Why is the firewall STILL turned off by default?

Discussion in 'OS X Yosemite (10.10)' started by 0x100, Dec 11, 2014.

  1. 0x100 macrumors regular

    0x100

    Joined:
    Nov 11, 2014
    Location:
    Japan
    #1
    This really boggles my mind that the firewall is still turned off by default in Mac OS 10,10.

    Even Apple recommends you to turn it on to keep your system safe, what's the deal with this?

    https://www.apple.com/osx/what-is/security/
    "Turn on a firewall to prevent other machines from accessing services running on your Mac."

    What makes it so that Apple couldn't ship it with the firewall on? I think it would help more if the people who don't really know what a firewall does has it on without knowing and the people who needs it off for some things knows how to turn it off instead of how it is today were a lot of people walk around not even thinking about it.
     
  2. SandboxGeneral Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #2
    They probably assume that the majority of users will be connected to a hardware firewall, like a wifi router.

    The only time you'd need to turn the OS X software firewall on is if you are connecting to a raw Internet feed, like a direct cable modem connection, or are out at a cafe on public wifi.
     
  3. 0x100 thread starter macrumors regular

    0x100

    Joined:
    Nov 11, 2014
    Location:
    Japan
    #3
    …and what computers are commonly used at cafés? ;) Hint, they're silver colored unix systems without firewalls.
    I do still think the firewall should be turned on by default.
     
  4. SandboxGeneral Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #4
    I won't disagree with you on that. But, it is what it is I suppose. User beware.
     
  5. Paco II macrumors 65816

    Joined:
    Sep 13, 2009
    #5
    Security versus initial experiences. Does Apple want new customers settings up their new Macs and immediately start getting alerts about allowing apps to have access etc etc. Nope.
     
  6. Queen6 macrumors 603

    Queen6

    Joined:
    Dec 11, 2008
    Location:
    Enjoying Better Things
    #6
    Maximum operability, Apple needs to set up OS X to it can work with as few problems as possible, enabling the Firewall may block some users needs, the savvy will turn on the Firewall and Stealth Mode ASAP.

    OS X is still relatively safe, equally enabling the Firewall and Stealth mode are steps in further strengthening the systems security.

    Q-6
     
  7. ssmed macrumors 6502

    ssmed

    Joined:
    Sep 28, 2009
    Location:
    UK
    #7
    On a similar note
    New users should turn off all Autofill options in Safari.

    Apple could at least have a read me which shows people that these details of set-up need to be addressed with a new computer.
     
  8. Queen6 macrumors 603

    Queen6

    Joined:
    Dec 11, 2008
    Location:
    Enjoying Better Things
    #8
    I know, but you can see their point to some extent, just trying to keep it simple for the masses. Same as Filevault on SSD enabled Mac`s (10.10) wouldn't hurt to have an option and small explanation on set up.

    Q-6
     
  9. SandboxGeneral Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #9
    What's with Filevault on Mac's with SSD all about?
     
  10. Queen6 macrumors 603

    Queen6

    Joined:
    Dec 11, 2008
    Location:
    Enjoying Better Things
    #10
    On 10.10 Filevault is brought up as an option on installation, with SSD, with HD it`s not. Apple could do the same for the Firewall.
     
  11. SandboxGeneral Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #11
    That must be for Apple-branded SSD's that come with it then, right?

    I have Samsung SSD's in mine and I don't recall the the Filevault option during install.
     
  12. Queen6 macrumors 603

    Queen6

    Joined:
    Dec 11, 2008
    Location:
    Enjoying Better Things
    #12
    Guess so, all my Mac`s that have SSD are Apple proprietary, all requested the Filevault option, the ones with "spinners" didn't. Makes sense with the SSD`s as there is no hit in real world performance.

    Q-6
     
  13. SandboxGeneral Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #13
    I've enabled Filevault on all of mine, two with SSD's and one HDD. I really don't even notice the difference on the HDD, but then I don't do very intensive stuff with it either.
     
