[equinox]

I am looking for i firewall, where the app pops up to tell me tha a program i trying to connect to the internet and then lets me decide to allow or deny. Does it exist on Mac OS X ?

Regards,

Peter

[Cipher13]

That isn't a firewall.

Try Little Snitch.

[JB72]

I think FireWalk X might do what you need. Although I don't know if anything will be popping up at you.

[Spliff]

Little Snitch is what you're looking for.

http://www.versiontracker.com/dyn/moreinfo/macosx/17642

[equinox]

Thanks! That's what i was looking for! But sadly it is very expensive.

[typoon]

HOw bout Net barrier?

[gatorparrots]

Why not just use the default kernel firewall (ipfw)?

You can use either the built-in System Preferences pane interface, Brickhouse [shareware-$25] (http://personalpages.tds.net/~brian_...rickhouse.html), or sunShield [freeware](http://homepage.mac.com/opalliere/Menu3.html) to access the more in-depth features of ipfw.

[klinux]

Originally posted by Cipher13:
That isn't a firewall.

Feel like explaining? ZoneAlarm can be configured to block/allow virtually all kinds of ingoing and outgoing traffic. It is an excellent program.

[Millennium]

Originally posted by gatorparrots:
Why not just use the default kernel firewall (ipfw)?

Because last anyone knew, ipfw only allows you to block by port, not by app.

Both types of firewalls have their place in a secure machine. ipfw and other firewalls of its ilk (known as packet-filtering firewalls) are good for blocking incoming traffic, such as hackers or dDOS attacks. Application-filtering firewalls, such as ZoneAlarm, Little Snitch, and FireWalkX, are good for dealing with outgoing traffic, such as spyware.

[WombatPredator]

I dislike apps like ZoneAlarm and their ilk with a passion. On top of being tacky (it's as if my computer's security depends on me getting assaulted by pop-up windows every 2 minutes), I strongly doubt that there is much they can offer that a port-based firewall can't. They bring to the Application Layer something that should be left at the Session or Network Layers and, as every good computer professional knows, that's a bad thing (more info on the OSI layers at http://computer.howstuffworks.com/osi1.htm).

If your firewall is properly configured (both ways, for inbound and outbound packets) and you're running an operating system that doesn't expose itself like a cheap prostitute (I'm looking at you, Win32), things like spyware shouldn't be an issue.

Also, application-based firewall nurse you into a false sense of security. If you want to be serious about securing your box, you should educate yourself first and not rely on some application to do so. Educating yourself will go way further into making your box secure than any piece of software sold by anyone.

In short, I believe that application-based firewalls are kludges put in place to circumvent the problems of a poorly implemented firewall. I agree with Cypher13, those are not firewalls.

[Millennium]

Application-based firewalls (which, I'm afraid, do meet all accepted definitions of firewall) are no substitute for a good port-based firewall, this is true.

However, neither is a good port-based firewall and substitute for a good application-based firewall. The most secure systems out there will use both.

Why is this? Because each of these types of firewall has a fatal weakness that the other lacks. The fatal weakness of port-based firewalls is that they don't discriminate; "good" apps can be blocked if your policy is too tight, and "bad" apps, if they go through on trusted ports, still make it out.

The fatal weakness of application-based firewalls, on the other hand, is that they have to rely on a trusted-code model, and so a well-done Trojan horse can still get through where a port-based firewall would catch the problem. However, properly done, they can alert a user

In the end, you're relying on a shockingly naive assumption: that computer security is unbreakable. The only machine that cannot be hacked is a machine that's not connected to any network, turned off, surrounded by armed guards, and with a broken power switch, and there's probably a way to hack that machine too. The minor annoyance of a single popup per application -and that's what it is; a single popup, which need not appear "every two minutes"- is a critical part of security, because that's the mechanism by which the user is allerted to potential hack attempts. It's not enough to make an application-based firewall that blindly accepts everything without warning the user.

Frankly, even a port-based firewall isn't enough. This is why OSX needs an intrusion-detection system as well. There are enough Open-Source systems for this out there that Apple could draw on, and even should they decide to do their own, the concept isn't particularly difficult. They control the OS distribution, so they could easily store the needed checksums for the default system files, and they could even make it extensible, such that third-party vendors could add checksums for their own files into the system.

[Cipher13]

Originally posted by klinux:
Feel like explaining? ZoneAlarm can be configured to block/allow virtually all kinds of ingoing and outgoing traffic. It is an excellent program.

The kind of product the user wanted is not a firewall, per se. I don't know what Zone Alarm is. Never used it. I recognised the request, gave a suggestion. The user did not want a firewall. Sure, technically, it might be a firewall, but I really don't care about technical definitions. IMO, it isn't a firewall. I suggested Little Snitch initially, which is exactly what the user wanted. Not a FireWall...

