# Keeping your DAW off Internet



## Synetos (Jun 28, 2019)

I am wondering if many people do this anymore?

I am going to try to make it work, and only connect if I cant find any other way to update my system.

The idea being that I can turn off all the security junk and AV, and not have to worry about getting infected.

I run three Windows 10 machines in my studio, and I have them all connected. I RDP into what is now my Internet only machine over a private network.

I suppose there is still a chance I could get a bug on my DAW that way.

Anyone else have ideas on how to make this work and keep a clean workflow?


----------



## ceemusic (Jun 28, 2019)

My daw is on a separate computer. I only go online to download & authorize plugins or upload to deliver material. It's disconnected otherwise plus I don't surf the net with it either. 

Use Windows Pro & Group Policy Editor to shut down unwanted items Cortana or auto updates. I only have Windows Defender installed & it never interrupts or degrades performance.


----------



## Synetos (Jun 28, 2019)

ceemusic said:


> Use Windows Pro & Group Policy Editor to shut down unwanted items Cortana or auto updates. I only have Windows Defender installed & it never interrupts or degrades performance.



I also use GP and registry to disable services I dont want running.

I was running ESET antivirus. It was not much of a problem, but still slowed down some things. I cleaned everything off now, including Chrome.


----------



## JohnG (Jun 28, 2019)

With all the ransomware stories out there I would be anxious having a Windows computer connected all the time.

Maybe consider a separate, inexpensive laptop or other computer for online activity? Or [coughs] a Mac...


----------



## Synetos (Jun 28, 2019)

JohnG said:


> With all the ransomware stories out there I would be anxious having a Windows computer connected all the time.
> 
> Maybe consider a separate, inexpensive laptop or other computer for online activity? Or [coughs] a Mac...



Thanks John.

I was nervous...cause I was hacked once in the past a few years ago when I had my firewall turned off. 

As of this morning, I now have a dedicated Windows 10 Pro machine just for Internet, and my DAW and VST host offline. 

I could take it even further and not have a separate network card setup to RDP into the Internet machine from my DAW, but I have not gone that far...yet. I am not sure if one could get a virus through an RDP connection?

I also run VPN software on my Internet computer. There isnt any data on that computer, or any personal stuff at all.

Haha...I actually have a MacBook, but I still like working with just one mouse and keyboard and my multiple monitor setup.


----------



## kitekrazy (Jun 28, 2019)

JohnG said:


> With all the ransomware stories out there I would be anxious having a Windows computer connected all the time.
> 
> Maybe consider a separate, inexpensive laptop or other computer for online activity? Or [coughs] a Mac...



I can't even remember the last time I got any form of malware on a Windows system. Maybe it was back in XP or W98. Fear mongering at best. I guess if one is searching for porn or illegal downloads your chances will increase.


----------



## Synetos (Jun 28, 2019)

kitekrazy said:


> I can't even remember the last time I got any form of malware on a Windows system. Maybe it was back in XP or W98. Fear mongering at best. I guess if one is searching for porn or illegal downloads your chances will increase.



I will assume you are trying to be funny, but I dont think it is funny to go through it.

But, sorry to disappoint your fantasy, it actually came from an old proaudio forum hack, and a weak password...not an actual takeover of my machine. 

You really think that only porn sites or illegal downloads are how all people get infected? You might have crap on you machine and not even know it...all from your "pure" internet usage. A website is a website. Malware code gets embedded all kinds of ways. But...whatever. 

Like getting your wallet stolen? Does that only happen when you are at a brothel?


----------



## Synetos (Jun 28, 2019)

Having all that overhead off my machine improved my CPU usage in Cubase substantially. 
I now idle at about 5ms RT latency running 24/96k, with VEP and all my VSTs loaded, and about 8-10% average load CPU usage on the Cubase Performance Meter.


----------



## JohnG (Jun 28, 2019)

kitekrazy said:


> Fear mongering at best.



