I have been using Apple products for years and have never turned on the Firewall. I guess this is because the OS ships with that feature turned off by default. Should users be turning the Firewall on? Why is it not "On" by default?
MacBook Air (2020 or later)
Why is it not "On" by default?
Why do you think a network management tool should be turned on by default? Most people do not need to isolate parts of their network from certain devices or users.
Assuming you are connected to a network behind a NAT router, your Mac is already isolated from the Internet. The firewall would not provide any added isolation.
If you have need to enable multiple sharing services and occasionally connect to a public network (coffee shop, library, etc.), then enabling a firewall might be simpler than turning off all the sharing services. However, if you don't have any sharing services enabled, then there is no place for someone on that public network to "enter" your Mac. Turning on the Firewall would not provide any utility.
Why is it not "On" by default?
Why do you think a network management tool should be turned on by default? Most people do not need to isolate parts of their network from certain devices or users.
Assuming you are connected to a network behind a NAT router, your Mac is already isolated from the Internet. The firewall would not provide any added isolation.
If you have need to enable multiple sharing services and occasionally connect to a public network (coffee shop, library, etc.), then enabling a firewall might be simpler than turning off all the sharing services. However, if you don't have any sharing services enabled, then there is no place for someone on that public network to "enter" your Mac. Turning on the Firewall would not provide any utility.
Would you say, with that expectation, that the Firewall should be turned on (possibly by default) ?
Only if they turn on multiple sharing services and don't want to bother turning them off when they choose to connect to an unprotected network. But, even then, the probability of anyone managing to hack into your Mac is almost nil. The application firewall on macOS has likely never blocked a single hacking incident, but it has denied service to the user of the Mac.
Why bother trying to hack in through ssh when you can put javascript on a website that pops up a scary message about all of the bad things it found when it scanned your Mac and have them dial 1-800 LET ME HACK YOU.
There isn't a single piece of AV software or a firewall that will stop stupid.
Barney-
Thank you for the insight and a view I had not thought of. It seems as though a TON of users are on MBP/MBA and do not stay in a controlled environment behind a "known" firewall. Would you say, with that expectation, that the Firewall should be turned on (possibly by default) ?
Should the Firewall be turned on in OSX
