Is the built in firewall good enough to turn off Intego's or ESET's firewall?

If you are using a router, the router has its own firewall, and a software firewall is unnecessary.

You should have your own firewall + antivirus installed. Apple's main priority is to make computers not to protect you internet. This means that they probably don't try to hard with their firewall. I use Norton Internet Security and find that to have a great firewall.

jackm831 wrote:

You should have your own firewall + antivirus installed. Apple's main priority is to make computers not to protect you internet. This means that they probably don't try to hard with their firewall. I use Norton Internet Security and find that to have a great firewall.

Jack is certainly entitled to his own opinions, but not to his own facts.

There's nothing wrong with Apple's firewall, except that it's unnecessary most of the time.

If you are on a public network, like at your local overpriced coffee place, then turn on the Apple firewall in System Preferences > Security & Privacy > Firewall.

Again: if you are on your router at home, it already has a firewall, and you don't need a software firewall.

Third party antivirus software is of minimal utility on Macs, and Norton is some of the worst garbage one could ever put on a Mac, and always has been.

If your employer requires installing antivirus, but doesn't specify which one, then install a free one from the Mac App Store. A Mac App Store version would prevent an antivirus from doing any real harm performance-wise. That way, you can comply with the requirement without having to suffer the consequences of running antivirus.

Your comments about the firewall suggest that you are actually intending to run the antivirus. Don't do that.

A firewall really isn't what people think it is. From a consumer machine like a Mac, firewall software is mostly a "warm fuzzy" to make people feel good because they assume they should have one. If Apple didn't offer one, they might actually try to download some antivirus software and that would be awful. A firewall is a tool for servers. If you aren't providing any services, you don't need a firewall. The default settings of the Mac firewall allow remote connections to services, so what's the point? A firewall is a curious tool because it is completely useless with default settings. It has to be specially configured in order to do anything. It is far easier to just avoid providing public sharing services.

So for example, suppose you enable file sharing, and allow access by guests to certain folders. You want people on your local network to be able to access those files without having to enter a password. When configured as stated above, the firewall will allow that. Your router will prevent outsiders from accessing the files, whether the application firewall is on or not. But if your computer is portable and you connect it to an untrusted network such as a public hotspot, the firewall will still allow access to anyone, which is not what you want.

Now suppose you unknowingly install a trojan that steals your data and uploads it to a remote server. The firewall, no matter how it's configured, will not block that outgoing traffic. It does nothing to protect you from that threat.

Another scenario: Your web browser is compromised by a trojan. The trojan redirects all your web traffic to a bogus server. The firewall does nothing to protect you from this threat.

A final scenario: You're running a public web server. Your router forwards TCP connection requests on port 80 to your Mac, and the connections are accepted by the built-in web server, which is signed by Apple. The application firewall, still configured as above, allows this to happen. Now you download a different trojan, one that tries to hijack port 80 and replace the built-in web server. The good news here is that the firewall does protect you; it blocks incoming connections to the trojan and alerts you. The bad news is that you've been rooted. The attacker who can do all this can just as easily disable the firewall, in which case it doesn't protect you after all.

It might make a bit of sense to use the firewall if you're running trusted services on an unprivileged port; that is, a port numbered higher than 1023. Those ports can be bound by a process with no special privileges.

Here is a more realistic scenario in which you should enable the firewall. Your portable Mac has several sharing services enabled. You want those services to be available to others on a home or office network. When you're on those networks, the firewall should be off. When you move to an untrusted network, you can either turn off all the services, or enable the firewall to block them. Blocking is easier: one configuration change instead of several.

"Norton is some of the worst garbage one could ever put on a Mac, and always has been."

That statement folks is a understatement.