RMI and Firewall
Dear All
My Problem is
I have an RMI Server on an NT machine, and I have an RMI Client on another machine, I have placed a firewall in between,
RMI Registry on the NT machine is listening at 1099 ( whiah is the default ),
I made my own implementation of the RMISocketFactory, in which I made the createServerSocket, to create sockets at a port of mine, let us say 30000.
now, when setting up the configuration on the firewall to accespt communications over 1099 and 30000, client rquests don't happen successfully,
it terminates, with a connection error,
when using the netstat ustility at the RMI Server side, during the client rquests, there seems to be 1099, 30000, and other randomly dynamically changing potrs used.
I need to know how to fix those ports, in order to configure the Firewall to allow communications to happen over those ports.
Any Help Highly appreciated.
I'm not going through a firewall on my application, but I have noticed that
my RMI server program does bind to a port number between 1300 and 1450.
This port number is different everytime I run the application. Does anyone
know what the purpose of this port is? Is it the server connecting to the
rmiRegistry, or just listening for a client connection or what?
Similar Messages
-
What is the difference between RMI and JAX-RPC?
Dear All
First of all my understanding of RMI and JAX-RPC:
RMI is JAVA only version of RPC. It can't talk to any other language.
JAX-RPC is a part of JWSDP and if you implement your client and server with JAX-RPC, client written in any language can talk with JAX-RPC implementation.
What else makes them different and am I right with my understanding?
Finally, I would like to develop clients which will have a java class, say httpserver.java, which will act like a http server, listens to a http port. Now, Two such client will run in two different PC and I want to call a module from one client to another which should be accessible via my httpserver.java. For that which should be my choice RMI or JAX-RPC? Can I achive it with http get-post method, as I am expecting to read some value of variables from one client to the another.
Say class A has variable a, aa, aaa and clas B has variable b, bb, bbb. Now I want to read the value of b, bb, bbb from class A. How do I do that when class B is listening to a http port with my httpserver.java class.
Lastly, say B is listening to a http port and I want to send a file to B from A. How can I do that? Remember, B didn�t ask for that. How can A send a file to B when B is listening to a http port with my httpserver.java.
With regards
Mohammed Jubaer Arif
Mobile: +61-0411215302
Personal Web: http://www.geocities.com/jubairarifctg/
Org. Web.: http://www.geocities.com/halimschamber/simply put, RMI allows you to (semi) transparently treat remote objects as if they were local, and your distributed application can be written (more or less) like a "normal" java app. Sockets just give you a "raw" connection to work with, and you get to build up your application from that.
I hope that helped
Lee -
Please help: RMI and Swing/AWT issue
Hi guys, I've been having a lot of trouble trying to get a GUI application to work with RMI. I'd appreciate any help. Here's the story:
I wrote a Java application and its GUI using Netbeans. In a nutshell, the application is about performing searches. I am now at the point where I need exterior programs to use my application's search capabilities, thus needing RMI. Such exterior programs are to call methods currently implemented in my application.
I implemented RMI, and got the client --> server communication working. However, the GUI just breaks. It starts outputting exceptions, gets delayed, doesn't update properly, some parts of it stop working.... basically hysterical behavior.
