[Tiffany Mac]

I'm new to this forum and to Mac's in general. I'm still learning how to use my macintosh, but when i was clicking in the control panel (specifically in Sharing) i noticed that a 'firewall' tab existed. Should i have this set to 'ON' ? Will people be able to break into my mac?

My brother says software security is no good. He says that i need to purchase an actual box. What is your experience with the Mac's built in Firewall feature?

=) Tiffany

[Millennium]

Mac OS X has a powerful firewall built right in.

However, the interface they give you to configure it is pretty bad. Several freeware and shareware frontends exist which allow you much greater control; if you do a search on [url=http://www.versiontracker.com] for "firewall" you will find these, as well as a few standalone firewall programs.

Firewalls are a good first line of defense against crackers. If you are not running any servers on your machine (including remote login, file sharing, Web sharing, or FTP) then theoretically no one should be able to break in, but it is possible that you could be tricked into running something which acts as a server, so firewalls are still a good idea. Despite what your brother says, software security is generally fine for most applications, particularly if the machine the firewall runs on isn't running any servers. Even if it does run something like remote login, you can configure the firewall to refuse connections from "outside" the firewall, and then you're safe again.

Personally, I recommend Brian Hill's BrickHouse software, however the learning curve is a bit steep. OSX's firewall interface, while not as good as it could be, does get the job done. You can safely turn it on.

[pat++]

The built-in firewall is very capable, and will protect your computer as any other external box would.

[Thinine]

Unless you're running an important web server from your computer or are just paranoid, there is no reason for a private citizen to have an actual firewall. In fact, I would say that even the software firewall is unneeded for most people. It is highly unlikely that your computer would be targeted by a hacker and even then, it's unlikely to have an affect on you anyway. I'm guessing your brother is a Windows user, so security is a problem for him. But with a Mac, you are almost totally invulnerable to most attacks. Don't worry about it.

[Millennium]

Originally posted by Thinine:
Unless you're running an important web server from your computer or are just paranoid, there is no reason for a private citizen to have an actual firewall. In fact, I would say that even the software firewall is unneeded for most people. It is highly unlikely that your computer would be targeted by a hacker and even then, it's unlikely to have an affect on you anyway. I'm guessing your brother is a Windows user, so security is a problem for him. But with a Mac, you are almost totally invulnerable to most attacks. Don't worry about it.

Whatever you do, do not listen to this advice. Contrary to popular belief, crackers are interested in just about every machine they can get their hands on. Even those without "interesting" data are useful as launch points for attacks on bigger fish. Never think that the odds of your being attacked are too small; that is a recipe for disaster.

It is true that as a Mac user, you're immune to most known attacks. There is exactly one reason for this: no one has yet cared enough to develop one. That will change, sooner or later, and you will want to be protected when that occurs.

[:XI:]

i'm on dialup, so my connection isn't always on. i don't run any servers. my firewall is on. why?
better safe than sorry. it's (probably) not as good as a dedicated hardware firewall but it's better than nothing.

[sideus]

What about if my computers are behind a router that has all outside ports closed? Any need for the firewall in OS 10?

[Millennium]

Originally posted by sideus:
What about if my computers are behind a router that has all outside ports closed? Any need for the firewall in OS 10?

The router acts as a firewall if it's closing off ports. So there's no need for you to use OSX's built-in firewall, since you're already behind one anyway.

A second firewall, particularly since it's of a different type than the first, could provide an interesting second line of defense, but it's nowhere near as important. In the end, it's your call, but I wouldn't call it necessary.

[mcdoken]

anybody know how to start/stop/config the firewall from the command line rather than the gui?

[gorgonzola]

Originally posted by mcdoken:
anybody know how to start/stop/config the firewall from the command line rather than the gui?

Use the ipfw(8) command. The easiest way to disable it is to add an initial rule that allows everything through.

[ja]

If you have it why not use it
especially if you walk around with your powerbook using airport
[next time you are in starbucks or wherever try coomand-K and see how many interesting names come up]

just be wary of what you have open in your sharing prefernces - watch out for apple talk [in 'network'] etc
if sharing is on your drop box is open for anyone to put anything in

also
anyone have any experience using Location Manager?
I ALWAYS forget to switch location from the apple menu
also does it handle sharing preferences for different locations?