Strange Console messages

[mustbjones]

Version: 2008 Operating System: Mac OS X 10.6 (Snow Leopard) Processor: Intel I have the Firewall in 10.6 set to accept/deny according to specific applications. Word (and Excel) are deny. I don't want anything coming in from the outside and infecting these applications. But I don't understand the following Console messages:

/15/10 10:41:13 AM Firewall[73] Microsoft Word is listening from 0.0.0.0:3766 proto=6
2/15/10 10:41:13 AM Firewall[73] Deny Microsoft Word data in from 192.168.1.2:52521 to port 2223 proto=17
2/15/10 10:42:08 AM Firewall[73] Deny Microsoft Word data in from 192.168.1.2:53802 to port 2223 proto=17

since the 192.168.1.2 is MY computer what is Word listening for?

 

[John McGhie]

Quite a few things

All Microsoft Office applications listen for commands and requests coming in
from the network to add functionality.

The most important two are the Help system (nearly all of the content was
not ready by the time they burned the CD, so it's on the Microsoft Web
Server: if you're not listening, you have almost no help...) and the
Translation mechanism that translates text into other languages.

There's a few others that are rarely used that I can't remember.

Assuming that your internet security software is installed, running, and
up-to-date, nothing is going to get in, you can leave it open. If you don't
have internet security software on an always-on connection, your machine
will be p0wned in a few days or minutes ‹ but the most likely vector is
Flash or IM, not Word

Cheers

Version: 2008 Operating System: Mac OS X 10.6 (Snow Leopard) Processor: Intel
I have the Firewall in 10.6 set to accept/deny according to specific
applications. Word (and Excel) are deny. I don't want anything coming in
from the outside and infecting these applications. But I don't understand the
following Console messages:

/15/10 10:41:13 AM Firewall[73] Microsoft Word is listening from 0.0.0.0:3766
proto=6
2/15/10 10:41:13 AM Firewall[73] Deny Microsoft Word data in from
192.168.1.2:52521 to port 2223 proto=17
2/15/10 10:42:08 AM Firewall[73] Deny Microsoft Word data in from
192.168.1.2:53802 to port 2223 proto=17

since the 192.168.1.2 is MY computer what is Word listening for?

This email is my business email -- Please do not email me about forum
matters unless you intend to pay!

 

[mustbjones]

Thanks. I have my Firewall set to only essential/listed applications. Word and Excel are denied connections to the "internet". I did find at Wikipedia that port 2223 is the "unofficial" port that Microsoft uses as its OSX anti-piracy monitor. It is confusing that my Firewall considers behind the router network, in my case one machine, an "internet" connection.

 

[John McGhie]

As I said in my previous reply, blocking Word and Excel results in a few of
the features you paid for being disabled.

If you used the product key you received with the install disk, the
anti-piracy monitor won't worry you at all (but it will prevent anyone else
stealing your key )

Cheers

Thanks. I have my Firewall set to only essential/listed applications. Word
and Excel are denied connections to the "internet". I did find at Wikipedia
that port 2223 is the "unofficial" port that Microsoft uses as its OSX
anti-piracy monitor. It is confusing that my Firewall considers behind the
router network, in my case one machine, an "internet" connection.

This email is my business email -- Please do not email me about forum
matters unless you intend to pay!

 

[mustbjones]

I opened Little Snitch to all Network traffic and saw that Word/Excel is doing a two things: connecting to "broadcasthost" and "my machine name.local" I also re-read the message that the OS sends when opening Word/Excel. I thought it said did I wish Word/Excel to receive incoming connections from the INTERNET; but upon second reading is said connections from the network.

But segueing to another question: I have the "Automatically allow signed software to receive incoming connections" checked. I would presume that any Microsoft product has a valid certificate authority so that it could provide services accessed from the network.

And I do have a valid Product Key.