I don’t have virus scanner and stuff on the DAWs, no windows updates etc. I have in mind that it was never a good idea to have your DAWs access the internet. It always was a big NO go.
Maybe if you have a Mac it would be fine, OR if you use a computer which is always up to date and stuff…
Use Microsoft Security Essentials or Avast as they have very little system overhead (I don’t even notice them). I think these days it’s perfectly fine to have your DAW connected to the internet - I know mine is connected and I’ve never had an issue related to being online.
Me too. Never had problems with my DAW connected to the internet. But I would not recommand any AV on a DAW because it slows down the file access. And the MS security essentials aren’t so good because it has no behavioral surveillance.
Mh, well - I head about issues regarding “autoupdates” - I do not like the idea to have my system changed in any way while in session… Ok, I have autoupdates disables, but now I have to fear regarding security things… or not?
Is it safe to have a DAW connected to the www - without using a browser or any other kind of websurfing ? Of course behind a router-firewall.
I dislike the idea to install any kind of anti virus stuff.
Maybe I am just too oldschool. As I said - it always was a big No Go to have a studio computer connected to something else. But that was Win 98 se days…?
When you disable the auto-update of windows, it makes nothing, as suspected. If you haven’t installed any other software that makes auto-update and you don’t make downloads or somthing like this you will not receive malware on your daw. But nothing is 100%. If you want your system 100% secure you have to disconnect it from your LAN too, because you also can receive the malware on your DAW via your LAN from another computer connected to your LAN.
I’m too not a friend of anti-virus software installed on the daw, because it slows down the file access significally. But what you need is a firewall in your router.
I’ve recently turned auto updating completely off in my 2 W7-64 DAW computers: after the last set of updates I ended up with with one computer refusing to log in and another that seemed to be completely off with applications not launching and other very strange behaviors. Fortunately, I use Windows Home Server to back up my machines every night so I was able to restore both systems to earlier versions that worked, but it still cost me the better part of a day to figure out what the hell was going on. The number of updates Microsoft throws at us is really overwhelming and while many seem to be security orientated, there are also system fixes and, more invasive, component upgrades that serve to develop their own long term agendas. It’s almost impossible to keep track of what’s what, so after this recent mess I decided to just shut that door.
Connecting workstations to the internet seems to have become a real risk, and I totally understand the apprehension. You figure if you stay on manufacturer and user websites and forums, you should be safe, but they say it takes minutes of internet connection for a brand new computer to get infected with some form of malware. It would seem that isolation is the best policy. i still think that that as long as you limit your DAW’s internet use to the above, as well as for registrations and updates, you should be pretty safe.
But the bottom line is we can’t be experts in everything. I wonder: how safe are we behind our routers? How bullet proof are they? In principle, since we’re receiving data from the internet, the router is just a portal, right? Even if hackers can’t access the router itself (although I’m sure there’s back doors and hacks), can they not access the computers receiving the data being routed to them? Just how bullet proof are our browsers and our OSes? How many holes are left in our systems because it serves the purpose of higher authorities but at the same time are attack vectors that the hackers use? Here’s a good one:
How much effort is really being put into making our systems safe when it is in the interest of commercial interests that our systems are not?
So ultimately, it would seem that isolation is still the best option. I tend to intuitively agree with Brandy on this. I’ve been wondering what the best strategy is, like a completely isolated internal network for the studio, and separate branch for communications, with some kind of physical switch to connect them when necessary.
Or maybe I’m completely blowing this out of proportion… but the problem is by the time something does happen (like someone stealing your data, or destructive viruses and worms), it’s usually too late to do anything about it.
Breeze, I am looking exactly like you on this. I never had the same issues (because I am always completely conservative regarding my DAWs) but I read about stuff like that before. That autoupdates changed something and all of a sudden there was something not working anymore. I do not like the idea.
O.K. - you can tun autoupdate off. But Win is often tricky here, these Microsoft for dummys features are always trying to force you to have updates enabled and who knows if - after a crash or something - these settings will not change by themself?!
And I fear the idea of network-maleware as well as I saw by myself how computers were getting infected by worms just by connecting them to the internet. But without a router. Maybe 8 years ago or something, there was a maleware which caused your computer to reboot all the time, and the computer gets infected just after minutes in the internet, without any browser-activity.
Getting really safe would mean: Having all DAWs in a completely separated Network. If it is just one DAW then just do not connect it anywhere, if there are a couple of DAWs just use a Switch to have them connected but no physical connection (cable, wlan) to the internet computer(s).
Then, an extra network for all the internet-computers. You will have one solid Office computer with a good virus scanner etc - here you up/download data as well as you will connect usb-storage (coming from clients) to that - scan for maleware - move to a secure USB stick/drive, transfer to the DAW.
This would be the safest way for all situations. I did this for a long time. But it sucks, in days of internet I find myself transfering files from internet to DAW and vice versa all the time.
Maybe it is a good compromise to have the DAWs connected but as said with blocked internet access. To have a very good router with firewall and - in my case - mostly Macs for internet access… or win machines with antivirus/firewall and of course quite a good online discipline of the user. Client WLan is now a guest-network without any access to the studios-network. So - if the kids are having maleware on their laptops, it should not be a problem.
There are various possibilities to do this. You could do all this with VLAN, routing, subnets etc., but the question is if it’s worth to do this… or you simply do not connect your LAN with the DAWs to the internet.
As I said before, with your DAWs connected to the internet you never have 100% security. But if it’s not connected to the internet you also can receive malware via a data carrier…
You have to decide, what’s important to you.
Hi Brandy,
If you use the no DNS method I described a few posts above, you’ll get what you’re after ; a local network with NO internet abilities for your daw.
When you use the DNS method you described before then the url will not be resolved, but it does NOT cut the internet access. You can still access the internet via the IP addresses.
True Riwe, but how often does windows update, a browser, adobe, apple etc use the IP to connect to a server ?
I’ve used this method for years and the machines haven’t seen the light of an update or any unwanted connection unless I put back the DNS.
Not a military grade security option for sure, but certainly a quick and handy solution for what Brandy is after I reckon.
Not ?
Windows update (since windows vista) uses pure IP adresses. Or with other words the majority of these services uses IP addresses. For Brandy the DNS blocking would have the same effect as if he would block the ports 80 and 445. A quick and handy solution would be blocking the MAC address, if the router/firewall supports this.
Hey Bifop, hey riwe!
Great posts, thanks a lot for your ideas! Highly appreciated! Bifop, indeed I am after a handy solution because I am not a network geek.
Well, unfortunately it seems that the Router can do a lot but no MAC adress blocking, I can define quite good what I want to block, but I can not block the complete computer, at least not without loosing ALL network features. And then it makes no sence again.
So it might be fine just to block port 80 and 445?
I realised that - when I use those cybersitter - blocking- features of that router ( to manually disable network access for certain MAC adresses - to protect the children from surfing all night) it blocks the internet quite well, in Win7 on the DAW it tells me “no internet access” but I can access the DAW from the other computers.
As I said, blocking these ports will only disable http and https, but the rest would pass through your firewall.
So, what is “the rest”?
Those auto-updates and stuff? Is this “the rest”?
Maleware?
The “rest” is all internet traffic except http and https. This can be internet traffic from malware, from programs and services which doesn’t use the http or https protocol, e-mail etc. This also can be an update service which don’t use these ports.
“Media Lounge” renamed to “Nerd Lounge”.
Fredo
