Apple Firewall Vs a paid for Firewall (internet security)

Should one buy a software firewall like Intego ?

Not if one wants one's Mac to work, no. Installing Intego's "Net Barrier" and "Virus Barrier" products resulted in the worst performance degradation of any similar products I tested. No knowledgeable Mac user would consider it even remotely acceptable. Read below the horizontal line that follows for general information regarding non-Apple "Internet security" or similarly categorized "anti-virus" and "anti-malware" utilities.

The function of a "firewall" is frequently misunderstood. Not surprising, since it is also woefully misnamed. There is no fire and there is no wall. If the Mac you are using is a client on a LAN managed by a router that you own and control, and you share that LAN only with users you know and trust, enabling the application firewall will only result in your own inconvenience. It is not intended for, and cannot be relied upon to protect your Mac from malware intrusion.

There will always be threats to your information security associated with using any Internet - connected communications tool:

1. You can mitigate those threats by following commonsense practices
2. Delegating that responsibility to software is an ineffective defense
3. Assuming that any product will protect you from those threats is a hazardous attitude that is likely to result in neglecting point #1 above.

OS X already includes everything it needs to protect itself from viruses and malware. Keep it that way with software updates from Apple.

A much better question is "how should I protect my Mac":

• Never install any product that claims to "clean up", "speed up", "optimize", "boost" or "accelerate" your Mac; to "wash" it, "tune" it, or to make it "shiny". Those claims are absurd.

  Such products are very aggressively marketed. They are all scams.

• Never install pirated or "cracked" software, software obtained from dubious websites, or other questionable sources.
  • Illegally obtained software is almost certain to contain malware.
  • "Questionable sources" include but are not limited to spontaneously appearing web pages or popups, download hosting sites such as C net dot com, Softonic dot com, Soft pedia dot com, Download dot com, Mac Update dot com, or any other site whose revenue is primarily derived from junk product advertisements.
  • If you need to install software that isn't available from the Mac App Store, obtain it only from legitimate sources authorized by the software's developer.
• Don’t supply your password in response to a popup window requesting it, unless you know what it is and the reason your credentials are required.
• Don’t open email attachments from email addresses that you do not recognize, or click links contained in an email:
  • Most of these are scams that direct you to fraudulent sites that attempt to convince you to disclose personal information.
  • Such "phishing" attempts are the 21st century equivalent of a social exploit that has existed since the dawn of civilization. Don’t fall for it.
  • Apple will never ask you to reveal personal information in an email. If you receive an unexpected email from Apple saying your account will be closed unless you take immediate action, just ignore it. If your iCloud, iTunes, or App Store account becomes disabled for valid reasons, you will know when you try to buy something or log in to this support site, and are unable to.
• Don’t install browser extensions unless you understand their purpose:

  Go to the Safari menu > Preferences > Extensions. If you see any extensions that you do not recognize or understand, simply click the Uninstall button and they will be gone.

