Please advice me what to check after a year without firewall

How are you connecting to the internet? Do you use a router (wifi or hardwired)? If so, you are behind a firewall - the one on the router.

Also, many (although not all) cable and DSL modems include built in firewalls as well (when I had Sprint DSL many years ago, I could telent into my modem and set firewall rules right on the modem).

Jeroen Akershoek wrote:

I hope for some advice about what I should check and do to see if my system is not infected by anything. Is it possible to see if someone had secret access to my computer?

Not really, if something is installed it could be using the currently open ports you use to surf the net with.

Since the computer code is so complicated and it's impossible to detemine what you've installed over the years, your only real course of action is to backup all your personal user files folders off the machine and disconnect (not TimeMachine!, a regular drive), hold c boot off the 10.6.3 disk and use Disk Utility (under the Utilities menu) to Erase with Zero your entire hard drive, then install 10.6.3, reboot, log in with your same user name as before (important, different password is ok), Software Update to 10.6.8, then install all your programs from fresh sources and finally transfer your files back into their respective folders (Music, Pictures, Desktop, Documents, Movies, Sites, Public, not Library) from backup.

You won't get the free iLife you had on 10.4 install disks, you'll have to buy new copies.

Some software that squeeked by you may have to purchase again for 10.6.

Once you get a clean machine again, install LittleSnitch, it's a outgoing firewall that will catch a lot of those background outbound communications which you can allow or disallow either temporary or pernamently.

However LS is only a helper, the bad guys know about it and any trojan you've installed on your machine with the Admin password will disable LS the first chance it gets.

Also once you pernamently allow a program to gain access to the web, it stays that way, so lets say if you install Chrome, alllow it to connect to the web and Google decides to start spying on you, LS can't help you unless Chrome starts using another port to do so. But likely you would scratch your head and allow it because you trusted Chrome.

Please disregard the misinformation in this thread. You do not need to reinstall anything. Michael Black's post was correct. You have likely had a firewall the whole time.

Firewalls are greatly misunderstood. They don't prevent access, they facilitate it. A firewall is useful only for a server that needs to provide sharing services to one set of users (such as internal users) and a different set of services to another set of users (such as a web site for the internet). Any firewall on a desktop user machine is little more than a warm-n-fuzzy fell-good setting.

For optimal security, make sure you are behind a hardware firewall such as an Airport Express or Time Capsule. Some cheap DSL modems or cable modems are not routers, but most of them are. If your machine has an IP address of something like 192.168.0.4 or 10.0.0.3 then you are fine.

If you don't need to provide services like file sharing, then keep them turned off and turn them on only when you need them. The default setting for a firewall is to allow access to shared services. Providing some sharing service is (slightly) risky. It is a common misunderstanding that a firewall makes it more secure.

Jeroen Akershoek wrote:

I wasn't going to reinstall everything just like that.

That's the only way to be sure, it's highly unlikely that your not though as Mac's are usually pretty secure.

Just your machine hasn't been "fresh installed" in a very long time, anything could have happened over the course of those many years.

Jeroen Akershoek wrote:

But I guess that it is different for a laptop that is connected occasionally with wifi at an internet cafe?

When your using someone's else's network they can do just about anything just about, except perhaps invade your machine unless a exploit is found. They could mimick a legitiment update though.

If your not using a WPA2 (AES) encryption (WEP and WPA are compromised) at your local internet cafe, your content can be viewed (or hacked) via others in the same area. Typically "open" wifi spots are not-encrypted or have no passwords or encryption so it's easier for everyone to use, but a bad guy on the local network can do some damage or gleam info on your wifi trafffic. The system admin of the local network could be a evil person, or their machines compromised.

If you wish to use open wifi more security, what you can do is install Firefox web browser and the HTTPS EveryWhere add-on, this will automatically request a HTTPS session from every website you visit. Not all can provide it, but a lot do.

https://www.eff.org/https-everywhere

If you want even MORE security, you can use OpenDNS and software called DNSCrypt, it can encrypt your DNS requests (turns wwwGooglecom into a IP address so your computer can connect) so nobody can sniff what sites your visiting neither.

https://www.opendns.com/technology/dnscrypt/

The two above tips will help you be more secure from others on someone else's wifi network however it won't give you a green light to do anything you wish online.

Each computer has it's own MAC address which is communicated to the router so it can route packets to your machine, this can be recorded. The router connects to the ISP with a IP address, this is communicated to the websites visited and recorded, also by ISP's and DNS servers (google records searches and IP info too)

Specifics about your machine are communicated to websites so they can render webpages, as well as tons of tibbits of information, cookies, Flash cookies, HTML cookies and more stored in hidden spots on your machine.

So as you surf the web your leaving a huge trail behind you. The HTTPS and DNSCrypt only ensure communication between your machine and the sites you visit are more secure, not annoymonize you.

http://www.whatsmyip.org/more-info-about-you/

Jeroen Akershoek wrote:

Thanks Michael, I didn't think about that. I use a Thomson Gateway, so I guess I'm fine.

I'd say so - that will have what is pretty standard on all such devices, a NAT firewall with everything pretty much locked out by default. You would have had to log into the admin page and actually open up ports to have allowed things in (like letting internet games access ports ordinarily closed).

Having the OS X firewall on at home really is doing nothing as you are effectively tucked away in your own little subnet anyway.