Protection?

Joined
Jul 8, 2013
Messages
22
Reaction score
0
Points
1
Hello:

I see different opinions on what protection you need for an iMac (latest OS). We have used Norton Internet Security for many years, and could go with it for wife's new iMac and the two PCs. Any suggestions or comments?

Thank for your help!

Hans L
 

pigoo3

Well-known member
Staff member
Admin
Joined
May 20, 2008
Messages
44,210
Reaction score
1,418
Points
113
Location
U.S.
Your Mac's Specs
2017 15" MBP, 16gig ram, 1TB SSD, OS 10.15
I think that you need to tell us exactly what sort of "protection" are you looking for (protection from what)?

- Nick
 

Raz0rEdge

Well-known member
Staff member
Moderator
Joined
Jul 17, 2009
Messages
15,745
Reaction score
2,071
Points
113
Location
MA
Your Mac's Specs
2022 Mac Studio M1 Max, 2023 M2 MBA
Do what you are comfortable with for your PC's running Windows, but skip it all for Mac. Just use it with some common sense and you'll be fine..
 
Joined
Nov 28, 2007
Messages
25,564
Reaction score
486
Points
83
Location
Blue Mountains NSW Australia
Your Mac's Specs
Silver M1 iMac 512/16/8/8 macOS 11.6
Keep Nortons well away from your Mac. As other suggest either don't worry or if you are paranoid coming from the Windows background download ClamXAV which is freeware. Most important safe browsing practices and leave Gatekeeper to do its job screening your downloads.
 
Joined
Jan 20, 2012
Messages
5,053
Reaction score
414
Points
83
Location
North Carolina
Your Mac's Specs
Air M2 ('22) OS 14.3; M3 iMac ('23) OS 14.3; iPad Pro; iPhone 14
As a new OS X user (since the end of March w/ a new MBP & iMac) migrating from Windows after 25+ years, I was also interested in this question for the need for malware protection (assume that you are asking about whether Norton or a similar program is needed on your iMac) - I would suggest following the excellent advice already given, i.e. Norton (or another product) is not needed on your iMac.

Presently my laptop & iMac are on a secured home network and I'm not running any malware protection. About the only suggestion that seems to be made is to turn on the 'Firewall' (in System Preferences) when traveling (i.e. w/ a laptop) on a public network (like a hotel room, internet shop, etc.) - but if used @ home, put yourself behind a router w/ built-in firewall and other malware protection. :)
 
Joined
Nov 28, 2007
Messages
25,564
Reaction score
486
Points
83
Location
Blue Mountains NSW Australia
Your Mac's Specs
Silver M1 iMac 512/16/8/8 macOS 11.6
Actually leave Firewall off - that is Apple's default. Use as RadDave suggests. Your modem/router has inbuilt firewall protection.
 
Joined
Apr 26, 2008
Messages
2,963
Reaction score
120
Points
63
Location
Belgium
Your Mac's Specs
iPad Pro 12.9 latest iOS
A few golden rules ....
If you did not specifically went looking for it, don't install it.
Switch the OS X Firewall ON on your portable Mac's .... that way you don't have to worry about it when using " untrusted " networks.
Always keep your OS and apps up to date.
If you think that technology is going to solve your security problems, then you don't understand the technology and you don't understand the problems ..... what I mean is that any amount of technology will always be defeated by human behavior.
Do not share your credentials with anyone.
Do you need Flash and/or Java ? Do you really need it ?
Are you running your Mac as an Admin user ? Do you really have to or is it just convenient ?

In summary, Human behavior is what matters, not ( just ) technology .

Enjoy your Mac.

Cheers ... McBie
 
M

MacInWin

Guest
+1 for turning on the OSX Firewall. That way you won't have to remember to turn it on when and if you need to use an untrusted network. Doesn't cost you anything to have it on!
 
Joined
Nov 28, 2007
Messages
25,564
Reaction score
486
Points
83
Location
Blue Mountains NSW Australia
Your Mac's Specs
Silver M1 iMac 512/16/8/8 macOS 11.6
This is an iMac OP is discussing hardly likely to cart it to Starbucks. Leave firewall OFF as Apple designed it.
 
M

MacInWin

Guest
Curious, on my iMac, the Firewall was configured ON, as Apple designed it. (or at least as they delivered it)
 
M

MacInWin

Guest
For the OP, if you are using a wireless connection to your iMac, even though you can't take it to starbucks, if you don't put the firewall ON, you are vulnerable to external wifi users being able to get into your machine. If you turn on encryption on the link, the connections between your iMac and wireless router will be protected, and the firewall in the router will protect you from attacks from the Internet side, but with the firewall off in OSX, the iMac is vulnerable to wifi attack. The risk is low, but it costs nothing to turn the firewall ON, so why not do it?
 
C

chas_m

Guest
if you don't put the firewall ON, you are vulnerable to external wifi users being able to get into your machine.

This is flatly untrue and incorrect. I'd be interested to see any links you can come up with that claim this.

Furthermore, turning the software firewall on when you already have a superior hardware firewall does NOT make you "twice as safe," it just causes hard-to-pin-down issues. There's a reason Apple ships these machines with the software firewall off.
 