Now take a look at this line within my server class:
Naming.rebind("SearchProgram", mySearchProgram);
If I take it out, RMI obviously does not work... but the application and its GUI work flawlessly. If I put it in, the RMI calls work, but the GUI's above symptoms occur again. Among the symptoms are null pointer exceptions which all look similar, are related to "AWT-EventQueue-0", and keep ocurring. Here's just snippet of the errors outputted:
Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException
at javax.swing.plaf.metal.MetalScrollBarUI.getPreferredSize(MetalScrollBarUI.java:102)
at javax.swing.JComponent.getPreferredSize(JComponent.java:1615)
at javax.swing.JScrollBar.getMinimumSize(JScrollBar.java:704)
at javax.swing.ScrollPaneLayout.minimumLayoutSize(ScrollPaneLayout.java:624)
at java.awt.Container.minimumSize(Container.java:1598)
at java.awt.Container.getMinimumSize(Container.java:1583)
at javax.swing.JComponent.getMinimumSize(JComponent.java:1697)
at java.awt.BorderLayout.minimumLayoutSize(BorderLayout.java:634)
at java.awt.Container.minimumSize(Container.java:1598)
at java.awt.Container.getMinimumSize(Container.java:1583)
at javax.swing.JComponent.getMinimumSize(JComponent.java:1697)
at java.awt.BorderLayout.minimumLayoutSize(BorderLayout.java:634)
at java.awt.Container.minimumSize(Container.java:1598)
at java.awt.Container.getMinimumSize(Container.java:1583)
at javax.swing.JComponent.getMinimumSize(JComponent.java:1697)
at javax.swing.BoxLayout.checkRequests(BoxLayout.java:433)
at javax.swing.BoxLayout.layoutContainer(BoxLayout.java:375)
at java.awt.Container.layout(Container.java:1401)
at java.awt.Container.doLayout(Container.java:1390)
at java.awt.Container.validateTree(Container.java:1473)
at java.awt.Container.validateTree(Container.java:1480)
at java.awt.Container.validateTree(Container.java:1480)
at java.awt.Container.validateTree(Container.java:1480)
at java.awt.Container.validateTree(Container.java:1480)
at java.awt.Container.validate(Container.java:1448)
at javax.swing.RepaintManager.validateInvalidComponents(RepaintManager.java:379)
at javax.swing.SystemEventQueueUtilities$ComponentWorkRequest.run(SystemEventQueueUtilities.java:113)
at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:209)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:461)
at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:242)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:163)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:157)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:149)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:110)
Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException
at javax.swing.plaf.basic.BasicMenuItemUI.getPreferredMenuItemSize(BasicMenuItemUI.java:400)
at javax.swing.plaf.basic.BasicMenuItemUI.getPreferredSize(BasicMenuItemUI.java:310)
at javax.swing.JComponent.getPreferredSize(JComponent.java:1615)
at javax.swing.BoxLayout.checkRequests(BoxLayout.java:434)
at javax.swing.BoxLayout.preferredLayoutSize(BoxLayout.java:251)
at javax.swing.plaf.basic.DefaultMenuLayout.preferredLayoutSize(DefaultMenuLayout.java:38)
at java.awt.Container.preferredSize(Container.java:1558)
at java.awt.Container.getPreferredSize(Container.java:1543)
at javax.swing.JComponent.getPreferredSize(JComponent.java:1617)
at javax.swing.JRootPane$RootLayout.layoutContainer(JRootPane.java:910)
at java.awt.Container.layout(Container.java:1401)
at java.awt.Container.doLayout(Container.java:1390)
at java.awt.Container.validateTree(Container.java:1473)
at java.awt.Container.validate(Container.java:1448)
at javax.swing.RepaintManager.validateInvalidComponents(RepaintManager.java:379)
at javax.swing.SystemEventQueueUtilities$ComponentWorkRequest.run(SystemEventQueueUtilities.java:113)
at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:209)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:461)
at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:242)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:163)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:157)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:149)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:110)
There are no complaints about anything within my code, it's all GUI related whenever I make a bind() or rebind() call.
Again, any help here would be great... cause this one's just beating me.
Thanks!Maybe you want to change that worker thread to
not do RMI but anything else (dummy data) to see if it really is RMI, I doubt it, I think you are updating some structures that have to do with swing GUI and hence you will hang.
Just check this out. -
Have deleted temp video, configured anti spam and firewall, and one specific video keeps giving me an error. Just tried downloading a previous episode of the show and it worked just fine. Always sunny in philly "Charlie rules the world" anyone else??
Have deleted temp video, configured anti spam and firewall, and one specific video keeps giving me an error. Just tried downloading a previous episode of the show and it worked just fine. Always sunny in philly "Charlie rules the world" anyone else??
-
Can't update iOS 8 on my iPhone5 through iTunes on Windows 8 (error 3004, 3194). Updated host file, opened port 80, 443; turned off security system and firewall, etc. But nothing works. How to solve this problem?
