Sharing wireless network with PC, nervous....

Discussion in 'MacBook Pro' started by dewey decibel, Dec 1, 2007.

  1. dewey decibel macrumors member

    Joined:
    Jun 22, 2007
    #1
    Hi, the thread title says it all. I know the Mac OS is pretty solid, but I'm still nervous about spyware, hacking, etc. The PC I'm sharing with has been sick several times (a big reason I've switched the Mac BTW).

    I'm running 10.4.10 and have set up the firewall. Anything else I should do?

    I guess I'm worried that since the PC has been targeted the Mac will be too as they're on the same network. Keep in mind I don't know much about how networks work and how this stuff works in general.

    Any help or reassurance is appreciated!
     
  2. Super Macho Man macrumors 6502a

    Super Macho Man

    Joined:
    Jul 24, 2006
    Location:
    Hollywood, CA
    #2
    It would be very, very difficult to hack that Mac. For starters, it is (I assume) behind a NAT firewall. Since you say you don't know a lot about how networks work, you probably haven't forwarded any ports to the Mac from the router, which is good.

    There are zero real-world spyware, malware, viruses etc. that affect Macs, and Windows versions of them do not affect Macs. Having the firewall enabled is not a bad idea, but it doesn't really matter, given that your Mac is already behind the router's firewall and is NATted making it impossible to access via IP from outside your network (i.e. the internet).

    Those two are basically the two main attack vectors, and they are both sealed off. You are safe. There are some extra layers of security that you could add if you were super duper paranoid, but unless you are trying to hide atomic secrets from the Chinese, don't worry about it.
     
  3. GoodWatch macrumors 6502a

    GoodWatch

    Joined:
    Sep 22, 2007
    Location:
    Rotterdam, The Netherlands
    #3
    I’m no network specialist either but here goes. Assuming both are connected to the same wireless router there are some things you should be aware of. If no port forwarding is used to expose specific services or ports to the outside world (e.g. FTP) than only port 80 is open. And that needs to be open for you to be able to browse the Internet. Put ZoneAlarm (the free version) on the PC and configure and configure it to go into ‘stealth’ mode and give only permission to the programs you know that are legit. Check this on https://www.grc.com/x/ne.dll?bh0bkyd2 [If you don't trust this, and why should you, search for Gibson Research Corporation on the net]

    You can fine-tune ZoneAlarm so that your PC becomes completely invisible to the outside world. If you don’t need file-sharing on the PC don’t use it. With this in place you should be fine. Never let yourself be coaxed into downloading a file or clicking on an unknown link. Most ‘zombifying’ of PC’s is done by very clever back-door programs. Only trust yourself.

    I know it still may sound too technical but I have no other way explaining this. :eek:
     
  4. Super Macho Man macrumors 6502a

    Super Macho Man

    Joined:
    Jul 24, 2006
    Location:
    Hollywood, CA
    #4
    Port 80 does not need to be open and should not be open on any machine that is not a web server. A firewall with port 80 blocked (in the way firewalls are typically used) will not prevent *outgoing* requests to port 80. Most ISPs block incoming port 80 to prevent their customers from running web servers, but they can of course still access web pages.

    This is good advice. But the router's built-in firewall makes Zone Alarm redundant. If the PC is behind a NAT, then it's already invisible to the outside world. The real security risk to a Windows machine behind a NAT is from spyware/malware and security vulnerabilities in network apps, not from direct public attacks over an open port.
     
  5. GoodWatch macrumors 6502a

    GoodWatch

    Joined:
    Sep 22, 2007
    Location:
    Rotterdam, The Netherlands
    #5
    You are right on port 80, I make this mistake often. Please do the test with your Mac on the link I provided. And if you feel like it, share the results. I'm on a APEB.

    Take care.
     
  6. dewey decibel thread starter macrumors member

    Joined:
    Jun 22, 2007
    #6
    Thanks for the responses.

    Yes, that's correct.

    I had a look but didn't run the test yet. On a side note, I looked with both the Mac and PC and they both had the same ISP address which reassures me at least something is working as it should (I got nervous when I read about people being able to identify my machine, not just the ISP).

    As far as I know I don't have port 80 open. But, when I turned the OSX firewall on it seemed to want me to leave "network time" checked to allow port 123 open, so I did. Hope that's OK....
     

Share This Page