Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Anti-Virus for MacPro ...

It's the weakest. The pain you will feel from having to get your friends MAC address' every time someone needs to get on your network vs. the security. MAC address spoofing is hacker 101. Along with WEP protection. Just use WPA2 and forget about it. If they want in thy'll get in. If you need added security look into setting up a RADIUS server.
 
As an Amazon Associate, MacRumors earns a commission from qualifying purchases made through links in this post.
dyn said:
Hiding the ssid does not hide it
Click to expand...

Dyn, we are speaking here about the bandwidth thieves, about a guy next door who just opens his comp, sees your open network and uses it. So in this case any protection is good and effective. I presume, just a microscopical fraction of these guys are going to use any scanner, as there are plenty of totally unprotected networks in any neighbourhood.

Everything has its flows, WPA could be cracked in under 20 min. And so what? — all of us are using it. Even a wired network is never fully protected.

If you happen to be a high-profile target, there is now way to be 100% sure your network has not been compromised. If you’re just a user with no valuable info on you comp / network / with no direct connections with other high-profile targets, than the chance your network will attract anybody else except a kid next door is not that big.
 
Last edited:
sash said:
Dyn, we are speaking here about the bandwidth thieves, about a guy next door who just opens his comp, sees your open network and uses it. So in this case any protection is good and effective. I presume, just a microscopical fraction of these guys are going to use any scanner, as there are plenty of totally unprotected networks in any neighbourhood.
Click to expand...

So we're worried the guy next door is unskilled in finding a "hidden" SSID but we're worried about him cracking WPA2? If someone can crack WPA2, they can probably find your SSID in a few seconds.

Setting WPA2 is good enough because if someone can get past your WPA2 encryption, it's going to be a cakewalk for them to find your SSID and find a MAC address that will work. Hiding your SSID and using WPA2 is like putting a very high end alarm system in your car, and then sticking a note on it that says "please don't steal my car". Cute, but if someone can get past your alarm system, the note probably isn't going to stop them at all.

sash said:
Everything has its flows, WPA could be cracked in under 20 min. And so what? — all of us are using it. Even a wired network is never fully protected.
Click to expand...

Cracking WPA2 is actually not trivial. Do-able, but non trivial.
 
sash said:
Everything has its flaws, WPA could be cracked in under 20 min. And so what? — all of us are using it. Even a wired network is never fully protected.
Click to expand...

WEP can be cracked in minutes regardless of the quality of your password.

WPA2 with a secure password takes extensively long to crack with conventional hardware (neighbor's computer).

For example,

http://www.whatsmypass.com/how-to-crack-wpawpa2

http://www.lockdown.co.uk/?pg=combi -> KisMac can only try about 300 passwords/sec. Much less the lowest Class A (10000 passwords/sec). So multiply Class A time by 33.
 
goMac said:
Hiding your SSID and using WPA2 is like putting a very high end alarm system in your car, and then sticking a note on it that says "please don't steal my car". Cute
Click to expand...

Have you ever noticed that there is a note on the window of your car actually saying please don't touch this car? I have it on the window on my car, equipped with a decent alarm system. It's been done by default.

What I'm advocating is using everything we can. SSID for random kids, wpa2 for a bit more interested kids. Etcetera.
 
Last edited:
sash said:
What I'm advocating is using everything we can. SSID for random kids, wpa2 for a bit more interested kids. Etcetera.
Click to expand...

Except, if you note what I'm saying, WPA2 both handles random kids and interested kids. Disabling the SSD does absolutely nothing besides diluting people into believing it makes them more secure.
 
sash said:
Why leave the door open and put a banner above: this door is open?
Click to expand...

Hiding the SSID does not actualy hide the SSID, and it causes a problem where a computer that has connected to that SSID will try and connect to it constantly by broadcasting the SSID. This means that if you take your laptop to an airport and try to connect to the wireless, or simply wake your computer (which triggers it to try and connect) it will scream your SSID to anyone scanning at that time.


