Welcome to the MacNN Forums.

mak_attack · Apr 10, 2005, 02:13 PM

hi,

i have been using a mac with osx for well over a month now and rarely use my windows based pc.

on the pc i had avast (virus), zonealarm (firewall), adaware and spybot running for my protection.

when i bought my mac i was told by my friend that i would not need the above.

is this 100% true?

the mac is used for 12+hrs a day.

should i think about added protection? or is osx that great for me not to worry?

thanks,

OptimusG4 · Apr 10, 2005, 02:32 PM

As long as you have the built in firewall turned on, you should be pretty safe. (System Prefs-->Sharing-->Firewall)

mak_attack · Apr 10, 2005, 03:08 PM

hi,

thanks for that OptimusG4.

i went to put the firewall on and it will not let me 'start' it. above it, it says firewall unavailable.

what should i do?

so no zonealarm or norton for me? cool.......no system slowdown

thanks,

OptimusG4 · Apr 10, 2005, 03:21 PM

You could try this article on Apple's support page: http://docs.info.apple.com/article.html?artnum=107786. Note that even if you didn't do an upgrade, you can still try what it suggests.

mak_attack · Apr 10, 2005, 03:40 PM

above link doesn't work

tried safari and firefox - nothin happens

thanks,

ghporter · Apr 10, 2005, 03:48 PM

Originally posted by mak_attack:
above link doesn't work

tried safari and firefox - nothin happens

thanks,

It worked for me. Here's what the article says:

Mac OS X 10.3: Firewall Unavailable After Upgrade Installation
The Mac OS X firewall may no longer be available if you perform an upgrade installation of Mac OS X Panther. An "upgrade" installation is when you install version 10.3 over an earlier version, such as 10.2.8, without first erasing the disk.

Symptom

Firewall is no longer available in Sharing preferences. When you look there, you may see this message:

"Other firewall software is running on your computer. To change the Apple firewall settings, turn off the other firewall software."

The status may say "Firewall Unavailable," and the Start button may be dimmed.

Products affected

* Mac OS X 10.3 through 10.3.1.

Solution

This happens if both printer sharing and the firewall were turned on in Mac OS X 10.2. Download and install Mac OS X 10.3.2 or later.

If you're not ready to update, follow these steps to resolve the issue:

1. Click the Finder icon in the Dock.
2. From the Go menu, choose Go to Folder.
3. Type: /Library/Preferences/
4. Click Go.
5. Locate this file: com.apple.sharing.firewall.plist
6. Drag this file to the Trash (see Note).
7. From the Apple menu, choose Restart.

Note: This step removes any custom port settings you have made to the firewall. If you previously opened any ports, you will need to do so again. If you do not want to lose your custom settings, use the Advanced solution below.

Advanced solution

You can use this solution to avoid losing your custom settings, but you must be comfortable with editing a text file in Terminal. Follow these steps:

1. Open Terminal (/Applications/Utilities/).
2. Type: sudo pico /Library/Preferences/com.apple.sharing.firewall.plist
3. Press Return.
4. Enter your administrator password when prompted, and press Return.
5. Using the arrow keys, scroll down to these two lines:

<key>allports</key>
<array>

6. Directly under "<array>", add a new line containing this text:

<string>515</string>

7. Press Control-O to save the file, and Return to confirm.
8. Press Control-X to exit pico.
9. Restart the computer.

spacer
Search
Advanced Search | Help

Keywords
Help

* kmosx3
* ktech

Email This Article
Log in to send email
Did this article help you?
It solved my issue...
Tell us what works for you.

It's good, but...
Report typos, inaccuracies, etc.

It wasn't helpful...
Tell us what would have helped.
Languages
This article is available in the following languages:

* English
* 日本語

Article ID: 107786 Date Created: October 23, 2003 Date Modified: December 18, 2003

mak_attack · Apr 10, 2005, 04:16 PM

tried the above. it didn't work

hmmmm and all the time i thought the firewall was on and working

ill try and resolve the problem somehow

going back to what i originally posted: generally the feeling is that i don't need anything on top of basic protection provided by osx?

thanks,

ryaxnb · Apr 10, 2005, 05:28 PM

http://www.lowendmac.com/musings/05/0407.htmlhas good reasons to get an antivirus, and if none apply, don't get one. Firewall should be turned on for safety. Search Mac Help for firewall to find out how to turn on the firewall. (10.2+ only). And Spyware protection is not needed on Mac.

I have no virus scanner on my Mac. Never needed it.

mak_attack · Apr 13, 2005, 01:56 PM

hi,

finally managed to fix the firewall

so in conclusion:

I DO NOT need a 3rd party firewall / virus software / adaware protection and various other protection software.

i can therefore use the mac without additional protections to that of OS X ?

thanks,

mitchell_pgh · Apr 13, 2005, 02:31 PM

Nothing is 100% in life...

I run norton because it does show me PC viruses that I receive. While they aren't going to do anything to me, I could pass them along to someone else (in Word documents etc. etc.)

It's for kicks more than protection.

eyadams · Apr 13, 2005, 04:20 PM

i can therefore use the mac without additional protections to that of OS X ?