M

MacInWin

Guest
@chas_m, the reason for turning on the software firewall is to have what security experts call defense-in-depth or layered defense. Hardware firewalls like the ones in a router do one thing, software firewalls do something slightly different. Having both adds to the overall security of the system. Now, if all you have is one lonely iMac on your home network, the risk is small, but if you add an iPhone, iPad, second iMac, MPB, Windows machine, etc, etc, the risks go up of an internal attack. And if you don't configure your router properly with MAC filtering and control of DHCP, then your neighbor, or someone sitting in a car on your street could become part of your "internal" network. (If you don't think that happens, my brother in law recently moved to a new house and lived off his neighbors wide-open wifi for a week while waiting for his ISP to install his own connections!) At that point, your next line of defense is the software router. But you don't have to take my word for it. You asked for links. I found 14,000,000+ of them, but these came from the first page: Here, here, [URL="http://www.ehow.com/about_5386692_router-firewall-vs-software-firewall.html"]here, [/URL]here, here, and here. Some of them refer to Windows Firewall, as that is the more prevalent one, but the principles apply to any and all software firewalls.

From here I took this. It explains in the clearest terms the difference between the hardware firewall and the software firewall.

The router's firewall cannot specify application rules as to whether or not you want an application to have network access and, if so, just what types of access that it gets (TCP, UDP, ports, time of access or denial, etc.). The router's firewall doesn't know what application is generating what network traffic. Only the software firewall running on your host can do that. Do you trust everyone of your "normal" applications won't connect without your permission or without telling you they are connecting? Feel lucky if that is true.

Software firewalls are handy for regulating network access for applications running on that host provided those applications aren't smart malware programs trying to circumvent or disable the firewall (your router's firewall can't handle malware, either, that makes otherwise unauthorized and undeclared outbound connections). If you want some application-centric regulation over software's OUTBOUND access then you need a local firewall.

Don't expect your router's firewall to be much more useful that Microsoft's software firewall. You may get some host-centric control over Internet/network access but other than that then it won't know what app is trying to get a connection. Routers have very simplistic firewalls and are not equivalent to firewall appliances. Look at the router's firewall like you look at Microsoft's software firewall: some protection from unsolicited inbound connect attempts but nothing for regulation of outbound connect attempts by applications (and only some regulation based on hosts). What you get for protection depends entirely on how potent a firewall is included in the router. Some routers let you define rules on which hosts can connect to your intranetwork, to other hosts and which ones on your intranetwork, which ones get Internet (external) connects, during what times they can connect, quotas on bandwidth, QOS, and so on, all of which is outbound regulation (from a host to other hosts or the Internet).

Some routers' firewalls include inbound protection, like stateful packet inspection, to protect you against unsolicited inbound connect attempts and may even provide heuristics or rules to detect certain known type of attacks, but all in all the router's firewall is pretty basic. It may end up duplicating the inbound protection that your software firewall provides but it lacks any outbound protection afforded by a software firewall running on a local host. The inbound duplication isn't hurtful. It just means that anything your router's firewall caught doesn't have to be caught by your software firewall and then take CPU cycles to handle.

Finally, it is considered good security practice to replace hardware firewalls every couple of years, or at least update the firmware if the vendor provides it. Hackers are constantly attacking the hardware firewall protocols to try to penetrate them and the vendors are constantly closing holes to make the firewalls more effective. But you still need both hardware and software firewalls in that defense-in-depth approach.
 

vansmith

Senior Member
Joined
Oct 19, 2008
Messages
19,924
Reaction score
559
Points
113
Location
Queensland
Your Mac's Specs
Mini (2014, 2018, 2020), MBA (2020), iPad Pro (2018), iPhone 13 Pro Max, Watch (S6)
Furthermore, turning the software firewall on when you already have a superior hardware firewall does NOT make you "twice as safe," it just causes hard-to-pin-down issues.
Yes, adding more layers increases complexity but you're assuming that the two overlap and aren't mutually exclusive in any respect. SFs can work on a per-application basis (something hardware firewalls can't do) and protect machines behind the firewall from each other. SFs are also better suited to regulating outgoing traffic (as far as I can tell), something that it inherits from the per-application functionality.
 
OP
H
Joined
Jul 8, 2013
Messages
22
Reaction score
0
Points
1
While I will use basically only one app in virtual Windows on the mac (Visual FoxPro (database) applications, I do understand that Norton is overkill. What should I use for Windows protection? Does the Mac firewalls (like AbruStop) protect even virtual Windows? what about antivirus software?

Thanks,

Hans L
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
I would use the free and effective MSE (Microsoft Security Essentials) and the built in MS firewall. You can turn both on (MSE must be downloaded) from Control Panel. No need to spend extra $$ for Norton or any other fancy Windows firewall. (Although there are several good firewall apps that are free.)
 
Joined
Jan 19, 2008
Messages
4,695
Reaction score
73
Points
48
Location
houston texas
Your Mac's Specs
09 MBP 8GB ram 500GB HD OS 10.9 32B iPad 4 32GB iPhone 5 iOs7 2TB TC Apple TV3
I will go with MacinWin on this just because I use my MBP away from home and would probably not remember to turn it on besides I have not noticed any hit in performance or speed.
 
Joined
Oct 30, 2010
Messages
273
Reaction score
0
Points
16
Location
Southern Illinois
Your Mac's Specs
MBP 15" I7 first one and loving it.
Please understand I'm just a novice and trying to learn about these things. I understood the real threat when using a open network "starbuck's mac&d's". Was that the data transmitted was unencrypted and could be read by using a sniffer. Unless you were using a https site or a VPN connection. A firewall will do nothing to protect you in this case. Or am I wrong?
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
Nowadays, a software firewall provides little to no protection when you're out and about at places like Starbucks or Panera. If a hacker wants to read what you're sending and receiving, he can do it easily, firewall or no firewall. Unless you're using an encrypted VPN when traveling about, stay away from your bank account or any other sensitive data that you normally have access to.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top