Question About OS X Firewall & Virus Protection

Hello Everyone!

I have a pair quick questions to present, if you all don't mind. These are items I've searched for and either missed the answers or (more likely) didn't understand what I was reading. Since everyone here is an actual user of OS X, and more knowledgeable than I am, there's no better place to get an honest 'real world' answer.

We have 2 MacBook Pro units running OS X 10.6.8 via wireless connection to a cable company provided Arris TG862 gateway.

We always left our firewalls on & never gave it much thought until I noticed the 'Secure' light on the gateway was off. The cable company tech said it was not important & not to worry about it. I question our connection's safety. (The light used to be on.) So, it is time to check on our local firewall settings...

Concerning OS X 10.6.8 firewall in System Preferences, I see a setting labeled as "Automatically allow signed software to receive incoming connections" and one labeled "Enable stealth mode"
I think I understand that Stealth Mode hides the computers. Is it good to have it in Stealth or not in Stealth?

And, should the "Automatically allow signed software to receive incoming connections" be checked as allowed? I never did understand certificates.

My next pesky question is about virus protection. I see on this forum people saying good things about having ClamX AV for virus detection. We don't download many files, usually only such things as pdf owners manuals for things, maybe a brochure for a product. But, we get lots of E-Mail phishing stuff & 'Click this Link' from people who had their E-Mail hijacked, I'd like to prevent this form happening here. Is having ClamX AV a good idea?

Thanks very much for helping me figure out what to use! Your expertise is appreciated.
Paul

Please look at Pg 20 of the Arris TG862 user guide which says that the Secure LED is used to indicate the status of the Wireless/Wi-Fi Protected Setup (WPS)..

WPS is meant to make it easy for devices to join a network with minimal configuration. I.E., you have a wireless access point with WPS enabled, and a printer that knows how to deal with it. You hit a button and boom, the printer gets connected to the router, authenticated, gets it's IP address and is ready to go.

However, contrary to the LED's name and name of this technology it's a bad thing to use as it is prone to brute force attacks AND anyone within range of your router now has a way to get onto your network.

So having this feature turned off is a good thing, you should have a strong WPA2 password and enter that into each of the devices you want to have WiFi access..

So while your ISP tech wasn't clear about what this is for and for you not to worry it's off (indicating WPS is off), he's right in a way that it should be off and you shouldn't worry..

Secondly, running an active virus scanner on your Mac (one that scans all the files on fly) is a waste of resources. You are better off using something like ClamX and running it on a file or a group of files as you get them into your computer..

As far as malicious e-mail go, it all depends on how you have it set up. If you use a webmail service like GMail, Hotmail, Yahoo or something, AND you access it purely on the web, then their filters will catch most of these and if they don't catch it, you can mark it as spam to teach their filters about new types of spam messages. Now ClamX isn't going to help you in this case since all the content is on the remote server and you haven't downloaded anything locally.

If you, on the other hand, have an ISP e-mail address and use Mac Mail to download all of your messages locally, then programs like ClamX can go through your mailbox and find malicious attachments and flag those, but it will still not flag messages with just links.

At the end of the day, it really comes down to your own knowledge, be skeptical of ALL links in e-mails (even from family and friends), especially ones that are run through any of the hundreds of URL shortening sites..these are great tool used by spammers to hide the real URL which is usually a dead giveaway of the malicious site..

Arm yourself with knowledge, always be diligent with your browsing, downloading, clicking and MOST importantly installing and you'll be fine..

Thank You!

Thank You Raz0redge for taking the time to compose such an obviously well thought out & well written response. I hope you are a teacher and your students appreciate you.

You managed to explain, in terms even I could understand, what the ISP's technicians could not about the "Secure" light. Their last reply to me was that "The light is off because WOW does not use security". That didn't sound quite right.

Thanks, too for explaining about virus protection. Your explanation is fantastic. I finally understand when & what to scan & what is a waste of resources. I never understood virus protection and OS X. With WIndows it was easy- I just kept a whole security suite running all the time & updated constantly. Mac sounds so much safer.

If you don't mind, one new question I have is what is a "URL Shortening" site that you mentioned & is there a way to recognize an e-mail which passed through one?

Thanks Again for your help & education!
Paul

I'm not a teacher by profession..but in my current position, I do end up doing a lot of "teaching" and mentoring junior engineers..and I hope they appreciate it..

As far as URL shortening goes, there were a few like tinyurl.com. The whole idea was to take a really long URL like www.awesomesite.com?action=foobar&location=US&lang=en&do=somework&why=cuz&.... and covert it to something like <site.com>/4x4fad where <site.com> is any of the available URL shorteners.

With things like Twitter (with the 140 character limit) long URLs are a pain..

Now the link I provided above are services that you can use to shorten any URL. A lot of websites have their own (again in use for Twitter) private shortening websites to publish links on their sites easily..

Things like "on.mash.to" and so on, for Mashable come to mind..

One way to recognize that a URL has been shortened, is to notice that it has a bunch of random characters and is, well, short.. However, it is not a good idea to just click on the link to see where it'll take you. To help you with there, there are URL expanders like http://longurl.org/expand that will take any of your shortened links and try to figure out what it really points to..

Most of the time, it will work and tell you what spam/phishing/malware/Russion/Ukranian/Nigerian/Canadian ( Just to see if Van will pick this up ) site it points to and so you can avoid unleashing something on your computer. However, a lot of times it won't expand to anything useful, so you might as well just move on.

If people do send you shortened links, ensure that is from someone you know, try to expand it first and if that doesn't work and you HAVE to click on it, just be very wary of what you do on the site that you end up at..

Thank You Ashwin!
(Sorry I missed your name on my first reply. How rude of me!)

I appreciate your time & explanations very much, as do many others I'm certain.

I just happened to have had a shortened URL sent in an E-Mail today, so I went to the link you wrote. It was pretty cool. Instead of being the site is purported to be- FOX News, it was some other site all together. But it was neat. All I had to do was send them my bank account number & I'd win the Notrealistan National Lottery. (I am kidding. I didn't go to the site. I trashed it & emptied the mail trash.)

I enjoy learning about computers. Often, I get confused.
As my father (an engineer in the 40's on the Eniac project) once reminded me when I was frustrated with my 8088 & MS-DOS-
"Son, computers are better left for the next generation. Remember that you were born before we knew how to make Magic Markers."

He was kidding, of course, as he was born in the very early 20th century and was a total hardware genius.

Thank you again for today's education!
Paul