Does Your Mac Need A Firewall For Protection?

The internet is a scary place. At any point in time there are thousands, tens of thousands, perhaps hundreds of thousands of intruders who want to get into your Mac.

Your Mac comes with a built-in software firewall. Is it enough? Do you need more?

The answers will depend on your needs, problems, and the importance or value of the files on your Mac. If your Mac isn’t connected to the internet and you’re the only one who uses it, there’s less of a problem.

For the rest of us there is always that concern that someone will develop a virus or worm for the Mac which will become airborne and infect Macs all over the world. That’s not likely to happen, but an ounce of prevention is worth a pound of cure.

How do you prevent unauthorized access to your Mac and valuable files? If your Mac is at home or in an office, having a secure password is a good start. Setting the screen saver to password mode can keep away prying eyes.

For internet users security should be a concern if your Mac’s files are valuable to you. Your Mac is probably connected to the internet via a router, possibly in the form of a DSL modem or cable modem. That offers a thin veneer of first line protection.

At the heart of your Mac is the software firewall built in to Mac OS X. Oddly enough, Apple doesn’t make a big deal out of the firewall, not even shipping Macs with the firewall turned on.

You can find the firewall in the System Preferences under the top row Security icon. Click it. The tab selections are General (basic security settings), FileVault (encryption for your files), and Firewall.

The default setting on your Mac’s firewall, that software layer which can prevent unauthorized access to your Mac’s communication ports, is, well, set to allow all incoming connections.

That tells me that Apple thinks the Mac is very secure in the default settings (the built-in IPFW, and Leopard’s application firewall). Indeed, in the System Preferences Sharing section, all the basic access services, such as screen sharing, file sharing, web sharing, remote login, printer sharing, and remote management, are turned off.

Is your Mac secure? Yes and no. Yes, for most of us, the default settings will prevent remote access to your Mac. Why should you turn on the firewall and how do you do it?

Back to the Security section of System Preferences. Click on Allow only essential services. This closes down most communication ports except those used by various Mac applications.

Click the Advanced button. The two settings are Enable Firewall Logging, and Enable Stealth Mode. Stealth Mode is a handy setting as it prevents your Mac from telling anyone else on the network that you’re Mac is there.

Should you buy additional firewall software for your Mac? If your paranoid or your Mac’s files are very valuable to you and might be valuable to someone else, yes.

Two Mac security products I’ve used (among about a dozen I’ve tried) include Intego’s NetBarrier X5($50) and Open Door’s DoorStop ($49).

DoorStop is a replacement firewall for your Mac that gives you more control over the communication ports. It’s elegant, straightforward and features a Mac-like interface. Experienced Mac users can figure out basic settings without the manual.

Your Mac’s critical communication services, which could allow harmful attacks, are protected by name or port numbers. Specific IP addresses can be opened or closed. Four modes make it easy to deny all access, allow all access, or allow by address or deny by address.

I’ve used DoorStop for years and it works as advertised; an elegant solution to help reduce your security fears.

If you prefer a solution with more bells and whistles, and a bucket full of features, then Intego’s NetBarrier X5 is a decent, albeit complicated choice.

Complicated? It’s just a firewall, right? Nope. It’s a list of features, some of which are beneficial (firewall), some of which are dubious. If you like features and bullet points, you’ll love NetBarrier X5.

NetBarrier comes in many flavors. The $50 version, for a single Mac, installs the much-dreaded kernel extension, three Dashboard widgets, and four applications.

There are plenty of presets so you don’t have to know all the details of configuration. NetBarrier controls incoming and outgoing TCP/IP traffic, monitors intrusions such as port scans, ping floods, and even frequent communication between your Mac and other Apple devices.

Beyond the basic security items, NetBarrier protects WiFi networks, hides your browser information from web sites, blocks banner ads, provides individual cooker control for your browser, and offers some protection against spyware, Trojan horses.

Are there really any spyware or Trojan horses attacking Macs in the wild? Hardly. There may be one day, but for now, such attacks are mostly an attacker’s dream. Still, a little extra prevention might be worth the danger of a cure.

Interestingly, NetBarrier X5, loaded with features well beyond that of a firewall, is priced within a dollar of DoorStop which amounts to an elegant, though simple firewall interface.

If you don’t mind feature bloat and plenty of manageable complication, NetBarrier X5 may make you feel more secure. The easier to install and operate DoorStop covers the basics. That’s what I use now.