  14. MikhailT macrumors 601

    Joined:
    Nov 12, 2007
    #14
    Ha, a firewall wouldn't do much in a public network. You need to be using a VPN at the very least.
     
  15. Nermal Moderator

    Nermal

    Staff Member

    Joined:
    Dec 7, 2002
    Location:
    New Zealand
    #15
    I got the option on my Early 2011 MBP with the original HDD.
     
  16. Queen6, Dec 13, 2014
    Last edited: Dec 13, 2014

    Queen6 macrumors 603

    Queen6

    Joined:
    Dec 11, 2008
    Location:
    Enjoying Better Things
    #16
    K, maybe I just missed on the late 2011 MBP (15'), but also thought I saw some similar comments in a thread, equally it`s no "biggie" Back the original point, it would be better if Apple did the same with the Firewall, I have never had a problem, just very rarely an application will require access and then you get a pop up.

    Same now as 10.10 better to prompt the user to turn on, at installation seems not reason not to, as Firewalls are common these days. Better to be safe than sorry, The OS X Firewall just adds another barrier, anyway personally I have always just turned it on ASAP as it has no cost or overhead.

    Q-6
     
  17. 0x100, Dec 14, 2014
    Last edited: Dec 5, 2016

    0x100 thread starter macrumors regular

    0x100

    Joined:
    Nov 11, 2014
    Location:
    Japan
  18. Queen6 macrumors 603

    Queen6

    Joined:
    Dec 11, 2008
    Location:
    Enjoying Better Things
    #18
    Non of my Mac`s show this, they are all in the "Green" equally can't remember exactly behaviour on initial set up.

    Q-6
     
  19. SandboxGeneral Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #19
    I must have a bad memory from when I installed Yosemite, three times, to where I just don't recall the Filevault option. :eek:
     
  20. Abba1 macrumors regular

    Joined:
    Aug 6, 2014
    #20
    I agree. And, I like making my own decisions. As it is, I use both Apple's firewall and a compatible firewall over that. But, it is my decision to do so.

    ----------

    I like the idea of Apple having a "read me" for new users. But, most users who come from a Microsoft environment will have so much more to learn in order to use Mac, that a "read me" might not be practical for Apple. The bookstore, be it online or physical, is their best bet. And, there are enough books tailored for beginners that they will learn then what has to be done.

    ----------

    I have an additional firewall that actually does protect in a public network. It automatically changes from Home to Work to Public Hotspot, and in the latter nothing gets in without your explicit permission.

    ----------

    It was there for me after a clean install. I do worry about beginners using FileVault, however, as they are in danger of losing everything in it if they forget their password as sometimes happens.
     
  21. NoBoMac macrumors 6502a

    Joined:
    Jul 1, 2014
    #21
    The yellow dot on Firewall is when you turn on "Block all incoming connections". With the warning that basically says "lots of stuff will not work with this setting".
     
  22. bbfc macrumors 68030

    bbfc

    Joined:
    Oct 22, 2011
    Location:
    Newcastle, England.
    #22
    It's green for me. Looks like you have something that needs attention.
     
  23. fisherking macrumors 603

    fisherking

    Joined:
    Jul 16, 2010
    Location:
    ny somewhere
    #23
    if i'm at home, and i have the firewall turned on on my router, why would i have it on on my mac as well? just trying to understand this...
     
  24. SandboxGeneral Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #24
    That is the compromise we have to make for security over convenience these days. I wish it weren't so.

    I have Filevault turned on and keep my password, in my head, but also in a secure location as well as the recovery key.
     
  25. MikhailT macrumors 601

    Joined:
    Nov 12, 2007
    #25


    You might know what to do but that means nothing for majority of the public.

    Also, a firewall does nothing to protect you against MITM attacks. You can't in advance know what's coming in has not been changed. The firewall does not verify the certificates.

    Unless you're talking about something else.
     

Share This Page