[Millennium]

In the traditional meaning, a firewall is simply a windowless non-flammable wall (or a wall of substantially heavier construction than other walls in the building) built to prevent fire from spreading beyond one section of a building. By extension, the computing world uses this term for a piece of hardware or software put on the network to prevent some communications forbidden by the network policy.

Firewalls come in several categories and sub-categories. The basic goal is to prevent intrusion from a connected network -- the difference is in how they try to accomplish this. The two major categories of firewalls are network layer firewalls and application layer firewalls.

Source: WikiPedia.org

Sorry to bust up your overly-narrow definition, Cipher, but ZoneAlarm and Little Snitch are firewalls, even though the latter of these doesn't refer to itself as such for some reason. It's a different paradigm from what you're used to, with its own strengths and weaknesses relative to the traditional sort, but that doesn't make it any less a firewall.

[Cipher13]

Originally posted by Millennium:
Source: WikiPedia.org

Sorry to bust up your overly-narrow definition, Cipher, but ZoneAlarm and Little Snitch are firewalls, even though the latter of these doesn't refer to itself as such for some reason. It's a different paradigm from what you're used to, with its own strengths and weaknesses relative to the traditional sort, but that doesn't make it any less a firewall.

I conceded that technically, they may be firewalls, but added that I don't care what the technical definition states.

That's like considering something that did nothing but detect ping floods a firewall. Sure, technically it may be one, but really... for my own purposes, I'll use my own definition.

I know this may be technically wrong, but again - I don't care.

[mosch]

Little Snitch looks to me like a feel-good application that doesn't offer much in the way of actual security. Sure, it'll prevent your software from phoning home, but it's not protection against a trojan horse.

It hooks in above the kernel level, so any trojan horse can be created as a kernel module, and then operate with impunity.

Also, it looks like anybody who controls a nameserver could create a fake PTR, to make it so their trojanned version of software update would say it's connecting to 'updateserver.apple.com' or something equally innocuous looking.

In short, I'd consider it a good protection against having your pirated software try to phone home, but I wouldn't consider it a serious security tool.

[klinux]

Originally posted by WombatPredator:
I dislike apps like ZoneAlarm and their ilk with a passion.

Man, in that case, I dislike people who dislike apps like ZoneAlarm with a passion then.

Do you expect most users to have hardware firewall and know how to configure them? If if that is true, as Millenium has pointed out, a hardware firewall is not a perfect solution either.

Until then, ZoneAlarm gives users who do not have a hardware firewall a very powerful and configurable protection against incoming or outgoing traffic. This is not limited to spywar per se. For example, what if you want an user to use IM but not IE? Or another user to browse the network but not to the internet. I concede that software firewall is not a perfect solution (only a non-networked machine is) but it is a step toward that direction.

On a separate note, Cipher13 is a big ignoramus. You admitted that you have not used nor do you have any idea what ZoneAlerm is or does. Yet, you felt free to define what ZoneAlarm is?

Furthermore, after others have pointed out your inaccuracies, you could have easily and graciously concede that you made a mistake - which would have been a cool thing to do, but you cannot even do that. Grow up.

[gatorparrots]

Originally posted by klinux:
On a separate note, Cipher13 is a big ignoramus. You admitted that you have not used nor do you have any idea what ZoneAlerm is or does. Yet, you felt free to define what ZoneAlarm is?

Furthermore, after others have pointed out your inaccuracies, you could have easily and graciously concede that you made a mistake - which would have been a cool thing to do, but you cannot even do that. Grow up.

OOoooh. Do I see a "Revenge of the Flame Warriors" pairing?

[klinux]

Nah, no war for me as this is my last post on this thread. Cipher13's words/actions speak for themselves.

[gatorparrots]

Back on topic:
HenWen 2.0
http://www.versiontracker.com/dyn/moreinfo/macosx/14778
GUI for Snort network intrusion detection system

Product Description:
HenWen is a network security package for Mac OS X that makes it easy to configure and run Snort, a free Network Intrusion Detection System (NIDS). HenWen's goal is to simplify setting up and maintaining software that will scan network traffic for undesirable traffic a firewall may not block. Everything you need to have is bundled in; there is no compiling or command line use necessary.