I have run OS X from since the Public Beta. My machine is connected via cable to the Internet, and it is on all the time. I don't even have it set to sleep, owing to some stability issues related to sleep and an older PCI card I use. I only just turned on the firewall a couple of months ago. For email viruses, my provider offers virus protection on their end, and I have it turned on.

In five years I have had no problems. No viruses, no spyware. Popups used to be blocked 100%; now a few creep through, but that's not just a problem on the Mac so I'm not particularly worried about it.

However, I also try to be careful. I don't have file sharing or remote access turned on. I don't run as an Administrator account, and my other users don't either. All my accounts have passwords, although some of them are trivial (try to get a 6 year old to remember a random string of numbers, letters, and meta characters?)

For now, don't worry. And follow the news - when there's a virus you need to worry about, it'll be news. And not just here - when there's a genuine virus for Mac OS X, it'll be everywhere - "FIRST VIRUS FOR MAC OS X FOUND!"

mak_attack · Apr 13, 2005, 05:55 PM

thanks eyadams for your thoughts and info provided on the subject of mac protection.

ghporter · Apr 13, 2005, 09:30 PM

The overwhelming consensus of the Mac community is that there is nothing to fear from viruses-primarily because most of us feel smug that only Windows will be targeted by viruses. At the present time there aren't any Mac viruses, or anything else that hurts Macs in the wild.

I use Symantec Client Security because I'm paranoid, and when the nasty bug that breaks down the "Macs are immune" barrier comes around, I want to be able to post "I told you so."

As long as your OS X firewall is running AND properly controlling what's going in and out (DO NOT simply tell it to let everything that asks through!!!), then you're probably better protected than you absolutely need to be.

Millennium · Apr 14, 2005, 06:32 AM

Ideally, you should run some anti-virus software; there are no viruses yet, but we are not invincible, and these things will scan for PC viruses too anyway. Sophos makes a very reputable client. Avoid Norton and Virex. The open-source ClamXav isn't quite ready for prime time yet, but keep an eye on it; there's a lot of promise there, and a new release is said to be coming soon.

OSX's built-in firewall will work about as well as ZoneAlarm did, though Apple's interface to it isn't very good. You may want to check out a third-party firewall configurator like BrickHouse or Impasse.

As for spyware scanners, none have appeared yet which have garnered a good reputation. This is partly a vicious cycle; only one piece of spyware has ever appeared on OSX -a port of LimeShop- and even its maker no longer uses it.

Don Pickett · Apr 14, 2005, 10:06 AM

If you get the urge for more protection, the built in Unix firewall (ipfw) is pretty configurable. You can do it the hard way, from the Terminal (type "man ipfw") or you can get a shareware app like Brickhouse, which is a GUI front-end for ipfw.

CatOne · Apr 14, 2005, 12:03 PM

Originally Posted by OptimusG4

As long as you have the built in firewall turned on, you should be pretty safe. (System Prefs-->Sharing-->Firewall)

You know, it's not really necessary to run the firewall. OS X ships with NO services on by default. As such, there is nothing "listening" that can be attacked... attacks on ports with no services listening will fail.

So having a firewall operating to actively block those ports actually does nothing.

And if you turn on a service (file sharing, etc.,) the firewall must be open on that port, so again, no real gain.

OS X (the client version, server is different) is secure and unattackable as it ships. Firewall is there, but not necessary. You may *think* you're being "extra safe" by enabling it, but in fact it makes no difference.

CatOne · Apr 14, 2005, 12:04 PM

Originally Posted by Don Pickett

If you get the urge for more protection, the built in Unix firewall (ipfw) is pretty configurable. You can do it the hard way, from the Terminal (type "man ipfw") or you can get a shareware app like Brickhouse, which is a GUI front-end for ipfw.

"The urge for more protection" like what specifically? See my message above -- it makes no difference either way, unless you want to do packet inspection.

Randman · Apr 14, 2005, 12:12 PM

I only run it about once a month but I use Virex since it comes free with .Mac.

Millennium · Apr 14, 2005, 12:14 PM

Originally Posted by CatOne

You know, it's not really necessary to run the firewall. OS X ships with NO services on by default. As such, there is nothing "listening" that can be attacked... attacks on ports with no services listening will fail.[/b]

That doesn't actually matter much. The point is to prevent malicious code from secretly opening a port to receive files or commands, by ensuring that even if such code manages to do this nothing will be able to connect to it.

That's just it: a good security system is designed not just to keep The Bad Guy out, but to keep him from doing stuff if by some chance he gets in. Good systems are designed in ways that even if one aspect fails the rest are intact. That's the point of running a firewall.

OS X (the client version, server is different) is secure and unattackable as it ships.

Patently false. Although it is very difficult to attack an OSX machine in its default configuration, it is far from impossible. There is no such thing as an invincible computer, not even a Mac..

You may *think* you're being "extra safe" by enabling it, but in fact it makes no difference.

It only makes no difference if you're lucky enough not to get malware. If you do, then the difference suddenly becomes very real.

