How Secure Is Your Mac? Do You Need A Firewall?

By Jack D. Miller • Tuesday, September 27, 2005 • Home » Tips and Tricks »

Secure ‘Only the paranoid survive.’ I don’t know who said that but the more I look at life connected to the Internet, the more there’s security in paranoia.

After all, if everyone is out to get you, paranoia is the right attitude to have. Is your Mac secure? Yes. And no. Do you need a firewall on your Mac? Yes.

I’m certain of that because Apple includes a very powerful firewall built in to Mac OS X. A firewall is basically a software application (or hardware running a software application) which limits access to your computer.

Incoming access. Outgoing access is a different story (more on that at another time). Who’s banging on the door of your Mac? You’d be surprised.

What got me thinking about security for the Mac is a situation our Mac360 sys admin ran into regarding what is known as ‘referral spam.’ He was complaining about a site he manages that gets just a few hundred visitors a day but gets hundreds of megabytes of referrer spam. Daily.

All those hits to a Mac suck up bandwidth and system resources. What about the Mac’s firewall? The Mac is an ultra secure machine, right?

The lesson begins. Yes, the Mac is ‘relatively secure.’ That means it’s not easy to break in from the outside (leaving your Mac on in the office is another story) because the firewall can be set to limit open ports and reduce chances of breakins.

Let me point out that total security costs more and may not be possible, so we’re only dealing with the relative security. The kind that makes us feel OK and usually keeps our Macs safe.

The Mac’s built in firewall shuts down almost all traffic into your Mac. Email is OK. Web browsing is OK. Mac to Mac is OK. iChat AV, music and photo sharing, if you want it.

The IPFW, as it’s called, does a good job of keeping out intruders who are hammering on your door. Yes, outside intruders are hammering on your Mac’s door but you don’t know it.

Our Mac360 sys admin says a number of sites have thousands of break in attempts. Daily. Those are sites running on Mac OS X Tiger Server. If your Mac is connected to the Internet via DSL or broadband cable, chances are good your Mac is getting hammered.

The problem is knowledge. Or lack of. Mac OS X Tiger doesn’t do a good job of logging firewall activity; capturing info about those who are attempting to probe your Mac’s defenses and find a weakness.

Fortunately, there aren’t many weaknesses if you’ve locked your Mac down tight. Still…

Click System Preferences, click Sharing, click the Firewall tab, click off everything. Click the Advanced button, click on everything. That’s as far as it goes (unless your have a wireless router, or cable modem router, and so on—every layer helps).

A hardware firewall could cost you $100 and will be difficult to configure. It could also cost much more and still be difficult to configure.

I decided to check out other security options for Mac OS X and I wasn’t happy with what I found. Click Here for a list of Mac applications to help secure OS X. It’s not a pretty site.

Some utility applications don’t work with Tiger or Panther. Some haven’t been updated in ages. Others add a little security as part of a package of other features. It’s safe to say that Mac users don’t worry much about security so there’s not much of a market for security applications for the Mac.

‘Only the paranoid survive.’

Getting more paranoid by the minute, I tried out two Mac firewall applications that looked promising. DoorStop and Brickhouse.

Of the two, DoorStop X is the easiest to set up and use. Turn off your Mac’s built in firewall, start DoorStop. Follow directions. $49 gets you more firewall functionality than Mac OS X’s firewall, and more logging information so you can see who’s banging on the door and take steps to prevent it.

The DoorStop publishers have been around awhile and have years of Mac security experience. The comfort zone is high, though mucking around a firewall may not be for everyone.

Then there’s Brickhouse. You gotta love the name. There’s more functionality with Brickhouse, including firewall filters, logging, NAT port forwarding, scriptable control of the firewall, and so on.

The $25 for Brickhouse gets you more features than DoorStop though less warm and fuzzies. Brickhouse hasn’t been updated in awhile, there’s no support forum, and documentation is skimpy.

These are not the only firewall apps for the Mac. The weekly Warm and Fuzzy Award would go to DoorStop X, though there’s more capability in Brickhouse. As usual, your mileage may vary.

Do you need to look at more security for your Mac? Yes. Why? For one, you can never be too secure. And, two, ‘only the paranoid survive.’

Click Here to see reader comments on this article in the Mac360 Forums.

Post your own Comment.

Classy Mac360 Photo By Jack D. Miller | I work for a US technology company in Paris, France and switched from Windows PCs to the Mac 12 years ago. My wife said it would improve our marriage, give us more friends, and reduce stress. It did.

• Email This Article • Follow Mac360 on Twitter
• Posted in the Tips and Tricks Section

Off Topic Note: Need more Mac software reviews? Check out Page 2 for encore articles. Help support Mac360. Order your copy of Mac OS X Snow Leopard from Mac360 through Amazon. Snow Leopard is $29 for the Single User Upgrade, and only $49 for the 5 User Family Pack Upgrade.

Mac360 posts daily Mac updates on Twitter, too. If you Twitter, give Alexis, Bambi, or Ron a tweet and follow Mac360 on Twitter to get daily Mac tips and tricks.