firewall for mac?

R

roninsmurf

Registered
what's a good one? i used Norton Personal Firewall for a long time with my g3, and liked it
but now i'm
g4 15" osx 10.4.3
what's new for system 10?
thanks
 
As we're on this subject, can someone explain to me how the built in firewall works? I just don't seem to understand if it's on or off... I think I need "Mac OSX Built-In Firewalll for Dummies"... ;)
 
It has a Start and Stop button. If the button says Stop, then it's on.

Use your Help Menu - search Firewall
 
ps.

don't use norton. it has been well documented that norton screws more osx systems than it helps.. far more.
 
'firewall for mac ... what's a good one?', ...
MacOS X'es default firewall settings are quite good.
As an option, the user can go to 'System Preferences' 'Sharing' 'Firewall's tab for additional setting changes.
Third party (1) firewalls, while adding some features - animated gauges, logs, warning messages and / or sounds, typically are redundant of the features provided by Apple.
If one has a broadband connection, adding a router (wired / wirelessly) provides a hardware firewall - which (typically) is better than any software firewall.

'... don't use norton. it has been well documented that norton screws more osx systems than it helps.. far more.', while true for 'Norton Utilities for Mac's MacOS X versions, it is not so for 'Norton Personal Firewall'.

(1) - 'DoorStop X Firewall', 'NetBarrier', 'Norton Personal Firewall'.
 
A basic router is in no way providing a firewall. And routers come in two flavours: with and without NAT. Those with NAT are usually just masking the LAN from the WWW which is no substirute for a proper firewall which is capable of so much more. Having said that, then NAT is actually a good basic defense against most attacks !IF! you don't have any servers on the LAN that need to poke a hole through the NAT. But eg a Cisco 677 has some basic ip, port and protocol filtering so in some cases a router and a firewall go together.

And please obeserve, that there's a !HUGE! difference in having a broadband modem and a broadband router. The broadband modem will give you a global IP-number meaning you can be scanned from the internet, while a broadband router isolates you from the internet through a NAT table.

The problem with the settings you can specify in the 'Firewall' tab in the 'Sharing' prefPane is that it's only an ingress firewall. For filtering outgoing connections (eg programs "calling home") you'll have to turn to eg LittleSnitch.
 
Thank you BjarneDM for clarifying the necessity of Network Address Translation [NAT] in a router; which is what I was implying, but should have been more specific.
 
roninsmurf said:
thanks for the tip, bob. is the built-in enough? is it just as good as norton?
Click to expand...
It is widely used on corporate and even government servers. Like most open source software it has been beat on and patched by experts until it is pretty well bullet proof. If you are looking for a fancy GUI and lots of relatively meaningless reports the built in ipfw is not what you are interested in. If you want a GUI interface for ipfw take a look at Brian Hill's Brickhouse. Among its features is a wizard for configuring OS X's ipfw firewall.

I concur with the recommendation to avoid Norton. Too many apparently unrelated problems are fixed by removing Norton products from the system.
 
BjarneDM, I would say a router IS a firewall in a (very important) way. NAT means nothing gets in that wasn't asked for.

Now, if you want to police what goes out, then Little Snitch it is.

BTW, there is OFFICIALLY ONE (1) piece of spyware for OS X. Yea!!!!!!! Booo!!!! It's commercial, one of those screen-grabbing, keyboard logger apps. Can't remember the name nor exactly where I read about it.

Doug
 
dktrickey: A commercial tool that lets you install a screengrabber and keylogger for your own purposes is not what's normally called "spyware". Spyware - in the Windows sense - is stuff that tricks you into thinking it does nothing or even something good, while it's spying on _you_.
 
You must log in or register to reply here.
Back
Top