Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
firewall on or off
- Thread starter hoefler
- Start date
- Sort by reaction score
ok thanks guys...ive been working with this mac for like a few weeks now but never noticed it was "off" all the time.
whats a good app you guys recommend to make sure nothings wrong with the system and to clean my system just to make sure?
whats a good app you guys recommend to make sure nothings wrong with the system and to clean my system just to make sure?
OnyX available from the developer http://www.titanium.free.fr/forums.php
or http://www.macupdate.com
Free or donations accepted
However, unlike the windows world, tinkering with the system is not necessary. I know some people using Macs that have never used any "cleaning" software and done very little to no maintenance - with no problems either.
If you like to be prepared, buy a copy of Disk Warrior, an external HD, and use Carbon Copy Cloner to make a bootable clone of your HD, then you will have a backup of everything, including your data, and can run Dosk Warrior from the external HD on the internal if the HD gets messed up. It is much better than the Disk Utility Apple provides (DU isn't lame, just limited).
Also read the links Spinnerly and others provide - spattered all over the forum - for good info on working on the Mac platform.
Did you have any sharing services turned on? Did you have appropriately secure passwords for such services (Remote Login, Remote Management, etc)? Did any of the services have an active exploit while you had them exposed?
You do not have to worry too much unless you had services set up incorrectly or they had a vulnerability. Strong passwords and lack of vulnerabilities protect from hacking and exploitation via worms. Even if you have the firewall turned on, some services are still exploitable if the traffic appears legitimate as in attempts to log in to remote services (so strong passwords are important) and browser exploits.
Services that are turned off, properly secured, and do not have a vulnerability are not at risk. The default state of Mac OS X has very few running services. Scanning a Mac without a firewall with NMAP security scanner provides less information than a Windows machine with a firewall.
In terms of the common understanding of a firewall, Mac OS X is not running any firewall by default. But, firewalling constitutes more than just an application firewall or a packet filter.
The Unix DAC model insulates different levels of the system by controlling access based on users and groups. This is supplemented by Unix permissions and access control lists.
Sandboxing also constitutes a form of firewalling. Sandboxing in Mac OS X is an implementation of the TrustedBSD MAC model. This is used to sandbox mandatorily exposed services, such as mdnsresponder. Often this type of sandboxing, when used to supplement Unix DAC, is labelled as an application firewall; for example, AppArmour (found in some Linux OSes) is referred to as an application firewall (also by default only used for mandatorily exposed services).
Given the sandboxing of mandatorily exposed services combined with other remotely accessible services being turned off, Mac OS X is firewalled by default even though it does not ship with the conventional application firewall turned on. If you do not turn on any of the services found in the "Sharing" pane of System Preferences, there is really no need to turn on the Firewall except for peace of mind.
Also, application firewalls, such as the one found in the "Security" pane, typically only understand the protocols for sharing services (VNC, FTP, SSH, etc) if used on the standard port for the service and provide only basic filtering for non-standard protocols or services using non-standard ports.
Stateful firewalls are better in general as provide the benefits of both packet filters and application firewalls. IPFW, the packet filter in Mac OS X, can be set up as a stateful firewall. The easiest way to do so is to download an IPFW GUI, called Noobproof, and set it to run in "supernoob mode."
The Unix DAC model insulates different levels of the system by controlling access based on users and groups. This is supplemented by Unix permissions and access control lists.
Sandboxing also constitutes a form of firewalling. Sandboxing in Mac OS X is an implementation of the TrustedBSD MAC model. This is used to sandbox mandatorily exposed services, such as mdnsresponder. Often this type of sandboxing, when used to supplement Unix DAC, is labelled as an application firewall; for example, AppArmour (found in some Linux OSes) is referred to as an application firewall (also by default only used for mandatorily exposed services).
Given the sandboxing of mandatorily exposed services combined with other remotely accessible services being turned off, Mac OS X is firewalled by default even though it does not ship with the conventional application firewall turned on. If you do not turn on any of the services found in the "Sharing" pane of System Preferences, there is really no need to turn on the Firewall except for peace of mind.
Also, application firewalls, such as the one found in the "Security" pane, typically only understand the protocols for sharing services (VNC, FTP, SSH, etc) if used on the standard port for the service and provide only basic filtering for non-standard protocols or services using non-standard ports.
Stateful firewalls are better in general as provide the benefits of both packet filters and application firewalls. IPFW, the packet filter in Mac OS X, can be set up as a stateful firewall. The easiest way to do so is to download an IPFW GUI, called Noobproof, and set it to run in "supernoob mode."
Last edited:
