Jack wrote a quickie article on Mac firewalls. Click Here for the fun.

Two readers grumbled about there being no need for a firewall on the Mac, and another who said the whole idea (article) was silly. Fortunately, still another reader pointed out the obvious. The Mac appeals to users who have different requirements, therefore, some need a firewall, some not, some need more than the built in firewall in OS X Tiger.

Generally speaking, the Mac is exceedingly secure as a desktop operating system. Sys admins will tell you that Tiger Server is also very secure. Configuring a hardware firewall (or software) is no mean feat. Meaning, it ain’t so easy beyond the basics of Mac OS X.

If you’re on DSL or broadband cable, then your Mac is exposed to the rest of the world and there are many nasty people out there trying to get inside your computer; Mac or Windows. Dial up is a bit different but still has hazards.

Ron says the Mac360 servers get hit by a lot of spammers. These aren’t the email variety, though, email spam is plenty to deal with. Web sites that carry referrer information, particularly, weblogs, or blogs, get hit the hardest. Spammers want their referral links to show up in the weblogs. Ron captures referrer information but we don’t display it. Still the spammers come.

That’s just spammers. It’s probably a good thing that Apple doesn’t make access to certain logs easy for the average user. It would scare you to death to see who’s knocking on your Mac’s door. And how often.

Do you need a firewall? Do you need to know about the ‘open ports’ and what to do about them? If you’re connected to the Internet, yet. How much time and effort you put into locking down your Mac so it’s ultra tight depends on what’s on your Mac and how safe you want it to be. And, as Jack says, how paranoid you are.

Do you have a firewall? Is your Mac safe? Why? Why not?

I pulled one of the quotes from the comments:

“This article seems pretty silly to me. The danger to Mac users comes from crackers breaking into other machines, mostly PCs, or stealing data from inside or on tapes in transit. Foolish people who respond to phishing emails are asking for trouble unrelated to the computer they use. There are millions of attempts daily that attack all IP addresses and all ports, today’s version of war-dialing 10 to 20 years ago where computers dialed every phone number to test for an answering modem. Knowing that, even knowing the IP address of the source of the attack, does no good. What do you do with the information? Do you look up each address to find who owns it and send an email to the admin? Most such attacks come from abroad or from compromised PCs with unsuspecting owners. I once notified a corperate admin of such an attack. He was grateful and said he would fix the problem right away. I liked doing the good deed but it took a half hour of my time for one attack from one IP address using an automated system to look up the owner. So stay with your Mac, don’t respond to phishing emails, and quit worrying. If someone steals personal information about you, it won’t be from your Mac over the internet. Life is too short to waste on this.”

How naive can a person be? Firewalls are trouble. They’re complicated. They’re a lifesaver for some, an addiction for others, and just need to be ‘on.’ For most Mac users, we just want to keep out the majority of the thieves, as most will knock and move on. Still…

At the Shields Up site, you can test your firewall. Go to the site. Click proceed. Click common ports. If the status is stealth in all rows, that’s good. How good? Dunno. I’m no geek. My greatly geeky son says, that’s good. Shields Up: https://www.grc.com/x/ne.dll?bh0bkyd2

I never bothered to use a firewall till I read the article.
I put up Tigers in like 2 mins.

I wasn’t really in danger before, but I can always be safer