Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Firewall for mac

My building is installing a WI FI set up, which all owners will access by the same Password.

I don't know if I have a Firewall, doubt it, but should I get one, and what is recommended.


Thanks

Mac Pro, Mac OS X (10.7)

Posted on Feb 7, 2013 11:34 AM

Reply
15 replies

Feb 7, 2013 11:48 AM in response to pulpman

OS X has a built in firewall.


The full features of the firewall (outgoing and incoming) are accessible via the Terminal (command line program) and thus complicated for most.


The incoming portion of the firewall is handled via the System Preferences > Security > Firewall with a easy graphical user interface with basic ability.


The full features of the OS X firewall can be accessed with a graphical user interface program using donationware software


NoobProof (for beginners) or


WaterRoof (for more advanced users)


http://www.hanynet.com/applications/index.html

Feb 7, 2013 12:34 PM in response to pulpman

pulpman wrote:


I found the system preferences and I do have the firewall turned on. Will this be sufficient to prevent viruses etc?


No.


And since your all on the same local area network, there really isn't much you can do if someone capable wants to be malicious.


Your incoming Firewall will assist protecting you from those trying to get into your machine, however you also need to make sure all your System Preferences > Sharing services are turned off.


You can install the free ClamXav to scan once in awhile for mostly Windows malware that doesn't affect a Mac.


http://www.clamxav.com/


Make sure to set a very good password for your machine, I would recommend something 20 random characters, letters and symbols in length.


A pain to remember, but a pain to crack which on a LAN they likely will do a man in the middle attack with a fake software update to get in if they wanted too, but it's harder to do than brute forcing your weak password.

http://howsecureismypassword.net/


Also they can mimic your MAC address of your wifi card, then fake theirs to match yours, connect to the router first and thus you can't connect.


There is software to randomize and rotate your MAC address so you appear as another to the router each time you want to connect.




As long as you trust everyone else on the LAN (local area network) and the admin of it, then you shouldn't have a problem.



You should use Firefox and the HTTS Everywhere add on, this will ask for a encrypted connection from every web site you visit, not all provide it, but many now do so people on the LAN can't watch what your doing online.


https://www.mozilla.org/en-US/firefox/new/


https://www.eff.org/https-everywhere

Feb 7, 2013 12:36 PM in response to Baby-Boomer-USofA

Like Baby Boomer said Macs don't get viruses. I would go to Safari>safari preferences>security>and unclick

Safari screen shot>security. Java, and unclick plug ins (User uploaded fileunless you need them for a site) which would be rare. Don't download any software, unless you go to manufactuers site for it, and never click on anything that pops up, just close it. All the best

Feb 7, 2013 12:45 PM in response to pulpman

pulpman wrote:


I found the system preferences and I do have the firewall turned on. Will this be suffficient to prevent viruses etc? Or do i need another system also?

You'll want to read up on what it is you're trying to prevent. Viruses are just a small part of the malware landscape. And viruses are the thing Mac users fear the least, since there are none. But you still have to be concerned about other types of malware (Trojan horses, man-in-the-middle attacks, phishing...), and a firewall is not the right solution for them all.


Also, the Mac firewall only blocks incoming intrusions. It will not prevent outgoing transmissions, such as if there is software on your Mac "phoning home." For that you need software like Little Snitch which was designed to filter outgoing traffic and has recently been upgraded to also filter incoming traffic. But you have to have some expertise to run it, since some less knowledgeable users become suspicious of traffic that is actually routine and end up screwing up their systems. (If you block unknown requests from 127.0.0.1 because you think it looks fishy, you basically disable all your networking).


No firewall can prevent phishing and social engineering. If you get an email with a bad link, no software will stop you from clicking that link. You have to know not to click on unknown links, you have to know how to spot a fake bank page so you don't type your password into it. It doesn't matter how strong and complex your password is if you submit it to a fake site so that they get to see your exact password anyway.


If you want to generally scan for viruses and some types of malware, you can use ClamXav, a free malware checker.

Feb 7, 2013 12:43 PM in response to Baby-Boomer-USofA

Baby Boomer (USofA) wrote:


Macs do not get viruses.


They did, but it's been awhile.


https://en.wikipedia.org/wiki/Category:Macintosh_viruses


Mac's do get viruses, but Windows ones that don't affect OSX (unless it's a program virus like a Excel macro ) and can send them to other Windows users on files they share, thus the ClamXav to scrape them off.


A Mac running Windows will get viruses in Windows for sure. 🙂



So to be more specific, it's OS X that hasn't gotten a virus in quite some time, but the sure did get trojans and backdoors recently, like Finfisher and Flashback. 😝



So Mac's have gotten malware recently and the Flashback botnet is still over 750,000 Mac's still supposedly. 😝

Feb 7, 2013 8:10 PM in response to ds store

ds store wrote:


So Mac's have gotten malware recently and the Flashback botnet is still over 750,000 Mac's still supposedly. 😝

I didn't realize anybody was still tracking that info since Flashback was declared extinct by at least two A-V labs. Do you recall where you heard/read this? I'd guess Dr. Web or Kaspersky?

Feb 8, 2013 10:37 AM in response to pulpman

The Sharing check boxes ds store mentioned, which are on your Mac, only affect sharing of items in your Mac or directly connected to your Mac with non-network cables. If you are using your Mac to share a printer, you must have Printer Sharing on. If your printer shares itself, or if your router shares your printer, then you don't need to turn on any sharing on your Mac.


Printer sharing from your Mac is sort of a last resort if your printer can't already be shared by your router or by itself.


I use the sharing services on my MacBook Pro...but only when I'm home. When I take my MacBook Pro out of the house, I turn off all sharing on my MacBook Pro to enhance security. And that includes sharing that is not part of the Sharing preferences, such as iPhoto and iTunes library sharing that you control from those applications. My printers are all network-capable, so they share themselves on my home network, and my Macs are simply clients that can see the printers on the network and use them.

Feb 8, 2013 10:55 AM in response to Network 23

Just as a rule, it is a good habit to turn off all sharing when you are done using your machine. You don't want to become non-chalant about anything. Just a good habit to get into. Other than that, network23 is correct. As a rule I leave all sharing off at all times, unless I ned them, then turn them off. Good habit to learn, certainly can't hurt if all sharing is off, possibly could if you forget or miss one that leaves you vunerable.


Just my habit.

Firewall for mac

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.