Hi the_mad_movies,
It seems like this article will be the best option for addressing this issue:
Error 3194, Error 17, or "This device isn't eligible for the requested build"
http://support.apple.com/kb/ts4451
Thanks for coming to the Apple Support Communities!
Cheers,
Braden -
Connection to CRX via RMI and getting WeakReference value..... with an exception!
Hi there,
I have the following problem.
I opened a ticket in Day Care Support system, about CRX users/group membership that got lost while synchronization with our LDAP server.
Although when the user and the group had been created (and therefore taken from that same LDAP server), the membership was good.... but after some time the membership got lost......
So what i am trying to do now is a Java program that connects to CRX via RMI.
And gets the list of all the users from a group (aka membership).
The idea is to monitor the membership each seconds.
But when trying to get the property "rep:members" of the group, I have the following exception :
javax.jcr.ValueFormatException: Unknown value type 10
at org.apache.jackrabbit.rmi.server.ServerObject.getRepositoryException(ServerObject.java:13 9)
at org.apache.jackrabbit.rmi.server.ServerProperty.getValues(ServerProperty.java:71)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:322)"
I searched a little bit and found that "10" is the number for type WeakReference.
That's normal to me because memberships are stored in the group as a list reference to users linked to that group....
Anyways, what's not normal to me is that when the type is "10" the API does not let me get the Value (cf. ServerProperty.getValues() method)
Here is the program:
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.imageio.spi.ServiceRegistry;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.Property;
import javax.jcr.PropertyIterator;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import javax.jcr.RepositoryFactory;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import javax.jcr.Value;
public class Test {
public static void main(String[] args) {
String uri = "rmi://sma11c02.............:1234/crx";
String username = "admin";
char[] password = {....................};
String workspace = "crx.default";
String nodePath = "/home/groups/a";
Repository repository = null;
Session session = null;
try {
// Connection to repository via RMI
Map<String, String> jcrParameters = new HashMap<String, String>();
jcrParameters.put("org.apache.jackrabbit.repository.uri", uri);
Iterator<RepositoryFactory> iterator = ServiceRegistry.lookupProviders(RepositoryFactory.class);
while (null == repository && iterator.hasNext()) {
repository = iterator.next().getRepository(jcrParameters);
if (repository == null) {
throw new IllegalStateException("Problem with connection to the repository...");
// Creation of a session to the workspace
session = repository.login(new SimpleCredentials(username, password), workspace);
if (session == null) {
throw new IllegalStateException("Problem with creation of session to the workspace...");
// Get the targetted node
Node node = session.getNode(nodePath);
System.out.println("Node : " + node.getName());
System.out.println();
PropertyIterator properties = node.getProperties();
System.out.println("List of properties for this node :");
while (properties.hasNext()) {
Property property = properties.nextProperty();
System.out.print("\t"+property.getName() + " : ");
if (property.isMultiple()) {
Value[] values = property.getValues();
for (int i = 0; i < values.length; i++) {
System.out.print(values[i]);
if (i+1 != values.length) {
System.out.print(", ");
System.out.println();
} else {
Value value = property.getValue();
System.out.println(value);
System.out.println();
NodeIterator kids = node.getNodes();
System.out.println("List of children nodes for this node :");
while (kids.hasNext()) {
Node kid = kids.nextNode();
System.out.println("\tChild node : "+kid.getName());
PropertyIterator kidProperties = kid.getProperties();
System.out.println("List of properties for this child :");
while (kidProperties.hasNext()) {
Property property = kidProperties.nextProperty();
System.out.print("\t"+property.getName() + " : ");
if (property.isMultiple()) {
Value[] values = property.getValues();
for (int i = 0; i < values.length; i++) {
System.out.print(values[i]);
if (i+1 != values.length) {
System.out.print(", ");