Features:

* Drag and drop installation (no installer or uninstaller necessary)
* Includes a precompiled Snort 2.0 binary for Mac OS X (with the Spade and ASN.1 patches applied)
* Supports all major Snort preprocessor and output plugins
* Supports statistical packet anomaly detection with Silicon Defense's Spade
* Supports all Snort rule sets, and makes it easy to add additional rule sets
* Supports configuring all current Snort rule variables
* Supports direct logging to MySQL databases
* Supports ODBC database logging (for PostgreSQL, Oracle, MS SQL Server, and more)
* Supports auto-blocking
* Can update Snort rules over the network
* Can set up Snort to run at system startup
* Includes a helper application, LetterStick, which can:
o Provide real-time security alert pop-up windows
o E-Mail alerts as they are received
o Speak the alert text, or play a sound effect, when an alert is received
o Use Terminal to view the Snort logs
* Supports modem and broadband network connections
* Runs on HFS+, UFS, AFP, and NFS volumes (SMB and other volume types should work as well, but they haven't been tested)
* Available in English, German, and French (in the same package)

[Millennium]

Originally posted by Cipher13:
I conceded that technically, they may be firewalls, but added that I don't care what the technical definition states.

In other words, you know you're wrong but you're so arrogant that you don't care. And yes, Cipher, you are being arrogant here.

As for that bit about LIttle Snitch not protecting against Trojan horses: actually, it can. At the absolute least, it can detect a Trojan horse trying to go through the network, even if that Trojan horse is a kernel module, because of the way the filtering mechanism works. In order to get around this, you'd have to make a Trojan horse that actually modified the kernel itself so that it could hide certain network communications. While this is theoretically possible, given the Open-Source nature of Darwin, it means that any Trojan that did this would have to lug around a complete copy of the kernel, and it's very hard to do that without getting suspicious.

Now, it's possible that Little Snitch wouldn't be able to stop a kernel module from doing its thing. However, it could still tell you that something is happenning, and that's much better than doing nothing at all.

Application-level firewalls are a complement to, not a replacement for, network-level firewalls. But that doesn't make them any less what they are.

[Cipher13]

Originally posted by klinux:
On a separate note, Cipher13 is a big ignoramus. You admitted that you have not used nor do you have any idea what ZoneAlerm is or does. Yet, you felt free to define what ZoneAlarm is?

Furthermore, after others have pointed out your inaccuracies, you could have easily and graciously concede that you made a mistake - which would have been a cool thing to do, but you cannot even do that. Grow up.

Uh huh. See if you can follow this:

Equinox asks for a piece of software, referring to it as a 'firewall'. I say I don't believe that kind of software is a firewall. Never did I single out ZoneAlarm. Would you care to show me where I said "ZoneAlarm is not a firewall"? I think you'll find that you are mistaken. Yep, that's right. See, I actually never mentioned ZoneAlarm, except for ceonceding that I'd never used it. My "that isn't a firewall" comment was also made before any mention of ZoneAlarm.

So... who's the idiot now? Yep, you. Go back to grade school and learn to read.

Secondly: I made no such mistake. I conceded that technically my definition was inaccurate, but I stand by it. I don't consider Little Snitch a FireWall. Don't like it? Tough. Get over it.

[Cipher13]

Originally posted by Millennium:
In other words, you know you're wrong but you're so arrogant that you don't care. And yes, Cipher, you are being arrogant here.

As for that bit about LIttle Snitch not protecting against Trojan horses: actually, it can. At the absolute least, it can detect a Trojan horse trying to go through the network, even if that Trojan horse is a kernel module, because of the way the filtering mechanism works. In order to get around this, you'd have to make a Trojan horse that actually modified the kernel itself so that it could hide certain network communications. While this is theoretically possible, given the Open-Source nature of Darwin, it means that any Trojan that did this would have to lug around a complete copy of the kernel, and it's very hard to do that without getting suspicious.

Now, it's possible that Little Snitch wouldn't be able to stop a kernel module from doing its thing. However, it could still tell you that something is happenning, and that's much better than doing nothing at all.

Application-level firewalls are a complement to, not a replacement for, network-level firewalls. But that doesn't make them any less what they are.

I don't consider those types of software firewalls. Is that arrogant? No.

By a dictionary definition, I'd probably be wrong. I know that. I concede that. But I don't consider a piece of software that sits idle waiting for a local application to try to connect to the outside world a firewall.

Again, don't like it? Tough. I couldn't care less.

[suprz's ghost]

Originally posted by klinux:

On a separate note, Cipher13 is a big ignoramus.
[/B]

unfortunately sir, making a statement like that only reinforces the fact that you have no idea of the amount of experience and skill and knowledge that cipher13 has when it comes to mac software and hardware related issues.

[GENERAL_SMILEY]

Cipher13 gave the right answer - as there is no firewall on the mac which acts as both an outgoing and incoming traffic filter (including specific app blocking etc...)

Admittedly he could have added the suggestion to pair snitch with another 'firewall' app, so it matched ZoneAlarm closer, but as he had never used Zone Alram, he could onlly go on it's original description as "where the app pops up to tell me tha a program i trying to connect to the internet and then lets me decide to allow or deny" - which is a fair description of Little Snitch.

Why did I feel the need to comment, bored I guess.

I pair the Snitch with Netbarrier, as it provides good ad blocking etc... Try it you might like it.