To suggest that ransomware or viruses are no longer a threat is total BS. Two cities in Florida have just paid over $500k each to get their files back. Large companies get millions -- millions -- of intrusion attempts a week.

Don't be naive -- protect what you have.


----------



## ceemusic (Jun 28, 2019)

Plus don't forget many send auth.codes or dl links via email, those can be hacked or fraudulent as well. I always pay attention when dealing with anything online related whether it's my daw or personal computer.


----------



## Desire Inspires (Jun 28, 2019)

I use Splice so I gotta stay connected. 

Hackers aren’t extorting small fries for Bitcoin money. They go after businesses with important info who will cough up cash quickly to be done with the ordeal.


----------



## Synetos (Jun 28, 2019)

Desire Inspires said:


> I use Splice so I gotta stay connected.
> 
> Hackers aren’t extorting small fries for Bitcoin money. They go after businesses with important info who will cough up cash quickly to be done with the ordeal.


Perhaps they practice on us little fish cause we wont be tracking them like a corporation.


----------



## JohnG (Jun 28, 2019)

Synetos said:


> Perhaps they practice on us little fish cause we wont be tracking them like a corporation.



It's not just practice. I'm sure I'm not alone in having received innumerable phishing emails, often with friends' email addresses attached. Not to mention phone calls from "the IRS" and "Microsoft Support."

They know they can sweep up $500 or $5,000 here and there and the cost to try is low.


----------



## dzilizzi (Jun 28, 2019)

I may be having this issue soon. My desktop that I use for everything but music is Windows 7 and too old to upgrade. So I'm thinking of using it for VEPro, which means it will need to connect to my music computer. Which connects to the internet. It's a fast computer and runs great. Seems silly to toss it. 

I have not had any issues with ransomware (knock on wood) but my husband has. He mostly uses his computer to surf the web and watch YouTube videos so I just wipe it when it happens. He thinks it came from a fishing forum he goes to a lot. 

I get IT security training constantly at work so I am less likely to click on something bad. But it still can happen. I think it helps to limit your internet usage to going directly to company sites to download products only when necessary. And unplug if you aren't using it. I usually download to my desktop and then copy over. But things like Native Access don't give you much choice. You can only do the best you can and maybe run Malwarebytes free once a month or more if you feel the need.


----------



## jmauz (Jun 28, 2019)

My slaves are all air gapped. My main DAW has a wifi card that I activate if I need to download something but otherwise it's off. In fact, unless it's something large I usually download stuff on my laptop and transfer it to the studio machines via thumb drive.


----------



## Quasar (Jun 28, 2019)

I keep mine off the internet, and think it high-time that people *militantly* demand an end to any copy protection that does not allow for this.

Because of the malware Native Access and NI's vicious betrayal of offline activation support, I have had to have my DAW machine connected to the web for _a few minutes_ since 2017, and each time I've resented the living hell out of being violated in this fashion. I'm getting mad now just thinking about it.

What I've done is use a freeware app called TinyWall, which works in conjunction with Windows Firewall and can be set to block everything except that which you give explicit permission communicate outside the local environment. It's PIA, but it works. The salient issue, however, is that the need to ever do this constitutes a fundamental, unacceptable and grotesque fascist human rights violation.


----------



## Desire Inspires (Jun 28, 2019)

Quasar said:


> The salient issue, however, is that the need to ever do this constitutes a fundamental, unacceptable and grotesque fascist human rights violation.


----------



## GtrString (Jun 28, 2019)

I still disconnect when working in the daw. Old habit, I feel better about it.

Mostly Im concerned about some stupid ass background data process, interfering with my recording or mixing session. Im on a mac, so virus ect is a nonissue.


----------



## Pietro (Jun 28, 2019)

Still connected for all these years. I haven't had an issue like forever. I can't imagine working offline. 

- Piotr


----------



## Guffy (Jun 28, 2019)

I think unless you're new to the internet and/or computers in general it's quite easy to stay safe online. I can't even recall the last time my machine got infected. Must have been in the early 00s when i was young and stupid, trying to download videos from dodgy sites.