System.out.println();
} else {
Value value = property.getValue();
System.out.println(value);
System.out.println();
} catch (RepositoryException e) {
e.printStackTrace();
} finally {
if (session != null) {
session.logout();
Here is the output of the below program:
Node : a
List of properties for this node :
jcr:createdBy : admin
jcr:mixinTypes : mix:lockable
jcr:created : 2011-10-25T16:58:48.140+02:00
jcr:primaryType : rep:AuthorizableFolder
List of children nodes for this node :
Child node : administrators
List of properties for this child :
jcr:createdBy : admin
rep:principalName : administrators
rep:members : javax.jcr.ValueFormatException: Unknown value type 10
at org.apache.jackrabbit.rmi.server.ServerObject.getRepositoryException(ServerObject.java:13 9)
at org.apache.jackrabbit.rmi.server.ServerProperty.getValues(ServerProperty.java:71)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:322)
at sun.rmi.transport.Transport$1.run(Transport.java:171)
at java.security.AccessController.doPrivileged(AccessController.java:284)
at sun.rmi.transport.Transport.serviceCall(Transport.java:167)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:547)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:802)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:661)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:897)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:919)
at java.lang.Thread.run(Thread.java:736)
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(Unknown Source)
at sun.rmi.transport.StreamRemoteCall.executeCall(Unknown Source)
at sun.rmi.server.UnicastRef.invoke(Unknown Source)
at org.apache.jackrabbit.rmi.server.ServerProperty_Stub.getValues(Unknown Source)
at org.apache.jackrabbit.rmi.client.ClientProperty.getValues(ClientProperty.java:173)
at Test.main(Test.java:96)
Here is the list of jar files i'm using with this program:
2862818581 61388 crx-rmi-2.2.0.jar
732434195 335603 jackrabbit-jcr-commons-2.4.0.jar
1107929681 411330 jackrabbit-jcr-rmi-2.4.0.jar
3096295771 69246 jcr-2.0.jar
1206850944 367444 log4j-1.2.14.jar
685167282 25962 slf4j-api-1.6.4.jar
2025068856 9748 slf4j-log4j12-1.6.4.jar
Finally, we are using CQ 5.4 (CRX 2.2) with the latest hotfix and under Websphere 7.0
Best regards,
Vincent FINETJe suis absent(e) du bureau jusqu'au 17/04/2012
Je suis absent.
Je répondrai à votre sollicitation à mon retour le 17 avril 2012.
Cordialement,
Vincent FINET
Remarque : ceci est une réponse automatique à votre message "[CQ5]
Connection to CRX via RMI and getting WeakReference value..... with an
exception!" envoyé le 13/4/12 0:32:14.
C'est la seule notification que vous recevrez pendant l'absence de cette
personne.
Le papier est un bien precieux, ne le gaspillez pas. N'imprimez ce document que si vous en avez vraiment besoin !
Ce message est confidentiel.
Sous reserve de tout accord conclu par ecrit entre vous et La Banque Postale, son contenu ne represente en aucun cas un engagement de la part de La Banque Postale.
Toute publication, utilisation ou diffusion, meme partielle, doit etre autorisee prealablement.
Si vous n'etes pas destinataire de ce message, merci d'en avertir immediatement l'expediteur. -
Setting up gateway and firewall in OS X Server 10.3?
Hi all,
I have a G4 tower with two working ethernet cards in it that I would like to configure as a gateway and firewall. It has OS X Server 10.3 on it. I have easily found the firewall configuration in the Server Admin intrerface, but I can find nothing about configuring the server to act as a gateway. The only information I have found that is pertinent is related to the Gateway Setup Assistant that comes with OS X Server 10.4, which doesn't exaclty help me. Does anyone have any documentation on configuring OS X Server 10.3 to be a gateway? Thanks.Actually, I may have marked this as answered too quickly...
So I followed the guide at the back of the getting started manual, and set everything up as follows:
- PCI ethernet card is set up as the connection to the outside world. It is plugged into a switch which connects to a wall jack. In Network under System Preferences, it is set up as the first internet conection to try. It has a static IP address, and is set up to use the organization's DNS servers. It is NOT plugged into the upstream port, but is instead in port #9. The light on the router is on.
- Built-in wireless is set up to be the internal connection. It is plugged into the upstream slot on anouther switch. It has a static IP address, and is set up to use the organization's DNS servers. The light on the router is on, so it appears there is a connection.
- A different computer is plugged into the second switch, which a static IP address and to use the organization's DNS servers.
So basically, unlike in the scenario in the manual, I am not using the OS X Server for DNS, DHCP or NAT services. That should, if anything, simplify it.
The firewall service is started, and is set to allow all traffic in and out, no problems. Nice and simple to start.
The server has an okay connection to the outside world via the PCI ethernet card. I can ping other machines and load web pages. I cannot, however, access the machine connected to the router which is connected to the built-in ethernet. Likewise, that machine has no access to either the OS X Server or the outsideworld.
How does OS X Server decide which ethernet card is to be connected to the outside world, and which is for the internal firewall? Is the confusion possible because I'm connected to two routers? -
Thrree different times I attempted to download the new OS to my wife's iPad. each time it would proceed to a point somewhere around 80 minutes remaining (started with 3+ hours remaining and downloaded about 4mb per minute). I have a 1mbDSL line that routinely tests out at around .85mb per min. I have tried all the "fixes" I found on the site including isolating allother USB interfaced hardware, rebooting both machines (PC and iPad), shutting off AV and firewall and still it fails at about the same point - giving error 3259.
An attempt to find other info or any way to comminicate directly with Apple re this was not successful.
Any ideas?
My next idea is to take the entire PC to my son's where there is a faster internet connection but that is a lot of trouble and you shouldn;t have to do that. with other large file updates I have done on other software, if it fails or times out you are able to resume where it left off and eventually get it done.An alternative is to try downloading the update via a browser : https://discussions.apple.com/message/16703914#16703914
You could also do that via, for example, a friend's computer and then copy it to your own computer for the actual update. -
Hi,
I have a problem, integrating an application with RMI and a Client side with swing.
I have un RMI object that does something, and in any time I want to inform to the client side rmi... I did something like:
// This is the REmote implementation
public MyRemoteImpl extends Activatable implements MyRemote{
EventListenerList listeners;
// code for activation, etc.......
public void addListener(MyListener l){
// add the listener in the list...
public void fireEvent(String msgEvent){
// in each listener that is MyListener, .doEvent(String msg)
// Methods that calls fireEvent...
// Mylistener interface..
public MyListener implements EventListener{
public void doEvent(String msg);
// The swing client side.
public MyClient extends JPanel implements MyListener{
MyRemote rem=null;
// In the start of ui.. Ido:
rem.addListener(this);
public void doEvent(String msg){
// Puts the message at one component....
}The problem is that when the doEvent of the Swing side is called, it is executing in the rmid... And the UI is not updated...
What I do wrong??
Thanks and Best Regards.I wrote an application that does something similar, it receives some event and modifies a JTree accordingly. You should try using the java.awt.EventQueue.invokeLater(Runnable) method. Something like this:
public void doEvent(String msg) {
// Determine what changes need to be made
java.awt.EventQueue.invokeLater(new Runnable() {
public void run() {
// Only the GUI component modification calls need to go here
} -
when installing third party software, how do I temporarily turn off the factory installed virus sw and firewall? Is it necessary on a Mac to do so? I come from the Windows world and am still in the learning curve on the Mac.
Correct. I have not installed ANY other software for anti-virus, etc. I want to install a Synch app for my HTC phone to sych with MS Outlook 2011 installed on my Mac. HTC will not synch with it otherwise. That was really the basis for my question....if installing a non Apple app can be done without messing with factory settings on the Mac. In Windows I remember that I needed to disable Norton and the Firewall in order for installation to occur.
Thanks. -
Suggest antivirus and firewall
Hi, im running a windows computer xp home service pack3,
I was having problems downloading films from itunes, and i suspected either a bug/virus in my computer
or conflict with security software in my computer was causing problems, So i wiped my computer and installed new version
of xp,Went onto itunes and downloaded film which seems to have downloaded okay,
I dont want the same problem so can anyone suggest please an antivirus and firewall for my computer [had pandacloud antivirus before] which shouldnt cause conflict problems with itunes?, Many thanks for any help given.WIndows XP has a fairly serviceable firewall built into it already. As long as you are connecting to the internet via a router there really shouldn't be too much to worry about. Back in the day of directly connected modems people were inadverntly exposing their file systems to anyone who chose to look. A quick visit to Sheilds Up! should let you know if there are any significant issues.
