firewall on or off

Discussion in 'macOS' started by hoefler, Nov 22, 2010.

  1. hoefler macrumors member

    Oct 10, 2010
    hey guys i'm new to mac, do you guys recommend having the firewall turned on or off?

    if its turned on is it going to slow down the computer and ask for passwords every 10 minutes?
  2. r.j.s Moderator emeritus


    Mar 7, 2007
  3. TEG macrumors 604


    Jan 21, 2002
    Langley, Washington
    Turn it on. It is not as annoying as others, and does a great job.

  4. hoefler thread starter macrumors member

    Oct 10, 2010
    ok thanks guys...ive been working with this mac for like a few weeks now but never noticed it was "off" all the time.

    whats a good app you guys recommend to make sure nothings wrong with the system and to clean my system just to make sure?
  5. davidlv macrumors 65816

    Apr 5, 2009
    Kyoto, Japan
    OnyX available from the developer
    Free or donations accepted
    However, unlike the windows world, tinkering with the system is not necessary. I know some people using Macs that have never used any "cleaning" software and done very little to no maintenance - with no problems either.
    If you like to be prepared, buy a copy of Disk Warrior, an external HD, and use Carbon Copy Cloner to make a bootable clone of your HD, then you will have a backup of everything, including your data, and can run Dosk Warrior from the external HD on the internal if the HD gets messed up. It is much better than the Disk Utility Apple provides (DU isn't lame, just limited).
    Also read the links Spinnerly and others provide - spattered all over the forum - for good info on working on the Mac platform.:cool:
  6. munkery macrumors 68020


    Dec 18, 2006
    Did you have any sharing services turned on? Did you have appropriately secure passwords for such services (Remote Login, Remote Management, etc)? Did any of the services have an active exploit while you had them exposed?

    You do not have to worry too much unless you had services set up incorrectly or they had a vulnerability. Strong passwords and lack of vulnerabilities protect from hacking and exploitation via worms. Even if you have the firewall turned on, some services are still exploitable if the traffic appears legitimate as in attempts to log in to remote services (so strong passwords are important) and browser exploits.

    Services that are turned off, properly secured, and do not have a vulnerability are not at risk. The default state of Mac OS X has very few running services. Scanning a Mac without a firewall with NMAP security scanner provides less information than a Windows machine with a firewall.
  7. munkery, Dec 23, 2010
    Last edited: Dec 23, 2010

    munkery macrumors 68020


    Dec 18, 2006
    In terms of the common understanding of a firewall, Mac OS X is not running any firewall by default. But, firewalling constitutes more than just an application firewall or a packet filter.

    The Unix DAC model insulates different levels of the system by controlling access based on users and groups. This is supplemented by Unix permissions and access control lists.

    Sandboxing also constitutes a form of firewalling. Sandboxing in Mac OS X is an implementation of the TrustedBSD MAC model. This is used to sandbox mandatorily exposed services, such as mdnsresponder. Often this type of sandboxing, when used to supplement Unix DAC, is labelled as an application firewall; for example, AppArmour (found in some Linux OSes) is referred to as an application firewall (also by default only used for mandatorily exposed services).

    Given the sandboxing of mandatorily exposed services combined with other remotely accessible services being turned off, Mac OS X is firewalled by default even though it does not ship with the conventional application firewall turned on. If you do not turn on any of the services found in the "Sharing" pane of System Preferences, there is really no need to turn on the Firewall except for peace of mind.

    Also, application firewalls, such as the one found in the "Security" pane, typically only understand the protocols for sharing services (VNC, FTP, SSH, etc) if used on the standard port for the service and provide only basic filtering for non-standard protocols or services using non-standard ports.

    Stateful firewalls are better in general as provide the benefits of both packet filters and application firewalls. IPFW, the packet filter in Mac OS X, can be set up as a stateful firewall. The easiest way to do so is to download an IPFW GUI, called Noobproof, and set it to run in "supernoob mode."
  8. lostngone macrumors 65816


    Aug 11, 2003
    On most of the time

    I leave it on most of the time I turn it off when troubleshooting network connection problems.

Share This Page