Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Mac firewall capabilities ?

B

Bismarck

macrumors newbie
Original poster
Oct 18, 2006
16
0
I have a question about the Mac's firewall. I have yet to place my order for a first Mac.

There are firewalls and there are firewalls. Windows XP now comes with one built in, but from what I can see (and I'm not an XP expert), the XP firewall doesn't do as much as what ZoneAlarm does. I installed ZoneAlarm on my Win2000 box, and it allows me to check outgoing traffic. If a program that I installed wants to talk to the net, a popup will warn me and ask if it's OK. Unless I know why and I want it to, I can say no, and I can tell ZA to always say no to that program. So if I bought a program from a legit company who wants to be nosy, I can tell them to kiss off. The XP firewall does not appear to guard against outgoing traffic.

So I wonder about Mac's firewall. Does it do anything like what I described ZoneAlarm doing ?
 
As far as i know macs are pretty bullet proof !

I would switch on the MAC firewall,, and any ports you want open you can very simply .

If your concerned you could get a firewall like 'brickhouse' thats supposed to be good, but im happy with the MAC firewell.

A matter of personal preference !
 
The Mac's firewall is pretty decent I think, (what with UDP blocking and Stealth mode in the advanced options, in addition to firewall logging).

As for checking when apps connect to the net etc, it sounds something like Little Snitch might be what you are after(?).
 
NetBarrier is the most complete firewall for Macs that I've seen or used. It can display information about processes with communications. It had warned me of several PING attacks and with a click of a button, squelched them without having to edit anything.

I had an issue or two with customer service and you have to wait for their developers to catch up with Apple's updates, but they did a great job.
 
Little Snitch does seem to be the best for this, above and beyond pssh not running suspect apps. :D

But I wonder... does the ipfw in Darwin actually have outgoing firewall capabilities that are not implemented in the OS X GUI, or is it a purely incoming firewall by design?
 
bushfrog said:
If your concerned you could get a firewall like 'brickhouse' thats supposed to be good, but im happy with the MAC firewell.
Click to expand...

actually, brickhouse (which has been renamed to flying buttress now, btw) is simply a more advance GUI for the built-in firewall in OS X with more configuration options. it is not a separate firewall program in itself...

it does work quite well - i've used it though have yet to install it on my new macbook...
 
Porco said:
The Mac's firewall is pretty decent I think, (what with UDP blocking and Stealth mode in the advanced options, in addition to firewall logging).

As for checking when apps connect to the net etc, it sounds something like Little Snitch might be what you are after(?).
Click to expand...

Just saw something about Little Snitch in someone's thread about a System Prefs visual problem. But now my question is about Little Snitch. What exactly does this program do, and is it something I should look into? how does it differ form the built-in firewall for OS X?
 
It basically snitches out programs that try to call home or try to access the internet (basically like Zone Alarm). I've used it, and from minor bugs in the past, it's been a great piece of software. As for the OSX firewall, it only blocks incoming requests, not outgoing. So if you have Little Snitch installed, it will tell you exactly what is trying to go out, and whether you want to block it, while the OSX firewall blocks the incoming requests.
 
I don't know much..lol... but a router (aka hardware firewall) handles incoming requests, and outgoing requests would have to be handled by a upper end hardware firewall or a software firewall (like zone alarm) but I feel that outgoing requests are mainly done by spyware or virus crap, granted both can happen on a mac (contrary to popular belief) but the platform is so small and not targeted yet so there seems to be little need for a software firewall, simular with linux, if it sits behind a router its fairly safe at this point... our corporate network sits behind a hotbrick router/firewall but I have placed unit in DMZ for a period just to see what happens (I ran a linux box on DMZ for over a year with no issues, along with a windows 2003 server for a good 9 months) again, just to see what happens... nothing zip zero notta... lol..

DD
 
Conflict?

Since there is a firewall in the router [Netgear] I'm using, and if I am reading the Apple docs correctly, the internal Apple firewalls in my C2D's iMac & MB should both be turned off? Will it hurt performance or what if the Apple firewall is turned on too?

But, as ddekker mentioned, the router firewall is mainly for incoming - leaving then the Apples naked to outgoing nasties. Even tho' the threat is relatively very low, IF a person wanted, then looks like NetBarrier is best recommended firewall addition, and then also use Little Snitch to monitor the entire system?

My iMac is ethernet, and the MB is wireless, FWIW.
 
If you have a router, I recommend leaving the Apple firewall off, for lag purposes. Also, I wouldn't have both Netbarrier and Little Snitch installed; the router will block the incoming requests, and Little Snitch will ask about the outgoing, leaving you to decide whether the application should try to connect somewhere.

edit: As for buying and using Netbarrier, I would sway away from it. It seems kinda useless right now (no viruses made, already have a router). Little Snitch and the router you have should work just fine. But that's just my opinion, yours may vary.
 
mkrishnan said:
But I wonder... does the ipfw in Darwin actually have outgoing firewall capabilities that are not implemented in the OS X GUI, or is it a purely incoming firewall by design?
Click to expand...

Yes, the OS X firewall (which is actually "ipfw") is rather robust and can filter outbound traffic as well as inbound. It cannot easily prompt you when it sees new outbound traffic like Little Snitch does, but an industrious programmer could probably add that feature via the ipfw "divert" feature.
 
djdawson said:
Yes, the OS X firewall (which is actually "ipfw") is rather robust and can filter outbound traffic as well as inbound. It cannot easily prompt you when it sees new outbound traffic like Little Snitch does, but an industrious programmer could probably add that feature via the ipfw "divert" feature.
Click to expand...

I do kind of wish that Apple would implement something like that in the OS X GUI / sys prefs level of control over ipfw. Although realistically, I guess I only use trusted software and am not overly concerned about when/if the things I use -- Apple's software, MS Office, Firefox, Adium, Photoshop, etc, communicate with the outside world. And I guess that from a managed user standpoint, it's sufficient for me merely to limit what programs they can access, and at that point, it again becomes a non-issue.
 
bitabytex said:
If you have a router, I recommend leaving the Apple firewall off, for lag purposes. Also, I wouldn't have both Netbarrier and Little Snitch installed; the router will block the incoming requests, and Little Snitch will ask about the outgoing, leaving you to decide whether the application should try to connect somewhere.

edit: As for buying and using Netbarrier, I would sway away from it. It seems kinda useless right now (no viruses made, already have a router). Little Snitch and the router you have should work just fine. But that's just my opinion, yours may vary.
Click to expand...

Thanks for the note - Curious, I guess then that the Netgear router and the Apple internal firewall are just as 'strong' as the other?

Will check out the Little Snitch. :)
 
mkrishnan said:
I do kind of wish that Apple would implement something like that in the OS X GUI / sys prefs level of control over ipfw. Although realistically, I guess I only use trusted software and am not overly concerned about when/if the things I use -- Apple's software, MS Office, Firefox, Adium, Photoshop, etc, communicate with the outside world. And I guess that from a managed user standpoint, it's sufficient for me merely to limit what programs they can access, and at that point, it again becomes a non-issue.
Click to expand...

I think too much reporting would just scare the average user. Take a look at System Preferences > Sharing > Firewall > Advanced > Log sometime and see how much crap hits the machine. Combine that with outbound reporting and the average person either stops using the computer or gives permission to everything because he can't decide what to do.

BTW, Little Snitch runs free for 3 hours on restart so you see if it is something you want before buying it.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back