----------



## Synetos (Jun 28, 2019)

The way I am running things now, it is no more effort to open a minimized RDP session than it is to click on Chrome and open up a browser window. 

VPN, full firewall, and ESET Antivirus and security suite. I think I am safe as I am going to get.


----------



## Quasar (Jun 28, 2019)

https://vi-control.net/community/th...s-10-updates-of-8-nov-2016-and-kontakt.57141/

https://vi-control.net/community/threads/windows-updates-keep-deleting-my-license-for-era-ii.69785/

https://vi-control.net/community/threads/omnisphere-problem-after-latest-update.68781/

https://vi-control.net/community/th...g-dll-files-for-sibelius-east-west-etc.73688/

https://vi-control.net/community/threads/windows-10-updates-and-daw-problems.63153/

https://vi-control.net/community/threads/win10-updates-remove-all-magix-e-licenses.69739/

https://vi-control.net/community/th...llers-unrecognized-in-komplete-kontrol.80162/

https://vi-control.net/community/th...etting-your-upgrade-ready-99-for-hours.54675/

If sufficiently motivated, I could post problems people have had with their DAW computers and unwanted web encroachments until this post was the size of a Russian novel. These are but a very few examples, using the domain-specific keywords "problem" and "updates" in Google. But there are of course many other potential problems besides OS updates, and at any rate are secondary to the much more fundamental issue of the right to privacy in one's creative workstation.


----------



## Pietro (Jun 28, 2019)

I wouldn't say staying online is a synonym of updating your Windows 10 as soon as the update is available... 

- Piotr


----------



## Quasar (Jun 28, 2019)

Pietro said:


> I wouldn't say staying online is a synonym of updating your Windows 10 as soon as the update is available...
> 
> - Piotr


It's a synonym in such instances where the updates are mandatory.

And what about all of this microcode stuff for Spectre/Meltdown et al that is said to have a negative impact on, especially, older machines? I still have a Sandy Bridge CPU and I don't want that crap. Nor do I need it if my machine stays offline. 

On so many, many levels, a computer that interacts as a player in global cyberspace is simply a different commodity than one that does not, and an entirely different set of rules apply. If you like having your workstation online, that's cool because that's your choice. But it should be a choice, not the price of admission for using 21st century software.


----------



## Synetos (Jun 28, 2019)

I dont own anything in my studio setup that "mandates" I be online all the time. 
I wouldnt buy it if it did, or i would stop using it. 

However, all of my systems require updates from time to time, so I will have to go online or use USB media to install updates.

I also backup/image my entire machine using Paragon, so even if I got infected, I could recover everything by simply blasting my system drive back to clean state.

All my important files are encrypted on the Cloud with Sync


----------



## ironbut (Jun 28, 2019)

Synetos said:


> The way I am running things now, it is no more effort to open a minimized RDP session than it is to click on Chrome and open up a browser window.
> 
> VPN, full firewall, and ESET Antivirus and security suite. I think I am safe as I am going to get.


I've thought about connecting through a VPN.
How much hassle is it?


----------



## MarcelM (Jun 28, 2019)

ironbut said:


> I've thought about connecting through a VPN.
> How much hassle is it?



one click if you use some desktop vpn solution.

vpn wont protect anyway if people keep opening supsicious emails or files on their machines.

you are safe without a vpn if you dont surf "strange" sites and take care what you download or open in your mail program.


----------



## Synetos (Jun 28, 2019)

I use ExpressVPN, and it is a piece of cake to use. 

IMO, it is just one more layer of protection...mostly from someone knowing where you live, physically. Most IP addresses are going to pinpoint where you are on earth within a few miles. With a VPN, I can appear to be just about anywhere in the world. 

I am not claiming to be any kind of expert on any of this security stuff. 

