Is the OS X(TEN) firewall enough???

Discussion in 'macOS' started by jc0481, Jun 16, 2006.

  1. jc0481 macrumors regular

    Mar 16, 2005
    Just was wondering because I have a DSL connection and was going to look at third party products. So is the OS X firewall very secure? Also when I go into stealth mode on the Internet will it slow it down my Internet?Thanks
  2. Copland macrumors regular


    May 26, 2006
    Rochester, NY
    Well, the firewall included with X is pretty mediocre, but it's not too important, because malicious files aren't normally written for the Mac...:)

    I can't say I know if stealth mode will slow down your connection speed, though.

    Edit: A quick Google search seems to have yielded the result that stealth mode won't slow down your connection
  3. gekko513 macrumors 603


    Oct 16, 2003
    pretty mediocre... What do you mean by that?

    I've never heard anything that would suggest the built in Firewall in OS X has any weaknesses. It isn't as customisable as some other solutions, but if you don't need advanced customisation, the security should be just as good as any other firewall.
  4. Copland macrumors regular


    May 26, 2006
    Rochester, NY
    Well, I was mainly just saying that it's a good basic firewall if you don't need any extra/special features. I used the word "mediocre" to imply that you'd get a more custimizable experience with a 3rd party firewall. For something that is part of the operating system, it's very good.

    True though, I haven't heard of any specific weaknesses in the firewall.
  5. yg17 macrumors G5


    Aug 1, 2004
    St. Louis, MO
    Is your internet going through some sort of router or an airport base station? Those help secure it. I just have the OSX firewall and a Linksys router, no problems.

    Hell, even back when I lived in the dorms, we had direct connections to the internet (external IPs, no routers to go through) and I never had any problems with just the OSX firewall
  6. uberpenguin macrumors newbie


    Firewall recommendations

    Most importantly, just turn it on. Whatever firewall application/implementation you decide on, just keep it on. The included firewall with Mac OS X is very good, however if you want more easily configurable features (without having to go about via command line) I recommend Little Snitch. Easily controls outgoing information as well as incoming at system AND application level. Very easy to learn to use. Check out the Macworld review:

    Hope this was helpful-cheers!
  7. FocusAndEarnIt macrumors 601


    May 29, 2005
    There aren't... ever.

    There has never been one reported malicious file for the mac (OS X) coming from an internet browser. Ever. Yeah, the whole... opening the picture, ASKING FOR A PASSWORD, "virus" or "trojan" or "worm" or whatever really isn't a virus or trojan or worm in my eyes - at all.

    You have *nothing* to worry about. I have had my machine for months - a year in August and have never had any security worries, issues, problems or anything. And that's with it turned OFF. :D :)
  8. killmoms macrumors 68040


    Jun 23, 2003
    Washington, DC
    I've been directly on the Internet sans firewall or virus protection on my Mac for three OS revisions totaling almost 3 years, and I've never had a single problem. There just isn't "auto-attack" stuff out there. If you're behind a NAT router, even, you are golden and have nothing to worry about.
  9. Mord macrumors G4


    Aug 24, 2003
    the cons outweigh the annoyances, just get a router with a decent firewall, then you dont have to worry about any computer in the house.
  10. imacintel macrumors 68000

    Mar 12, 2006
    Just get it. You don't need the firewall. Period. Macs have no viruses, whatsoever.
  11. dylan macrumors 6502

    Jul 9, 2005
    My understanding is that the firewall keeps out hackers. Without one someone who knows macs could access your information. Particularly if you aren't passworded.
  12. Counterfit macrumors G3


    Aug 20, 2003
    sitting on your shoulder
    You won't lose anything by turning it on, and stealth mode has nothing to do with the speed of your "internet" either.
  13. Makosuke macrumors 603

    Aug 15, 2001
    The Cool Part of CA, USA
    Ok, if you aren't behind a router or other hardware firewall, and you have no password on your account, AND you turn on filesharing or remote login, the software firewall isn't going to do you a bit of good one way or the other--your Mac will have the relevant ports open, and there's nothing stopping somebody from just popping in to do whatever they want.

    Roughly equivalent to leaving your front door wide open on a busy street in a bad neighborhood. Heck, if you have that setup, you're essentally inviting visitors in--it could barely even be considered hacking.

    In simple terms, if you turn off all sharing services, turn on the firewall, and turn on stealth mode, your computer will be pretty much secure and there's no measureable performance diffference. The only disadvantage to this is if you're trying to use some software--BitTorrent, for example--that needs to accept incoming requests for information. Surfing the web, getting email, etc, is different--in those cases you're the one asking for the information, so it works fine with or without a firewall.

    If you want a more technical description:
    All the OSX firewall does is block incomming connection attempts to ports that you haven't specifically opened. This would protect you from an unknown vulnerability in some particular service (even if the service was vulnerable, whatever port it's listening to isn't accessable from the outside), or from a malicious and/or insecure application that is listening to some port but not smart enough to open it.

    In theory, so long as there's nothing wrong with the OS and you're not running any untoward applications, you don't technically need the firewall on--the firewall just protects you from security problems you don't know you have yet (unpatched vulnerabilities, that is). That said, it's a very good idea to turn it on for exactly that reason.

    Turning on Stealth Mode takes it a step farther--that means that your computer doesn't just say "no" when something tries to talk to it, it doesn't even respond. So, in effect, if you have no services enabled, your computer is invisble--it gives no indication from incoming requests that it even exists. Now, if you have any services turned on (file sharing, for example), then your computer WILL respond to that port, so it doesn't do you much good--it protects you from nasty things casually "pinging" random addresses looking for computers to mess with, but if something/one is portscanning your address, it will get a response when it eventually hits the open port, so it'll know you're there. At that point, your security is only as good as your password.

    And that applies to every situation outside of a hardware firewall/router: If you have any sharing services turned on, your security is only as good as your password.

Share This Page