How Secure Is Your Mac? Do You Need A Firewall?

‘Only the paranoid survive.’ I don’t know who said that but the more I look at life connected to the Internet, the more there’s security in paranoia.

After all, if everyone is out to get you, paranoia is the right attitude to have. Is your Mac secure? Yes. And no. Do you need a firewall on your Mac? Yes.

I’m certain of that because Apple includes a very powerful firewall built in to Mac OS X. A firewall is basically a software application (or hardware running a software application) which limits access to your computer.

Incoming access. Outgoing access is a different story (more on that at another time). Who’s banging on the door of your Mac? You’d be surprised.

What got me thinking about security for the Mac is a situation our Mac360 sys admin ran into regarding what is known as ‘referral spam.’ He was complaining about a site he manages that gets just a few hundred visitors a day but gets hundreds of megabytes of referrer spam. Daily.

All those hits to a Mac suck up bandwidth and system resources. What about the Mac’s firewall? The Mac is an ultra secure machine, right?

The lesson begins. Yes, the Mac is ‘relatively secure.’ That means it’s not easy to break in from the outside (leaving your Mac on in the office is another story) because the firewall can be set to limit open ports and reduce chances of breakins.

Let me point out that total security costs more and may not be possible, so we’re only dealing with the relative security. The kind that makes us feel OK and usually keeps our Macs safe.

The Mac’s built in firewall shuts down almost all traffic into your Mac. Email is OK. Web browsing is OK. Mac to Mac is OK. iChat AV, music and photo sharing, if you want it.

The IPFW, as it’s called, does a good job of keeping out intruders who are hammering on your door. Yes, outside intruders are hammering on your Mac’s door but you don’t know it.

Our Mac360 sys admin says a number of sites have thousands of break in attempts. Daily. Those are sites running on Mac OS X Tiger Server. If your Mac is connected to the Internet via DSL or broadband cable, chances are good your Mac is getting hammered.

The problem is knowledge. Or lack of. Mac OS X Tiger doesn’t do a good job of logging firewall activity; capturing info about those who are attempting to probe your Mac’s defenses and find a weakness.

Fortunately, there aren’t many weaknesses if you’ve locked your Mac down tight. Still…

Click System Preferences, click Sharing, click the Firewall tab, click off everything. Click the Advanced button, click on everything. That’s as far as it goes (unless your have a wireless router, or cable modem router, and so on-- every layer helps).

A hardware firewall could cost you $100 and will be difficult to configure. It could also cost much more and still be difficult to configure.

I decided to check out other security options for Mac OS X and I wasn’t happy with what I found. Click Here for a list of Mac applications to help secure OS X. It’s not a pretty site.

Some utility applications don’t work with Tiger or Panther. Some haven’t been updated in ages. Others add a little security as part of a package of other features. It’s safe to say that Mac users don’t worry much about security so there’s not much of a market for security applications for the Mac.

‘Only the paranoid survive.’

Getting more paranoid by the minute, I tried out two Mac firewall applications that looked promising. DoorStop and Brickhouse.

Of the two, DoorStop X is the easiest to set up and use. Turn off your Mac’s built in firewall, start DoorStop. Follow directions. $49 gets you more firewall functionality than Mac OS X’s firewall, and more logging information so you can see who’s banging on the door and take steps to prevent it.

The DoorStop publishers have been around awhile and have years of Mac security experience. The comfort zone is high, though mucking around a firewall may not be for everyone.

Then there’s Brickhouse. You gotta love the name. There’s more functionality with Brickhouse, including firewall filters, logging, NAT port forwarding, scriptable control of the firewall, and so on.

The $25 for Brickhouse gets you more features than DoorStop though less warm and fuzzies. Brickhouse hasn’t been updated in awhile, there’s no support forum, and documentation is skimpy.

These are not the only firewall apps for the Mac. The weekly Warm and Fuzzy Award would go to DoorStop X, though there’s more capability in Brickhouse. As usual, your mileage may vary.

Do you need to look at more security for your Mac? Yes. Why? For one, you can never be too secure. And, two, ‘only the paranoid survive.’

Check out the daily list of our 9 Word mini-Reviews at NoodleMac, and Kate's daily in-depth Mac software reviews at PixoBebo.

Off Topic #58 - Do politicians use personal computers? Of course. We’ve heard Barack Obama prefers a Mac, while Hillary Clinton uses a Dell, though, apparently neither of the candidates can bowl. Does Obama’s potential vice president use a Mac? Even Clinton acknowledges Apple’s brand power but says she can’t afford a Mac. Maybe she’d win if she used a Mac.

Off Topic #23 - Mac OS X Leopard is now at version 10.5.2 which we’re proclaiming the best yet, though we expect version 10.5.3 soon. If you haven’t upgraded yet, don’t forget that Leopard is on sale at the Mac360 Store, and so are the latest Leopard books. If you plan to order Leopard or a Leopard tips book from Amazon, please consider using the Mac360 Store to place your order (it’s really Amazon). Click Here to look at the latest Leopard books.