Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Is the OS X(TEN) firewall enough???
- Thread starter jc0481
- Start date
- Sort by reaction score
Well, the firewall included with X is pretty mediocre, but it's not too important, because malicious files aren't normally written for the Mac...
I can't say I know if stealth mode will slow down your connection speed, though.
Edit: A quick Google search seems to have yielded the result that stealth mode won't slow down your connection
I can't say I know if stealth mode will slow down your connection speed, though.
Edit: A quick Google search seems to have yielded the result that stealth mode won't slow down your connection
pretty mediocre... What do you mean by that?
I've never heard anything that would suggest the built in Firewall in OS X has any weaknesses. It isn't as customisable as some other solutions, but if you don't need advanced customisation, the security should be just as good as any other firewall.
I've never heard anything that would suggest the built in Firewall in OS X has any weaknesses. It isn't as customisable as some other solutions, but if you don't need advanced customisation, the security should be just as good as any other firewall.
Well, I was mainly just saying that it's a good basic firewall if you don't need any extra/special features. I used the word "mediocre" to imply that you'd get a more custimizable experience with a 3rd party firewall. For something that is part of the operating system, it's very good.gekko513 said:
True though, I haven't heard of any specific weaknesses in the firewall.
jc0481 said:
Is your internet going through some sort of router or an airport base station? Those help secure it. I just have the OSX firewall and a Linksys router, no problems.
Hell, even back when I lived in the dorms, we had direct connections to the internet (external IPs, no routers to go through) and I never had any problems with just the OSX firewall
Firewall recommendations
Most importantly, just turn it on. Whatever firewall application/implementation you decide on, just keep it on. The included firewall with Mac OS X is very good, however if you want more easily configurable features (without having to go about via command line) I recommend Little Snitch. Easily controls outgoing information as well as incoming at system AND application level. Very easy to learn to use. Check out the Macworld review: http://www.macworld.com/2006/05/reviews/littlesnitch12/index.php
Hope this was helpful-cheers!
Most importantly, just turn it on. Whatever firewall application/implementation you decide on, just keep it on. The included firewall with Mac OS X is very good, however if you want more easily configurable features (without having to go about via command line) I recommend Little Snitch. Easily controls outgoing information as well as incoming at system AND application level. Very easy to learn to use. Check out the Macworld review: http://www.macworld.com/2006/05/reviews/littlesnitch12/index.php
Hope this was helpful-cheers!
There aren't... ever.Copland said:... because malicious files aren't normally written for the Mac...
There has never been one reported malicious file for the mac (OS X) coming from an internet browser. Ever. Yeah, the whole... opening the picture, ASKING FOR A PASSWORD, "virus" or "trojan" or "worm" or whatever really isn't a virus or trojan or worm in my eyes - at all.
You have *nothing* to worry about. I have had my machine for months - a year in August and have never had any security worries, issues, problems or anything. And that's with it turned OFF.
I've been directly on the Internet sans firewall or virus protection on my Mac for three OS revisions totaling almost 3 years, and I've never had a single problem. There just isn't "auto-attack" stuff out there. If you're behind a NAT router, even, you are golden and have nothing to worry about.
You won't lose anything by turning it on, and stealth mode has nothing to do with the speed of your "internet" either.
Ok, if you aren't behind a router or other hardware firewall, and you have no password on your account, AND you turn on filesharing or remote login, the software firewall isn't going to do you a bit of good one way or the other--your Mac will have the relevant ports open, and there's nothing stopping somebody from just popping in to do whatever they want.dylan said:
Roughly equivalent to leaving your front door wide open on a busy street in a bad neighborhood. Heck, if you have that setup, you're essentally inviting visitors in--it could barely even be considered hacking.
In simple terms, if you turn off all sharing services, turn on the firewall, and turn on stealth mode, your computer will be pretty much secure and there's no measureable performance diffference. The only disadvantage to this is if you're trying to use some software--BitTorrent, for example--that needs to accept incoming requests for information. Surfing the web, getting email, etc, is different--in those cases you're the one asking for the information, so it works fine with or without a firewall.
If you want a more technical description:
All the OSX firewall does is block incomming connection attempts to ports that you haven't specifically opened. This would protect you from an unknown vulnerability in some particular service (even if the service was vulnerable, whatever port it's listening to isn't accessable from the outside), or from a malicious and/or insecure application that is listening to some port but not smart enough to open it.
In theory, so long as there's nothing wrong with the OS and you're not running any untoward applications, you don't technically need the firewall on--the firewall just protects you from security problems you don't know you have yet (unpatched vulnerabilities, that is). That said, it's a very good idea to turn it on for exactly that reason.
Turning on Stealth Mode takes it a step farther--that means that your computer doesn't just say "no" when something tries to talk to it, it doesn't even respond. So, in effect, if you have no services enabled, your computer is invisble--it gives no indication from incoming requests that it even exists. Now, if you have any services turned on (file sharing, for example), then your computer WILL respond to that port, so it doesn't do you much good--it protects you from nasty things casually "pinging" random addresses looking for computers to mess with, but if something/one is portscanning your address, it will get a response when it eventually hits the open port, so it'll know you're there. At that point, your security is only as good as your password.
And that applies to every situation outside of a hardware firewall/router: If you have any sharing services turned on, your security is only as good as your password.