Sequoia Default Firewall Rules-python3, ruby, remoted, shared, smbd allowing incoming connections

Hi PeaceInMind,

I believe we'd be concerned. I have experienced the same with my Mac Air M2, firmware resettled at the store, and further factory reinstalled twice. The issue that you've highlighted persists.

I've read Etresoft's proposals, sound reasonable, however, I've been unable to use my laptop because I l've yet to receive a satisfactory answer. My enquire was closed due to lack of evidence. I believe this issue should be investigated further.

Here is why:

The default setting of the Firewall is OFF. Not every MAC OS user knows about the function of the Firewall, most domestic routers are out of support, meaning not longer receive security patches. In addition, most home users fail to set basic security configurations on their home routers. This is evident by the number of routers using the default password as reported by Shohan.

it is the behaviour of those applications allowed through the Firewall that concerns me. For example, the first time, I tried to remove them from the allowed list, but they returned after shut down.

Eventually, I was able to remove them all. I believe that if the options are available they should be use, e.g., the firewall ON.

PeaceInMind wrote:

However, my question is about the default firewall rules setting on Sequoia.

Turn off the firewall. It causes nothing but problems.

Your Mac is on a local WiFi network. Unless you have specifically configured it to do otherwise, the WiFi modem will prevent any unsolicited outside connection from reaching your Mac. That means that any firewall you have on your Mac is essentially doing nothing.

I noticed that when I tried to turn on the firewall to block all incoming connections, there were these default firewall rules already.

This is just something new in Sequoia. Ignore it. Turn off the firewall. You don't want it.

Because the hacker left some sort a media player link in the upper right corner in the menu bar where the wifi status icon

That's common after playing some video. Sometimes a video ad plays all by itself. It's a bug in the operating system software that leaves that phantom icon in the menubar. Ignore it.

My credit score report companies notified me of my ssn being leaked into the dark web, and I called them up to confirm this.

Everyone's SSN has been leaked into the dark web.

In addition, I got locked out of my apple id account on my iPad pro and had to submit the original purchase receipt to Apple to request for the removal of the activation lock on it.

That's just the way it works.

One day, I couldn’t get onto any web site at all even though my cellular data was on. However, while I was talking to the Apple support person on a phone call, all of sudden, I could access the websites. At the same time, I noticed that the microphone notification turned up with an orange rectangle around it to indicate that it was used by some app/program other than phone.

That's normal for a cellular connection.

The hacker even sent me a text message on the night he hacked into all my Apple.

Everyone gets those. You are being asked to transfer money to a "βitcοiո wallеt"? Ignore it.

Typically, immediately after factory reset, I remove most built-in apps by Apple down to minimal and shut off all nonessential services and features. I also turned on the lockdown mode and used the vpn and even the sim pin and only allowed safari and phone to use the cellular data.

The best idea is to keep all values at their default settings. Your Apple device is in its most secure configuration when you first turn it on after opening the box. Every setting you change, every app you install - especially "security" apps, reduces your security.

However, nothing seems to be working. For example, it takes literally forever to get onto websites first time so as to see the crawling loading bar movement at the bottom of safari, which seems to indicate that the malware is redirecting my website request through some other illegit dns servers initially.

Turn off the firewall to fix that. Also change your Private WiFi setting to "fixed". If you have a VPN, turn that off too.

Whenever I try to do factory reset or change passwords for apple id or google accounts (BTW, all my google accounts flagged security warnings stating that my signing processes were attempted to be changed by an unknown device), the phone will overheat crazy and then it will calm down. BTW, Settings was using the battery for 6 hr 20 minutes in the past day.

You see what I mean? People get so freaked out about security on their Apple devices yet they continue to use Google. Make it make sense.

Second_Opinion_ wrote:

I've been unable to use my laptop because I l've yet to receive a satisfactory answer.

So what would you consider to be a satisfactory answer?

Not every MAC OS user knows about the function of the Firewall

That's a logical negation of a universal. It's like saying "not every cat is orange".

most domestic routers are out of support, meaning not longer receive security patches.

Most domestic routers are supplied by ISPs. As such, they are supported and do receive security patches from the ISP. But even so, when a devices gets old and no longer receives security patches, that does not automatically render it completely insecure. Software isn't an ancient monolith of insecure code that slowly becomes more and more secure each year. It is regularly rewritten. Most security patches actually fix bugs that were introduced relatively recently. Aside from really ancient devices, older devices that were regularly updated in their day are likely to be more secure than newer devices. And since old devices like that are relatively rare, they are less attractive targets for hacking in the first place.

In addition, most home users fail to set basic security configurations on their home routers. This is evident by the number of routers using the default password as reported by Shohan.

Again, some random fact republished on social media does not automatically make all home routers insecure. The default configuration for home routers, even those with default passwords, is to allow management only from local devices.

Here's a fact that doesn't get republished on social media. Most devices, including and especially Apple devices, are shipped with very secure default configurations. Technically it is true that newly found exploits may require security patches for optimum protection. However, that is a relatively minor risk. By far, the greatest risk is the end user changing those secure, default configurations, often based on something they saw on the internet. That's the big danger.

it is the behaviour of those applications allowed through the Firewall that concerns me. For example, the first time, I tried to remove them from the allowed list, but they returned after shut down.

That's another reason why people shouldn't bother to turn on the application firewall. In addition to doing nothing at all, it's also really buggy.

The sad fact is that the more people freak out about security issues, the more likely they are to install software made by malware developers.