for connections, and not move to other ports? (like the database uses 5432)
    2. Are there any suggestions for getting around this seemingly standard RMI behaviour?
    Other comments ...
    The firewall lets me open individual ports (say 1099) - BUT I can not justify opening ALL ports.
    The firewall lets me open all ports to an application, say "C:\Program Files\Java\jre6\bin\java.exe", but that app will occasionally change at a customer's site as they will update their java version and suddenly our app will stop working.
    Any guidance is appreciated.
    Many Thanks,
    -Damian

    1. Can RMI be "forced" to always use port 1099 for connectionsYes. Export all your servers on the same port. See UnicastRemoteObject constructor that takes an int, or UnicastRemoteObject.exportObject(int). If the RMI Registry is a separate process you can't re-use 1099 for this purpose, but see below.
    2. Are there any suggestions for getting around this seemingly standard RMI behaviour?Yes. Start the RMI Registry in the same JVM as the code, then you only need to use 1099 for everything.
    If you are using server socket factories, make sure they have an equals() method, or use the same instance for all remote objects.

Maybe you are looking for