There is all this opinion that you only get infected if you go to "naughty" sites. That is BS!
Any webpage that is poorly secured is at risk of being hijacked, or having malware imbedded into it, or having data breaches happen that get all your personal info...think Target, Scottrade Securities, etc.

One other thing I have been doing is using 1Password for password management and making all my passwords crazy complex. It is a PITA, but it is much more secure. And...change them often.


----------



## EgM (Jun 28, 2019)

I keep mine online all the time, I also work in IT as my main job though. I just don't go on weird websites or install cracked crap. I have two-factor enabled on everything that matters.


----------



## Vik (Jun 29, 2019)

I've never had any issues with my DAW computer being internet connected either – after 20-30 years. But if any of you know a way to keep _myself_ off internet, please let me know.


----------



## jamwerks (Jun 29, 2019)

Stupid question... Is it possible to have the computer physically connected (Lan) but just turn on the connection when wanted?


----------



## MarcelM (Jun 29, 2019)

jamwerks said:


> Stupid question... Is it possible to have the computer physically connected (Lan) but just turn on the connection when wanted?



windows? yes. just disable the network adapter in device managment or network adapter settings.


----------



## jamwerks (Jun 29, 2019)

MarcelM said:


> windows? yes. just disable the network adapter in device managment or network adapter settings.


----------



## X-Bassist (Jun 29, 2019)

MarcelM said:


> windows? yes. just disable the network adapter in device managment or network adapter settings.



Mac? Yes, just turn off your network connection. There is a switch on the top bar (on right) for both network and wifi on/off. Easy-peezy.


----------



## hdsmile (Jun 29, 2019)

MarcelM said:


> windows? yes. just disable the network adapter in device managment or network adapter settings.


+1000% yeah sure, network adapter simply disable and use it only for some plugin/software update etc. if need it.


----------



## MarcelM (Jun 29, 2019)

X-Bassist said:


> Mac? Yes, just turn off your network connection. There is a switch on the top bar (on right) for both network and wifi on/off. Easy-peezy.



are you sure? by default usually osx does have this for wifi only?


----------



## JohnG (Jun 29, 2019)

MarcelM said:


> windows? yes. just disable the network adapter in device managment or network adapter settings.



Doesn't that disable VE Pro's connection?


----------



## Synetos (Jun 29, 2019)

JohnG said:


> Doesn't that disable VE Pro's connection?


It will if that is your only network adapter.

I run 3 network adapters (cards) in mine.

I run a dedicated Network connection between my DAW and my VST machine. Straight cable with static IP and no Gateway setup.


----------



## JohnG (Jun 29, 2019)

ha! way above my pay grade.

I keep all Windows machines offline. They are connected via ethernet to a Mac. So I guess it's conceivable there could be some weird way to get to them, but it would be complicated. And fruitless since they only have samples on them!


----------



## kitekrazy (Jun 29, 2019)

JohnG said:


> To suggest that ransomware or viruses are no longer a threat is total BS. Two cities in Florida have just paid over $500k each to get their files back. Large companies get millions -- millions -- of intrusion attempts a week.
> 
> Don't be naive -- protect what you have.



No one said that. It is still fear mongering. Those situations are victims of incompetent tech people. It's the naive ones that are victims by lurking where they shouldn't. Some self education eliminates the fear mongering.
I guess my only reason to be offline is when you have a rock solid version of W10. I fear Windows f'updates more than any malware.


----------



## JohnG (Jun 29, 2019)

kitekrazy said:


> It's the naive ones that are victims by lurking where they shouldn't.



I still think you're giving bad advice, kite even though I realise there is some sense to what you are saying. It's not just some 'dark web' or other unsavoury website that doles out malware etc. I've had spoofed "alerts" from my bank, complete with surprisingly convincing return email addresses and all that.

Normally, people don't fall for them. It's often someone is vulnerable in some way -- tired or in a hurry, or with some other thing attracting attention; someone who's been paying a lot of bills online and then gets an "invoice" who get snagged.