I tend to recommend AVG-Free as an AV solution for personal use. Don't install its toolbar or search redirector. Whatever AV package you use you may want to go into its advanced settings and exclude it from monitoring your iTunes folder. This should prevent any conflict between the AV and iTunes.
tt2 -
I've run into one roadblock after another with Cirrus (Stratus) - basically, even the Adobe Videophone example refuses to work in the 'real world' where there's a mix of NAT and firewall configurations outside the developer's control. (http://forums.adobe.com/message/1064983#1064983 and thread at http://forums.adobe.com/thread/736422?tstart=0)
My question is whether Flash Media Server 4 has the same sort of issues? We don't want to pay up to install and run our own FMS only to discover that we won't be able to provide a P2P service to our end users because they're scattered around the Internet with a mix of mobile devices and computers lying behind NAT and firewall devices that we can't predict.FMS4 and Cirrus should behave identically as far as facilitating P2P communications on the open Internet.
as the referenced article describes, with some combinations of NATs and firewalls, P2P communication is impossible. RTMFP tries really hard to establish connections in the cases where direct communication is possible, but will not function in cases where direct communication is not possible.
we believe direct communications should be possible for the majority of Internet users, but recognize that it won't be possible for 100% of users. -
I have a new macbook pro. Should I turn on File Vault and Firewall?
The purpose of FileVault is to protect your files from being read by someone who has physical access to the computer. If you need or want that protection, you should enable it.
The application firewall blocks incoming network traffic, regardless of origin, on a per-application basis. Typically, it would be configured to allow only applications digitally signed by Apple to listen on the network. It does not block outgoing traffic, nor can it distinguish between different sources of incoming traffic. It is not, as some people seem to believe, a malware filter.
So for example, suppose you enable file sharing, and allow access by guests to certain folders. You want people on your local network to be able to access those files without having to enter a password. When configured as stated above, the firewall will allow that. Your router will prevent outsiders from accessing the files, whether the application firewall is on or not. But if your computer is portable and you connect it to an untrusted network such as a public hotspot, the firewall will still allow access to anyone, which is not what you want.
Now suppose you unknowingly install a trojan that steals your data and uploads it to a remote server. The firewall, no matter how it's configured, will not block that outgoing traffic. It does nothing to protect you from that threat.
Another scenario: Your web browser is compromised by a trojan. The trojan redirects all your web traffic to a bogus server. The firewall does nothing to protect you from this threat.
A final scenario: You're running a public web server. Your router forwards TCP connection requests on port 80 to your Mac, and the connections are accepted by the built-in web server, which is signed by Apple. The application firewall, still configured as above, allows this to happen. Now you download a different trojan, one that tries to hijack port 80 and replace the built-in web server. The good news here is that the firewall does protect you; it blocks incoming connections to the trojan and alerts you. The bad news is that you've been rooted. The attacker who can do all this can just as easily disable the firewall, in which case it doesn't protect you after all.
It might make a bit of sense to use the firewall if you're running trusted services on an unprivileged port; that is, a port numbered higher than 1023. Those ports can be bound by a process with no special privileges.
Here is a more realistic scenario in which you should enable the firewall. Your portable Mac has several sharing services enabled. You want those services to be available to others on a home or office network. When you're on those networks, the firewall should be off. When you move to an untrusted network, you can either turn off all the services, or enable the firewall to block them. Blocking is easier: one configuration change instead of several. -
Anti-Virus and Firewall Software for Windows (on my Intel Mac)?
Hello,
I have just ordered my first Intel Mac, as well as my first copy of Windows XP. How ironic that I would be asking this on the Apple Discussions site, but what Windows anti-virus and firewall software is recommended? I want to be well protected on the Windows side.
“Technological change is like an axe in the hands of a pathological criminal.” (Albert Einstein, 1941),
Dr. Z.Templeton,
It is embarrassing enough that I am installing a copy of Windoze on my brand new Mac, not to mention voluntarily opening myself up to a host of viruses, spyware, and other PC garbage. If I can’t trust another Mac user for help here, then who can I trust?
Thanks for your mere comment. Now, anyone else with actual knowledge to share?
“The future is here; it's just not evenly distributed yet.” (Albert Einstein, 1939),
Dr. Z. -
Hi looking for a bit of free anti - virus and firewall for osx 10.8.2
hi looking for a bit of free anti - virus and firewall for osx 10.8.2 any pointers also any one used Mac cleaner ?
1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files. This feature is transparent to the user, but internally Apple calls it "XProtect." The recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets (see below.)
It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
3. Starting with OS X 10.7.5, there has been another layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't actually been tested by Apple (unless it comes from the Mac App Store), but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. For most practical purposes, applications recognized by Gatekeeper as signed can be considered safe.
Gatekeeper has, however, the same limitations as XProtect, and in addition the following:
It can easily be disabled or overridden by the user.
A malware attacker could get control of a code-signing certificate under false pretenses, or could find some other way to evade Apple's controls.
For more information about Gatekeeper, see this Apple Support article.
4. Beyond XProtect and Gatekeeper, there’s no benefit, in most cases, from any other automated protection against malware. The first and best line of defense is always your own intelligence. All known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore reduces to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
That means, in practice, that you never use software that comes from an untrustworthy source. How do you know whether a source is trustworthy?
Any website that prompts you to install a “codec,” “plug-in,” or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn users who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
“Cracked” copies of commercial software downloaded from a bittorrent are likely to be infected.
Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. No intermediary is acceptable.
5. Java on the network (not to be confused with JavaScript, to which it's not related) is a weak point in the security of any operating system. If a Java web plugin is not installed, don't install one unless you really need it. If it is installed, you should disable it (not JavaScript) in your web browsers. Few websites have Java content nowadays, so you won’t be missing much. This setting is mandatory in OS X 10.5.8 or earlier, because Java in those obsolete versions has known security flaws that make it unsafe to use on the Internet. The flaws will never be fixed. Regardless of version, experience has shown that Java can never be fully trusted, even if no vulnerabilities are publicly known at the moment.
Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.
6. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.
Why shouldn't you use commercial "anti-virus" products?
Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
7. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so can corrupt the Mail database. The messages should be deleted from within the Mail application.
ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. If you don't need to do that, avoid it. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
8. The greatest danger posed by anti-virus software, in my opinion, is its effect on human behavior. When people install such software, which does little or nothing to protect them from emerging threats, they get a false sense of security from it, and then they may do things that make them more vulnerable. Nothing can lessen the need for safe computing practices.
9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use.
Maybe you are looking for
-
My Firefox version is 13.0.1, I use Windows Seven 64-bit, when I click on Firefox, but the program does not run! But Firefox is seen in the list of Windows processes, while Firefox does not run. I manually deleted Firefox from the list once I have Wi
-
Editing photos without changing the originals
I'm brand new to any Apple applications and thus far I have not been able to figure out how to keep my originals after doing any editing ie. croping or color enhancing. Can anyone tell me how to copy or save a seperate photo file? I have attempted it
-
Api or command to decode password
Hi, I am trying to run an ODI Scenario using Java APIs(using the package oracle.odi.sdk.invocation). I am creating OdiRepositoryConnection object and setting its parameters(odiusername,password,jdbc username,password). I am able to run the scenario b
-
Bridge CS4 not rendering images correctly
i have macbook 10.4.11 with 60 GB free, and 2GB of RAM and when i hit the space bar in bridge to view my photos at full screen the photos do not sharpen. they used to but now they don't, they just remain blurry. i have tried "purge cache" and checkin
-
TS1424 DOWNLOAD ERROR TAP TO RETRY
trying to download an album (16song) and just keep getting download error tap to retry