Stradlater · Apr 14, 2005, 12:25 PM

Originally Posted by mitchell_pgh

Nothing is 100% in life...

I run norton because it does show me PC viruses that I receive. While they aren't going to do anything to me, I could pass them along to someone else (in Word documents etc. etc.)

It's for kicks more than protection.

Uninstall, immediately. Norton is poorly programmed and causes way more problems than it prevents (it prevents none, really). NAV has completely deleted Mail.app mailboxes in the past when a PC virus was detected in a single email.

Don Pickett · Apr 14, 2005, 01:23 PM

Originally Posted by CatOne

"The urge for more protection" like what specifically? See my message above -- it makes no difference either way, unless you want to do packet inspection.

Just because there are no exploits now does not mean there never will be. More of a 'better safe than sorry' approach, I admit.

ghporter · Apr 14, 2005, 05:42 PM

I've seen that some people have had some pretty bad experiences using Norton Antivirus. I believe that's a configuration issue-out of the box NAV offers the most extreme options when it encounters a virus, and unfortunately they aren't as plain and well worded as they should be.

On the other hand, Symantec Client Security is much friendlier, uses the same highly regarded heuristics and pattern matching that NAV does, and works out of the box without any need to "tone down" its response to identified viruses.

I must state that telling someone to "delete immediately" any app they have, particularly one that they are not having trouble with, is irresponsible. There is no problem with NAV that simply reading the messages and thinking about what they mean (with a possible reference to the documentation) won't clarify immediately. NAV will NOT automatically delete anything.

arjay · Apr 15, 2005, 07:07 PM

I've been trying clamXav occasionally, and never knew whether it was working or not, as until today, I haven't received any hits. I received an email today with an attachment named: forest.rar

I didn't receive any notice from clamXav, so I am guessing it is not screening incoming mail, but when I had it check the file, it determined that it was a virus and quarantined it. I'm not sure how useful that is, as I would have had to have deliberately extracted that file for it to do anything, if it would do anything. I haven't heard of it before; has anyone else? (The virus I mean)

I'm always concerned about virus/trojans etc, since I run an XP machine as well, but this is the first one I've run across on the Mac. I may look into a retail product now however. I would like something to alert me upon receiving mail that it contains a virus, rather than me having to screen them myself.

arjay

arjay · Apr 15, 2005, 07:22 PM

Update to my message above. I went to the Symantec site and searched for the worm identified by clamXav. clamXav labeled it: Worm.Bagle.BB
The closest thing I could find in Symantec was w32.worm.beagle.b which is a Windows worm and doesn't affect the Mac.

arjay

Stradlater · Apr 15, 2005, 09:02 PM

Originally Posted by ghporter

I've seen that some people have had some pretty bad experiences using Norton Antivirus. I believe that's a configuration issue-out of the box NAV offers the most extreme options when it encounters a virus, and unfortunately they aren't as plain and well worded as they should be.

On the other hand, Symantec Client Security is much friendlier, uses the same highly regarded heuristics and pattern matching that NAV does, and works out of the box without any need to "tone down" its response to identified viruses.

I must state that telling someone to "delete immediately" any app they have, particularly one that they are not having trouble with, is irresponsible. There is no problem with NAV that simply reading the messages and thinking about what they mean (with a possible reference to the documentation) won't clarify immediately. NAV will NOT automatically delete anything.

Within the past year:

If Norton Anti-Virus 9.0 [...] detects the MyDoom virus in Apple Mail, it may delete the mbox from inside the INBOX.mbox package, thus emptying the InBox.

I believe that the issue was fixed in an update, but remains in the box install.

It's safer to NOT have NAV installed in OS X. I'm sorry if you feel that a valid recommendation is "irresponsible," but even someone with a perfectly-functioning (so-far) installation can lose their entire inbox.

Stradlater · Apr 15, 2005, 09:05 PM

Originally Posted by arjay

Update to my message above. I went to the Symantec site and searched for the worm identified by clamXav. clamXav labeled it: Worm.Bagle.BB
The closest thing I could find in Symantec was w32.worm.beagle.b which is a Windows worm and doesn't affect the Mac.

arjay

You realize the former is a Windows worm too, right?

Fusion · Apr 16, 2005, 12:31 AM

I don't understand the comment, "I want to post 'I told you so'"

Somehow if a Mac virus ever gets spread in the wild, Norton is just going to all the sudden know what it is, know how to look for it and be able to actively handle such virus? This makes no sense?!?!?!? How in the world does Mac anti-virus look for viruses when none exist?!?

I have always found that argument flawed, the "just in case one day it happens" argument. Just in case one does happen, I highly doubt Norton will be the wall that stops it. I mean, seriously, are you really banking on it?

And I agree with Stradlater, it is much safer in OS X to not have any Norton product installed. You can blame it on all the misconfiguration you want, but I have seen some Mac users have insane problems with the app doing stuff it shouldn't. It is poorly coded.

In response to the original question, the best secure thing you can do is back up your data very very regularly. Depending on how important your data is to you, this could change, but I recommend people do a HD backup about once a week. Absolutely no software can take the place of a well scheduled backup.