I even have anti-virus on my Mac, though there aren't too many events as bad as Wannacry or something like that with Macs.

And I use a VPN most of the time.


----------



## JJP (Jun 29, 2019)

This is a bit of a tangent, but may be useful.

I do work for one client that demands the machine be offline when working on specific projects. They required me to set up a non-admin account on my machine with wifi disabled and appropriate firewalls activated specifically for these situations.

In addition they require me to download their materials on a separate machine used for downloads only and that is offline when not in use. Downloaded material is kept on a hardware encrypted drive which is manually connected to the work machine so nothing goes on to the LAN other than when absolutely necessary.

It's extreme and quite frankly a bit silly for the work I do, but that's where the high-end standard for protecting data is today. They want near US Dept of Defense levels of security including cameras, lock boxes or safes for drives when not in use, etc.

After the HBO, Netflix, and Sony hacks, companies are very wary.


----------



## dzilizzi (Jun 29, 2019)

I can see being hyper careful with very expensive projects. Not so much for malware, but piracy can kill a new movie especially if it comes out weeks before the actual release date. And I'm sure it's the same for other products that take a lot R&D dollars.


----------



## Paul_P (Jun 30, 2019)

JohnG said:


> Normally, people don't fall for them. It's often someone is vulnerable in some way -- tired or in a hurry, or with some other thing attracting attention; someone who's been paying a lot of bills online and then gets an "invoice" who get snagged.



I just had this happen to me and I'm normally extremely vigilant. I was waiting for a postal delivery (something that doesn't happen that often) and was receiving legitimate email updates from the postal service as my shipment made its way to me when I received a fake email pretending to be from the same postal service about 'a' package. I clicked the link without even thinking. Luckily, nothing happened. Maybe my security software had something to do with that. A good lesson to keep me on my toes.


----------



## Delio Roman (Jun 30, 2019)

I use NetLimiter4 for this very reason. Blocks specific applications from going online (in and out/in or out). Look it up. It's a worthy investment for Windows machines. Use Little Snitch if you're on a Mac.

I like to keep my machine online since i'm constantly on YouTube, twitch, and social media (yeah a distraction i know lol) but i find myself always watching music tutorials etc.

a word of advice to everyone, try to keep your logins secured with 2 factor authentication (if available) and important drives bitlocker/apfs encrypted.


----------



## dzilizzi (Jun 30, 2019)

Delio Roman said:


> I use NetLimiter4 for this very reason. Blocks specific applications from going online (in and out/in or out). Look it up. It's a worthy investment for Windows machines. Use Little Snitch if you're on a Mac.
> 
> I like to keep my machine online since i'm constantly on YouTube, twitch, and social media (yeah a distraction i know lol) but i find myself always watching music tutorials etc.
> 
> a word of advice to everyone, try to keep your logins secured with 2 factor authentication (if available) and important drives bitlocker/apfs encrypted.


Bitlocker and the like are useless if you are on your machine when you click on a bad link. They are only really good against physical hacking. My work computer is fully encrypted and this is still an issue. But 2 factor is always good.


----------



## Delio Roman (Jun 30, 2019)

dzilizzi said:


> Bitlocker and the like are useless if you are on your machine when you click on a bad link. They are only really good against physical hacking. My work computer is fully encrypted and this is still an issue. But 2 factor is always good.



Hence why I said important drives.


----------



## Delio Roman (Jun 30, 2019)

dzilizzi said:


> Bitlocker and the like are useless if you are on your machine when you click on a bad link. They are only really good against physical hacking. My work computer is fully encrypted and this is still an issue. But 2 factor is always good.



Also not completely useless on a (for example) remote attack. Encryption is very good practice for sensitive data.


