RE: Napster vs. ITunes.. Which is more secure?

["William Holmberg" <wholmberg () amdpi com>]

AS a clarification, iTunes runs on Windows just as well as on the Macs,
but if you prefer the WMP on Windows, you can go that route. I find
though, that most users using either have an iPod, which is uniquely
supported in iTunes and not as rich an experience when using another
App.
I also concur on the port blocking scheme you describe, as well as on
the P2P sw...
My .02
Bill

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of James Alcasid
Sent: Friday, October 05, 2007 10:34 AM
To: security-basics () securityfocus com
Subject: Re: Napster vs. ITunes.. Which is more secure?

If you apply the principle of minimal privilege then you would not allow
any
file/music sharing software and close up the corresponding ports on the
firewall as an example. Also include a written policy that is signed off
and
understood by all then you won't have to support Britney Spears music
not
being downloaded.

A middle ground approach is to allow a program such as iTunes on the
Macs as
an example but block out ports 3689 music sharing and radio streaming
ports
8000-8999, 42000-42999.

Forget about any P2P programs on the corporate LAN, your just asking for
trouble.


On 10/4/07 1:26 PM, "desert penguin" <desertpenguin007 () msn com> wrote:

> Greetings all,
>
> Have begun a cleanup on a network in which many PCs were found to have
> iTunes, Napster and some other P2P programs which are obviously "no
no's".
> I am leaning more towards allowing Windows Media player and iTunes,
but what
> about Napster?  Now that they are legalized, are there insecurities
with it-
> or is it pretty much on the same "level" as iTunes?  Is it good policy
to
> allow WMP and iTunes and disallow Napster and say, BearShare, or would
it be
> best to just restrict them all entirely?  Thank You