Is a Firewall necessary?

Alwyn · Dec 7, 2010

When I spoke to an Applecare rep yesterday we discovered that the Firewall was inadvertently blocking a download.

She advised me to turn the Firewall off. I have done so but I am concerned that this might lead me unintentionally to log onto a site that isn't 'trusted'

CrimsonRequiem · Dec 7, 2010

Add the app to your save list and turn back on your firewall.

6string · Dec 7, 2010

If you are connected to your own modem/router, it will already have a firewall on by default.
I would only use my software firewall when connecting to a wifi hot spot, etc.
It doesn't really hurt to have it on if it makes you feel more secure, but I have run tests with and without my software firewall on shields up, and passed on all accounts both ways.
https://www.grc.com/x/ne.dll?bh0bkyd2

chas_m · Dec 7, 2010

Short answer: no, its not necessary.

McBie · Dec 7, 2010

chas_m said:
Short answer: no, its not necessary.

Hmmmm ... I think this is " cutting corners " a little bit ....

Every computer user, no matter what the operating system is, has 3 layers of defense:
1) A Firewall
2) Anti malware product
3) Common sense

There are as many opinions as there are readers, but if the suggestion is to turn off firewalls, and in other threads it is advised to turn off anti malware, then the only line of defense is 3) Common sense.

Yeah .... right .... we are human so we all know what that means.

My suggestion is to have the built-in firewall ON ( As Crimson indicated above ). It is not bulletproof, but it adds another layer.

For what it is worth .... the holiday season is upon us so beware of E-cards,
requests for charity contributions, nice screen savers etc.....
When presented with a shopping advertisement, don't click too quick.
( Sometimes the mouse is faster than the brain )

My 2 cents.

Cheers ... McBie

technologist · Dec 7, 2010

Firewall Configuration Info

Mac OS X v10.5, 10.6: About the Application Firewall
Mac OS X 10.6 Help: Setting firewall access for services and applications

McBie · Dec 7, 2010

6string said:
If you are connected to your own modem/router, it will already have a firewall on by default.
I would only use my software firewall when connecting to a wifi hot spot, etc.
It doesn't really hurt to have it on if it makes you feel more secure, but I have run tests with and without my software firewall on shields up, and passed on all accounts both ways.
https://www.grc.com/x/ne.dll?bh0bkyd2

Good to know that GRC only checks the first 1024 ports and usually that's not where the problem is, they are well regulated by IANA.
Ports above 1024, where there is more freedom, can be used for bespoke applications by multiple vendors, each with it's own implementation.
These are the ports to watch out for, and if you see activity on these ports, you better understand which application is having these ports open.

Cheers ... McBie

schweb · Dec 7, 2010

Alwyn said:
When I spoke to an Applecare rep yesterday we discovered that the Firewall was inadvertently blocking a download.

She advised me to turn the Firewall off. I have done so but I am concerned that this might lead me unintentionally to log onto a site that isn't 'trusted'

Official Antivirus, Malware, and Firewall FAQ

harryb2448 · Dec 7, 2010

Read schweb's excellent article and in short, if you are using a public network such as library, school, internet cafe, activate Firewall, if from home modem/router, stop it.

Firewall does not control where you go, just what connects and comes in.

My_MAC_MBP · Dec 7, 2010

Hello,

Little Snitch is a good app that lets you know what programs are trying to connect to what ip addreses and ports.

newscribe · Dec 7, 2010

Hi,

As a relatively new user I too asked this question, many here gave good advice and hints,;D ran shields up and was impressed so do not turn the firewall on when Im on my home WiFi network only use it at Airports etc.
It took a while but now feel comfortable with it turned off, just another learning curve re switching to Mac.

As with all things at the end of the day it is your choice.

Raz0rEdge · Dec 7, 2010

A firewall is a VERY useful protection to have on your network. I'd suggest a hardware firewall (available in all routers) as your first line of defense. Running a second software firewall on your machine can also be good, but not necessary..

Regards

chas_m · Dec 7, 2010

IME running a second firewall just causes issues and problems rather than "adds a second layer." It generally just conflicts with the first layer, since they are doing the same thing.

Back ten years ago I would have recommended the software firewall for most people, but today it's pretty much a non-issue, since most routers (including the ones used for public wifi spots) have a (superior) hardware-based firewall.

The other issue I run into a lot is that people misunderstand what a firewall does. It will not stop you getting a virus (on a PC). It will not magically protect your credit card number or other sensitive info. It will not block phishing sites, or trickware sites. In short, it will not protect you from being dumb. All a firewall does is stop snooping software from snooping your open ports. Which, on a Mac, are none (other than the well-protected standard ones every internet connection requires). So, in a nutshell, you're good -- because you chose a smarter computer and a better OS.

This is why Apple ships machines with the software firewall off, and why I suggest most people leave it off. There are obviously a few exceptional cases where you might want it, and that's why it's there -- but broadly speaking for most users it does nothing you need doing.

McBie · Dec 8, 2010

Anyway ... Mine is always switched ON
If I go into Starbucks I can simply ask for my coffee and I don't have to ask the waitress if her router has the firewall switched on, because if she hasn't i will have to switch mine on before i connect to her public network.

Keep things simple.

Cheers ... McBie

6string · Dec 8, 2010

To the OP.... I'll quote McBie on this one

Keep things simple.

If this puts your mind at ease, there is no harm done!

When you say a firewall was blocking a download, I am guessing that you really only mean that you had to give permission!

I'll quote McBie again here:

Common sense

If you are downloading something that you trust.... but even then, a firewall isn't going to protect you against downloading something dodgy, it's only going to ask for your authorisation on some things.

While typing this, I decided to google it to give you my non-layman's description

Firewall (computing) - Wikipedia, the free encyclopedia
As I like to say ....Happy Mac'n

jram · Dec 8, 2010

Since public hotspots generally don't use encryption, you should assume that anyone can see your Internet traffic. I have my firewall on and my file sharing off , even at home and behind my router. I have never had a download stop because of a OS firewall and never even heard of such a thing..

6string · Dec 8, 2010

jram said:
I have never had a download stop because of a OS firewall and never even heard of such a thing..

This is what confused me about the thread.... and made me repost.
With or without a firewall, never had anything interrupt a download, prevent a download, or even ask me (like windows) if I'm sure I want to go through with it.

I'm still uncertain as to what the OP meant

chas_m · Dec 8, 2010

The above two posts are exactly what I'm talking about. Firewalls have nothing to do with encryption, nor do they have anything to do with routine internet interaction, thus it offers NO protection for either of those things.

Is a Firewall necessary?

Alwyn

CrimsonRequiem

6string

chas_m

Guest

McBie

technologist

McBie

schweb

harryb2448

My_MAC_MBP

newscribe

Raz0rEdge

Well-known member

chas_m

Guest

McBie

6string

jram

6string

chas_m

Guest

Shop Amazon