----------



## Quasar (Jun 30, 2019)

Delio Roman said:


> I use NetLimiter4 for this very reason. Blocks specific applications from going online (in and out/in or out). Look it up. It's a worthy investment for Windows machines. Use Little Snitch if you're on a Mac.
> 
> I like to keep my machine online since i'm constantly on YouTube, twitch, and social media (yeah a distraction i know lol) but i find myself always watching music tutorials etc.
> 
> a word of advice to everyone, try to keep your logins secured with 2 factor authentication (if available) and important drives bitlocker/apfs encrypted.


NetLimiter 4 looks pretty cool, and I my try it out for my internet computer.

But for me, the core principle about having an offline workstation is about the right to create in an environment of privacy and autonomy. It's a human rights issue, not a tactical or safety concern.


----------



## danbo (Jun 30, 2019)

I work in computer security among other software engineering. Keeping it off the internet is a partial solution because one of the more common vectors these days is horizontal attacks. Meaning virus that gets behind your primary firewall, into something in your local network (an IP camera or some other dongle you have maybe), then horizontally attacks the nodes on your computer. So you can block it from going to the internet - my router has easy options for this, but if it's on the network that's unsafe and so it still needs firewalling/etc.

You can unplug, but of course if you share files stuff can still sneak around. But this is all diminishing returns, I'll also say that viruses and hacking seem to be the modern day Red Scare. Big public websites get hacked because they're the more vulnerable. That is; they have to be public with lots and lots of software that is also public and opening ports all over, and to secure them costs hundreds of thousands. So yeah that's where the money is; a private individual getting 'hacked' is usually just them being careless, which begs something happening to them. But the serious money is in the municipalities.

FWIW I've got tons of devices and computers on my local network, and run sniffers that continually monitor, plus download loads of stuff. Never had an issue as far as I know. Anyhow, if your computer is bogged because of a little virus protection I'd suggest getting a new computer.


----------



## ReelToLogic (Jun 30, 2019)

jamwerks said:


> Stupid question... Is it possible to have the computer physically connected (Lan) but just turn on the connection when wanted?


I cut into my internet cable and installed a toggle switch that's mounted on my workstation. That way everything stays plugged in but I have a quick visual reference that lets me know for sure that I'm NOT connected. I normally leave it off, and it only takes one second to flip it on when I need to download something. I know this can be done in software but this is super quick and a positive way to disconnect.


----------



## Synetos (Jul 1, 2019)

Over the weekend, I decided to go cold turkey offline on my DAW and VEP VST machines. I gave up on RDP into another windows computer for internet access. 

I am going to restrict all Internet connectivity to my MacBook Pro. 

I really do not need to be online with my DAW. I have plenty of computers and these two one can be isolated. 

Also...being online is a distraction, even if it isn't a scary security thing. I now have to make the effort to go online, as it won't be just a mouse click away.


----------



## Nick Batzdorf (Jul 1, 2019)

JohnG said:


> With all the ransomware stories out there I would be anxious having a Windows computer connected all the time.
> 
> Maybe consider a separate, inexpensive laptop or other computer for online activity? Or [coughs] a Mac...



Backups!


----------



## Quasar (Jul 1, 2019)

Nick Batzdorf said:


> Backups!


Yeah, just keep the backup drive physically unattached when not using it, as ransomware can infect anything that is connected.

It's not difficult to stay safe from that stuff with a little bit of effort. For my web PC I just perform a full backup once a month or so, but copy new content to thumb drives or Dropbox in-between. So in a worst-case scenario I am never more than a half-hour away or so from being restored.

For the offline DAW PC it is similar: Full backup once a month (I don't bother with incremental/differential and all of that) and copying newly created content to a secondary drive between the backups.


----------



## Synetos (Jul 2, 2019)

Well...keeping my machines offline lasted only a few days. I can't stand it. It's like trying to give up coffee, cold turkey. Not happening...HAHA! 

So, I loaded up ESET Smart Security Premium suite on my DAW and VST machines, and everything is back online. 

I guess I will just take the slight performance hit (which really just comes from realtime scanning, which I could make rules to fix) and risk of being online. I will rely on good backups and safe online practices...to the best of my ability.


----------

