Turn off Microsoft Office Spying on OS X

Last updated on October 14, 2003.

Turn off the Microsoft Office "anti-piracy" feature that causes a security vulnerability.  The U.S. Department of Energy Computer Incident Advisory Capability (CIAC) has instructions for doing so.   So does Microsoft.  Briefly, do this now and after every restart (or put this into your system startup script*:

% sudo ipfw add deny tcp from any to any 3000-65535 in setup via en0
% sudo ipfw add deny udp from any to any 2222 via en0

*To put this in the system firewall startup script, do the following:

  1. Turn off the OS X firewall in System Preferences > Sharing >  Firewall   if it is on.    
  2. Download and install a GUI interface for ipfw that is basically a large superset of the firewall you just deactivated.  It is called Brickhouse.  It is shareware but you can run it for free if you need to.  Let Brickhouse walk you through the setup procedure.   (For reasons that should be obvious, I'm not going to advertise here what I turned on and what I turned off.)

  3. Now you can use Brickhouse to implement the above two rules.  Do the following:  Open Brickhouse and authenticate.  Click on "add filter" at the bottom and  a window pane called "Filter Details" appears.  Set "action" to "Deny" and "Service" to the bottom-most option, which is "custom service."  Then for "protocol" choose "tcp" and for "Port" input 3000-65535" and then from "Source" choose "The Internet" and the word "any" will appear.  Do the same with "Destination", hit OK, and then repeat this a second time, this time using just port 2222 and Protocol udp.  You can move rules around from the bottom to top of the list just by dragging them.  I think these rules need to be dragged to the top to work.

  4. I found that after installing these rules I could no longer use curl-ftp, which fink requires for installations and updates. To fix that, issue the command
    echo "-P - ftp" >> ~/.curlrc
    Another option is to use wget instead of curl, and to use it in active-mode ftp.  To do this use fink to install wget, and then edit your /sw/etc/fink.conf file and change two lines to read:

    DownloadMethod: wget
    ProxyPassiveFTP: false

    I think the first firewall rule might also interfere with the ftp program called Fetch, and possibly using ftp via your browser.  I haven't yet figured out how to deal with this without defeating the firewall.  As a temporary workaround, I've defined the following two aliai that allow me to turn the firewall off, and then turn it back on again.
alias firewall_off "sudo ipfw flush"
alias firewall_on "sudo ipfw /etc/firewall.conf"


 Click here for web site index