Question about the Security settings...

Discussion in 'iMac' started by The Game 161, Oct 10, 2011.

  1. The Game 161 macrumors P6

    The Game 161

    Dec 15, 2010
    To stop possible virus threats does the firewall need to be switched on at all?
  2. malias4 macrumors 6502a


    Jun 21, 2011
    Greece and Holland
    i have it on from the first day so i think its a good idea :p
  3. miles01110 macrumors Core


    Jul 24, 2006
    The Ivory Tower (I'm not coming down)
    The firewall does nothing against modern malware.
  4. GGJstudios macrumors Westmere


    May 16, 2008
    It's a good idea to have the firewall enabled, but not to protect against malware. It helps protect against unauthorized access to your computer.

    Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released 10 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided with some basic education, common sense and care in what software you install. Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.
  5. munkery, Oct 10, 2011
    Last edited: Oct 10, 2011

    munkery macrumors 68020


    Dec 18, 2006

    Application firewalls, as found in OS X system preferences since Leopard, and packet filters, as found in all releases of OS X (or since 10.1?), don't provide any protection from modern malware that relies on memory corruption exploits to modify processes while already running in memory.

    Even the malware that firewalls defend against, namely trojans that modify binaries on disk rather than in memory, can easily bypass the firewall by creating exceptions for themselves.

    A benefit of packet filters is that access to a specific port can be filtered on a per IP basis, which greatly reduces the exposure of the service bound to the port.

    Application firewalls prevent incoming messages from communicating with apps not bound to the port but don't provide any protection for the bound service and don't provide as fine grained filtering but are easier to use.

    A packet filter running with stateful packet inspection or a router using NAT are the most effective of this type of firewall.

    But, a secure password will provide as much protection from unauthorized access to the bound service as a firewall given that firewalls provide no protection from memory corruption and firewalls are easily bypassed by less sophisticated malware.

    These types of firewalls have been supplanted by sandboxing because sandboxing is a more effective mitigation against memory corruption exploits.

    Mac OS X has included incrementally more sandboxing with each new version since Leopard.

    But, enabling the firewall doesn't have any major negative impact so you might as well add that extra layer of security.

    FYI, application firewalls and to a lesser degree packet filters do have a negative impact on the speed of the system's network communication with external sources.

Share This Page