Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Firewall
- Thread starter JJLT76
- Start date
- Sort by reaction score
You have to turn it on, with a new Mac there aren't any services running. I heard that running the firewall and no internet services actually decreases security.
I do have the firewall enabled however and you can enable the firewall in System Preferences==>Sharing==>Firewall.
I do have the firewall enabled however and you can enable the firewall in System Preferences==>Sharing==>Firewall.
Intriguing. What do you mean by this?
Because in theory the firewall itself could be hacked, whereas when it's off it can't be hacked.
This only really applies because the Mac Firewall only stops bad stuff getting in, not stuff getting out from your computer.
This is only what I've heard from other people on this site, so may not be entirely true.
First question: by default the firewall is off. If you are directly connected to a broadband modem, you should definitely turn your firewall on. Although if you aren't running any server processes (ssh, email, web, ftp etc) then there aren't any services for a hacker to exploit. The most important thing the firewall can do is to put your computer in "stealth" mode where port scanners can't even see it.
If you are behind a router that has an active firewall on you could argue that you don't need the client computer's firewall running also. But it doesn't hurt and the demand on the processor/ram/hd is very minimal.
I don't understand how turning on the firewall can make your computer less secure.
If you are behind a router that has an active firewall on you could argue that you don't need the client computer's firewall running also. But it doesn't hurt and the demand on the processor/ram/hd is very minimal.
I don't understand how turning on the firewall can make your computer less secure.
Nonsense. Turning it on doesn't make the computer much more secure because most of the time users are already behind a somewhat better firewall built in to their router. Even that isn't that great though. It is one extra barrier to get through though. It would be like building a 4 foot wooden fence around around your house. Will it keep a thief out? No way, but it certainly doesn't make your house less secure.
You are correct in saying that it only stop incoming traffic, not outgoing traffic. Little Snitch is pretty good at stopping outgoing traffic.
^^^ Read the final post in this thread, which links to this page.
If you are an average user on Windows running a firewall makes sense because you don't know what to block, whereas a Mac doesn't have anything that needs blocking in the first place.
If you are an average user on Windows running a firewall makes sense because you don't know what to block, whereas a Mac doesn't have anything that needs blocking in the first place.
...
http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html
http://www.heise-security.co.uk/result.xhtml?url=/news/83772&words=firewall&T=firewall
http://www.heise-security.co.uk/result.xhtml?url=/news/84266&words=firewall&T=firewall
just some examples. If you don't have a serious purpose for a personal firewall, dont use one.
In windows is it possible to have zero open ports, without using a firewall:
http://www.dingens.org/index.html.en
in OS-X, there aren't any open ports normally.
And if you use a personal Firewall to block programs phoning home, then read this: http://www.adobe.com/support/security/bulletins/apsb07-11.html
Also, why are you running programs when you don't trust them?
The OS X firewall is not meant to block internal traffic. It is only for external traffic and all it does is close all ports that you do not specifically allow. In reality, it is just the basic unix firewall that is tried and true for years. There is absolutely nothing about it that makes it easier to hacking a Mac.
How in the h*ll can running a (unix) firewall and NO internet services make your system less secure.........thats a new one on me ....................................
...................