Hiding the SSID is a very poorly implemented feature and shouldn't be a feature of any router. But people think it makes them more secure so router companies put it in just because people want it.
 
goMac said:
Except, if you note what I'm saying, WPA2 both handles random kids and interested kids. Disabling the SSD does absolutely nothing besides diluting people into believing it makes them more secure.
Click to expand...

OK, no problem. The OP question was: what's the best AV for his Mac as he thought his Mac got infected. So the beginning of this threat dealt with the fact his network was absolutely unsecured, hence folks gave their advises how to secure the network. Disabling SSID and setting up Mac-filtering is my own choice -- among other things, as well as WPA2 with a strong password.
Yes, WPA2 with a strong pass is the best option for a home wireless network (if you have no really valuable data to steal), I'm not doubting that. I'm only saying, it's not bulletproof anymore.
 
sash said:
Disabling SSID and setting up Mac-filtering is my own choice
Click to expand...

Mac filtering doesn't make much of a difference, but it doesn't make your network less secure so not a big deal. However, hiding your SSID is the absolute wrong choice. Read my other post. You should probably fix your hidden SSID problem.
 
vja4Him said:
I have received numerous post cards in the mail informing me that somebody has been downloading illegal files! They are threatening to take me to court, and pay a fine and possible jail or prison sentencing ... !!!!!
Click to expand...

Postcards????????

Well, anyone can send you a postcard with anything written on it. That doesn't mean there is any problem with your network.

Anything that pretends to be legal and has no clearly identifiable contact information is just some idiot trying to wind you up.
 
sash said:
Dyn, we are speaking here about the bandwidth thieves, about a guy next door who just opens his comp, sees your open network and uses it. So in this case any protection is good and effective.
Click to expand...
Again, using WPA2 with a good passphrase will do just that. No need for useless things like hiding the ssid and mac-address filtering. Those things are called security through obscurity.

I presume, just a microscopical fraction of these guys are going to use any scanner, as there are plenty of totally unprotected networks in any neighbourhood.
Click to expand...
About 99% of those scanners will pick up ssid's no matter if they are hidden so that would make hiding the ssid completely useless. Only the unsecured networks are interesting because you only need to connect to get on it.

Everything has its flows, WPA could be cracked in under 20 min. And so what? — all of us are using it. Even a wired network is never fully protected.
Click to expand...
WPA != WPA2. WPA2 is a lot harder to crack but then again both WPA and WPA2 are easily crackable when you're using a very short and simple passphrase. The better the passphrase the longer this will take. Most people (like the one you're talking about at the start of your reply) will not even bother connecting to a secured network since they don't know the passphrase. If it's the hackers you worry about then you need other measures (IDS and things like that for starters).

If you happen to be a high-profile target, there is now way to be 100% sure your network has not been compromised. If you’re just a user with no valuable info on you comp / network / with no direct connections with other high-profile targets, than the chance your network will attract anybody else except a kid next door is not that big.
Click to expand...
Which is why just using WPA2 with a proper passphrase is sufficient.

sash said:
Have you ever noticed that there is a note on the window of your car actually saying please don't touch this car? I have it on the window on my car, equipped with a decent alarm system. It's been done by default.
Click to expand...
In your point of view that sign would be bad since the thief would know what alarm installation you have and therefore would be able to compromise it. The fact that thieves would smash the window and nick the radio in a couple of seconds goes unnoticed. Thieves absolutely don't care about signs, they care about getting that radio out of your car as quickly as they can.

What I'm advocating is using everything we can. SSID for random kids, wpa2 for a bit more interested kids. Etcetera.
Click to expand...
What you're advocating is called security through obscurity. What everybody else here seems to be advocating is quite easy: use your brain; think about what certain things do and if they really are useful. In this case using WPA2 alone is for the random kids AND more interested kids. Hiding the ssid will not secure you from the random kids nor from the more interested kids as, like I said many times before, nearly all scanners will show the ssid no matter what. That makes it as useful as a car without an engine.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back