A Conceptual Question about the Mac Firewall and Security

Typically, when an app asks for permission for incoming connections and you allow it, it remembers that setting. You can later reverse your decision in the firewall settings. If it didn't remember your decision, you can also add an allowed app in those settings.

No, they don't ask about outgoing, only incoming.

Outgoing connections don't present the same threat level as incoming. You can certainly use apps like Little Snitch, but if you simply practice safe computing, you'll be fine.

Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 10 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.

Mac Virus/Malware FAQ​

1. Make sure your built-in Mac firewall is enabled in System Preferences > Security > Firewall
   
   
2. Uncheck "Open "safe" files after downloading" in Safari > Preferences > General
   
   
3. Disable Java in your browser (Safari, Chrome, Firefox). This will protect you from malware that exploits Java in your browser, including the recent Flashback trojan. Leave Java disabled until you visit a trusted site that requires it, then re-enable only for the duration of your visit to that site. (This is not to be confused with JavaScript, which you should leave enabled.)
   
   
4. Change your DNS servers to OpenDNS servers by reading this.
   
   
5. Be careful to only install software from trusted, reputable sites. Never install pirated software. If you're not sure about an app, ask in this forum before installing.
   
   
6. Never let someone else have access to install anything on your Mac.
   
   
7. Don't open files that you receive from unknown or untrusted sources.
   
   
8. For added security, make sure all network, email, financial and other important passwords are long and complex, including upper and lower case letters, numbers and special characters.
   
   
9. Always keep your Mac and application software updated. Use Software Update for your Mac software. For other software, it's safer to get updates from the developer's site or from the menu item "Check for updates", rather than installing from any notification window that pops up while you're surfing the web.

That's all you need to do to keep your Mac completely free of any Mac OS X malware that has ever been released into the wild. You don't need any 3rd party software to keep your Mac secure.

 

The firewall doesn't restrict outgoing access, only incoming.

There is no disadvantage to running daily as an admin user. That's the default.

The only way you can get a keylogger on your Mac is to install it yourself, or give someone else access to install it.

 

A keylogger isn't, by definition, malware. There are legitimate uses for keyloggers and some users install them intentionally. ClamXav may give a warning if one is detected, but I wouldn't worry about it. Keyloggers on Macs are rather rare.

 

Outbound firewalls are kind of a joke given that any malware that is able to log protected keystrokes has the privileges required to make an exception for themselves in the outbound firewall rules.

Several examples of malware exists that do this for popular outbound firewalls.

Mac OS X Mountain Lion includes code signing that prevents unsigned code from executing in the first place. This is much more effective than an outbound firewall.