newbie ..do i want firewall on or off?

Discussion in 'iMac' started by robtonet, Nov 24, 2014.

  1. robtonet macrumors newbie

    Joined:
    Oct 31, 2014
    #1
    and why is off by default? thanks-- iMac 27" 4 mos old june
     
  2. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #2
    If you're behind a router at home, then you don't need it on. if you're using a public wifi like many laptops, then its better to have it on.

    Its not needed imo, because a router's own built in security.
     
  3. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #3
    I recommend you turn it on and leave it on, even on your home network. That way you won't have to remember to turn it on when you need it.

    Read the What security steps should I take? section of the Mac Virus/Malware FAQ for tips on practicing safe computing.
     
  4. leenak macrumors 68020

    Joined:
    Mar 10, 2011
    #4
    hacking into a home wifi is pretty trivial, perhaps if you live in the boonies, it may be less of a concern but I'd recommend putting your firewall on.
     
  5. cynics macrumors G4

    Joined:
    Jan 8, 2012
    #5
    You find defeating current standard security of modern routers trivial but not Apples built in firewall?
     
  6. chabig macrumors 601

    Joined:
    Sep 6, 2002
    #6
    The firewall ships off because by default, OS X has no open ports.
     
  7. leenak macrumors 68020

    Joined:
    Mar 10, 2011
    #7
    well it is a second layer that you can break through and since there are simple programs you can download to defeat modern wifi APs, it is best to have your firewall on. And besides, there are many people that will use the standard wifi out of the box which doesn't even need a program to defeat.
     
  8. tillsbury macrumors 65816

    Joined:
    Dec 24, 2007
    #8
    If you don't know whether you want it on or off, you want it on.
     
  9. Chippy99 macrumors 6502a

    Joined:
    Apr 28, 2012
    #9
    Are there any benefits to leaving it off? Offhand, I can think of none.
     
  10. robtonet thread starter macrumors newbie

    Joined:
    Oct 31, 2014
    #10
    thank you very much

    it is tough learning this stuff on my own. sorry to bother you all
     
  11. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #11
    Asking questions about your Mac is not bothering people. It is why the forum is here.

    We were all Mac virgins at one time. ;)
     
  12. phpmaven macrumors 68040

    phpmaven

    Joined:
    Jun 12, 2009
    Location:
    San Clemente, CA USA
    #12
    I don't know where you got the idea that there are no open ports by default. OS X has a number of open ports by default, and even more depending on what you have installed. On my system for example there are more than 20 open.

    Whether or not they can be reached and exploited from the outside world is a function of your router/firewall and the expertise of the one trying to hack in.
     
  13. cathul macrumors member

    Joined:
    May 5, 2008
    #13
    A fresh installation of OS X has no open services to the outside.
    Every of the 20 open ports on your system you've opened yourself f.e. by starting file sharing, screen sharing, remote login and stuff like that.
     
  14. phpmaven, Jan 3, 2015
    Last edited: Jan 3, 2015

    phpmaven macrumors 68040

    phpmaven

    Joined:
    Jun 12, 2009
    Location:
    San Clemente, CA USA
    #14
    Well... that's just plain inaccurate. By default there are a number of ports open for services used by iTunes and mail and web browsing etc.... If you didn't have any open ports, you wouldn't be able surf the Internet, get email, get app updates and so forth.

    Whether or not there are any services listening on a specific port is another matter.

    Having said that, the average user doesn't need to worry about enabling the firewall as OS X by default doesn't have any services listening that could be easily exploited.
     
  15. phpmaven macrumors 68040

    phpmaven

    Joined:
    Jun 12, 2009
    Location:
    San Clemente, CA USA
    #16
  16. cathul macrumors member

    Joined:
    May 5, 2008
    #17
    Well, most of these services are listening on localhost only, so that is not a real problem.

    See my list of open ports f.e.:

    Code:
    MacbookRetina:~ root# lsof -i -P |grep -i listen
    launchd      1           root   39u  IPv6 0xd22aa9a1fc598a09      0t0    TCP localhost:631 (LISTEN)
    launchd      1           root   42u  IPv4 0xd22aa9a1fc5a1959      0t0    TCP localhost:631 (LISTEN)
    launchd      1           root   46u  IPv4 0xd22aa9a1fc5a1959      0t0    TCP localhost:631 (LISTEN)
    launchd      1           root   47u  IPv6 0xd22aa9a1fc598a09      0t0    TCP localhost:631 (LISTEN)
    2BUA8C4S2  370          peter   24u  IPv4 0xd22aa9a209bfb959      0t0    TCP localhost:6258 (LISTEN)
    2BUA8C4S2  370          peter   25u  IPv6 0xd22aa9a1fc597609      0t0    TCP localhost:6258 (LISTEN)
    2BUA8C4S2  370          peter   26u  IPv4 0xd22aa9a1fc59d2d9      0t0    TCP localhost:6263 (LISTEN)
    2BUA8C4S2  370          peter   27u  IPv6 0xd22aa9a1fc598509      0t0    TCP localhost:6263 (LISTEN)
    Dropbox10  394          peter   40u  IPv4 0xd22aa9a2106dfd49      0t0    TCP *:17500 (LISTEN)
    openvpn    469           root    4u  IPv4 0xd22aa9a1fc59ed49      0t0    TCP localhost:49183 (LISTEN)
    eclipse    487          peter  233u  IPv6 0xd22aa9a1fc595809      0t0    TCP localhost:62808 (LISTEN)
    named     2214          named   21u  IPv6 0xd22aa9a1fc595d09      0t0    TCP *:53 (LISTEN)
    named     2214          named   22u  IPv4 0xd22aa9a20dc9eee9      0t0    TCP localhost:53 (LISTEN)
    named     2214          named   23u  IPv4 0xd22aa9a2076b9089      0t0    TCP localhost:953 (LISTEN)
    named     2214          named   24u  IPv6 0xd22aa9a1fc598009      0t0    TCP localhost:953 (LISTEN)
    MacbookRetina:~ root# 
    The only services that are listening on my real network interface are enabled by myself by installing dropbox and bind as my locale name server.

    If it wasn't for this no one outside of my computer could open a connection to it as all other services are listening on the localhost interface only.

    And this is the default behavior of Mac OS X Yosemite when not enabling any sharing services at all.

    So if you don't use any sharing services, i.e. remote desktop to your local computer et. al. you technically have no open ports on your outside facing network interface.

    And there is only one port open for emails, which is the eclipse client in my case (IBM notes), but no ports are open for my opened mail.app for imap access to iCloud, nor are there any services listening for web browsing.

    So i was technically totally correct when claiming that there are no open ports on a default installation of OS X that are reachable from outside of your computer, and therefor you technically don't need any firewall on your local computer if you don't change that.
     
  17. phpmaven macrumors 68040

    phpmaven

    Joined:
    Jun 12, 2009
    Location:
    San Clemente, CA USA
    #18
    I was just responding to your assertion that there are no open ports at all. That is clearly not accurate. Whether or not they are reachable by the outside world or not is another issue. However, I do agree that the average user doesn't need to worry about having the firewall enabled.
     

Share This Page