Network Security under OS X


Senior Member & Tech Guru
I know that security issues have/are discussed a lot regarding OS X and that, while Unix is prone to problems (right?) OS X has a built in Firewall which can be implemented using BrickHouse, FireWalk, etc. (Note: I have BrickHouse set to block just about every hack and scan that the SW allows). Also, I have dynamic DSL which is only reset (new IP address) when I reboot my Mac or log out (Iguess?).

That all being said, as "added" security I also never leave Entourage and Explorer running when I'm away from my Mac (ie., sleep mode). Is this necessary, lame, a good idea, what? What do you folks do? Does leaving these apps (or other Internet apps) running give a back-door to hackers or look-e-loos? Of course, I'd rather just leave all my apps running so I don't have to launch crap except for when I FIRST boot up, but I'm really sensitive to security issues. Can someone educate me (and others) here about Mac security, firewall issues, port scans, etc.

Incidentally, I use(d) Intego Netbarrier on the OS 9 side (their X version is still in development); do I need a firewall SW on the Classic side under X?

You shouldn't have to shut down your apps while the computer is asleep. IE shouldn't have any ports open while its not doing anything so its pretty safe. The security problems with IE happen when you are viewing a malicious page. The same should apply for entourage, although I guess its possible if it automaticaly downloads your email and views it for some reason. If it doesn't then I wouldn't worry about it being a security problem.

That said, almost all of the security problem Unix or any other OS has are related to server type services. OS X has relativily secure services included in it, the apache web server is not known for exploits and it uses ssh instead of telnet. If you are not running any other services (you would have to install and start them so I would hope you know if you have them) all you realy need to worry about blocking is the rpc and nfs stuff that OS X starts up to do filesharing (and needs to be blocked off from the rest of the world) and the iDisk web-dav problems that Apple introduced with 10.1.

So basicaly I think you are being paranoid :) but that is coming from someone how has an IDS and packet sniffer up on my network to watch people as they go around :)
Well, for starters I never let any Microsoft product touch my computer... and no I don't flame a product just because it's made by M$. However, M$ has in general always placed security just about dead last on its "to-do" list... I'm perfectly content with a word processor that doesn't have its own macro language and doesn't open ports on my computer. When OmniWeb 4.1 is released as a beta or final, you may want to give it a try (, I'm quite impressed with it at the moment.

So, aside from not running Entourage and Explorer at all, not leaving them running when you don't have to at the very least can't hurt, and probably does improve the security of your computer at least a small degree. Relaunching an application actually is faster than launching the first time (if you haven't noticed), so this shouldn't be too much of a problem for you either, and may actually clear up any memory problems that may have cropped up.

BrickHouse is a nice firewall app and is easy to use... I used that for a while before switching to Firewalk X. Firewalk is a little more complicated to setup, although it's my own personal choice. I actually went through a security-freak phase last week... I ran a number of port scans and attacks on my computer with Firewalk setup and was quite pleased with the results. UNIX in general is more of a security risk than Classic MacOS, although it's important to remember that those security holes are created more because of user ignorance (or developer ignorance... M$... *cough*) than a weakness in the OS. As long as you remain a relatively concerned user and take minor precautions, you should limit your security holes to an absolute minimum.

Thanks for the advise, guys. Anyone else have thoughts/advise on this? The more informed that I am, the happier. :)
Oh, as a follow up, I don't think you need a firewall for Classic because it goes through the OS X networking layer to get out to the outside world, so your OS X firewall should block any problems for both Classic and X.
Originally posted by LordOphidian
Oh, as a follow up, I don't think you need a firewall for Classic because it goes through the OS X networking layer to get out to the outside world, so your OS X firewall should block any problems for both Classic and X.

As Angela Jolie (spelling?) said in "Girl Interrupted", THAT'S GOOD TO KNOW. :)