• Don’t install Java unless you are certain that you need it:
  • Java, a non-Apple product, is a potential vector for malware. If you are required to use Java, be mindful of that possibility.
  • Java can be disabled in System Preferences.
  • Despite its name JavaScript is unrelated to Java. No malware can infect your Mac through JavaScript. It’s OK to leave it enabled.
  • The same precaution applies to Adobe Flash Player. Newly discovered Flash vulnerabilities appear almost weekly.
• Beware spontaneous popups: Safari menu > Preferences > Security > check "Block popup windows".
  • Popup windows are useful and required for some websites, but unsolicited popups are commonly used to deceive people into installing unwanted software they would never intentionally install.
  • The mere appearance of a popup itself does not infect your Mac with anything malicious, but many contain resource-hungry code that will slow down Internet browsing.
  • If you ever receive a popup window indicating that your Mac is infested with some ick or that you won some prize, it is 100% fraudulent. Ignore it.
  • The same goes for a spontaneously appearing dialog insisting that you upgrade your video player right this instant. Such popups are frequently associated with sites that promise to deliver "free" movies, music, or other copyrighted content that is not normally "free".
  • If you find Safari has locked up, leaving you unable to dismiss the page, read Phony "tech support" / "ransomware" popups and web pages for the solution.
• Ignore hyperventilating popular media outlets that thrive by promoting fear and discord with entertainment products arrogantly presented as "news". Learn what real threats actually exist and how to arm yourself against them:
  • The most serious threat to your data security is phishing. Most of these attempts are pathetic and are easily recognized, but that hasn't stopped prominent public figures from recently succumbing to this age-old scam.
  • OS X viruses do not exist, but intentionally malicious or poorly written code, created by either nefarious or inept individuals, is nothing new.
  • Never install something without first knowing what it is, what it does, how it works, and how to get rid of it when you don’t want it any more.
  • If you elect to use "anti-virus" software, familiarize yourself with its limitations and potential to cause adverse effects, and apply the principle immediately preceding this one.
  • Most such utilities will only slow down and destabilize your Mac while they look for viruses that do not exist, conveying no benefit whatsoever - other than to make you "feel good" about security, when you should actually be exercising sound judgment, derived from accurate knowledge, based on verifiable facts.
• Do install updates from Apple as they become available. No one knows more about Macs and how to protect them than the company that builds them.

Summary: Use common sense and caution when you use your Mac, just like you would in any social context. There is no product, utility, or magic talisman that can protect you from all the evils of mankind.

or is it a two way firewall that also prevents the software installed phoning home at will without notify you or having that option to say yes or no upon been notified?

It does NOT block out-bound traffic. Nor does your home router.

If you really want to stop Phone Home traffic, then look at LittleSnitch. NOTE, you will find that LittleSnitch will initially drive you crazy because lots of things check the internet for things, including software updates for the apps you use, or to get data, etc...

OS X has two built-in software firewalls, the very basic one you see in System Preferences -> Security & Privacy generally referred to as the Application Firewall, and a much more powerful one called PF or pfctl.

PF is also used in other operating systems and I believe even used as the basis for some firewall 'appliances'.

For those people needing more control than the one in Security & Privacy you should look at pf as an option.

See OS X: About the application firewall - Apple Support

See OS X Server: How to enable the adaptive firewall - Apple Support

Note: The second link above merely shows how to turn it on, you would have to read further on how to configure pfctl to customise it to your needs.

By the way, I would not bother buying any third-party software firewall. If you are not happy with Apple's software solutions then look at a hardware Firewall.

Hi John Galt,

My name is Karla and I just wanted to thank you for what you wrote. It's info that I really needed to read. I've fallen prey before and had to learn the hard way. I even just recently purchased Kapersky Internet Protectecion. I've purchased 'protectors' like Secure Line, Kapersky and non apple apps for Mac that protect my Facebook account. I reacted in response to online fear, but you're correct, a dose of common sense was a great reminder for me.

Thankyou!

Karla W.

Thank you for your kind words Karla, it is very gracious of you to write.

I reacted in response to online fear ...

Most people will. It is a highly effective tactic. Knowledge conquers fear, and knowledge is available to anyone seeking it.

zenneon32 wrote:

Thanks for the LittleSnitch advice Bob. I have looked at that one in the past an as you mentioned I found LittleSnitch bothersome in getting in the way of dong things on the internet. A great free alternative no doubt if your happy to use this software.

Not Me. I played with LittleSnitch when it first became available (too many years ago), and I found it way too annoying. But there are those that like it. I'm just not one of them.

But if you want to stop unsolicited out-bound-phone-home actions, I think LittleSnitch is the easiest approach.

If your talking about a Mac being run for normal user applications then Little Snitch is a nice simple way of blocking outgoing traffic. If however your talking about a Mac server then it is not suitable. As I previously mentioned OS X includes two firewalls and of those two the pfctl firewall can be configured to block outgoing traffic but it needs far more work on your side to set this up.

As mentioned pfctl is even used to create full-blown 'appliance' i.e. firewall in a box type products it is so flexible and powerful.

Unless you're running a server for remote access, you do not need one.

If you are using a home router, it is acting as a firewall preventing unsolicited connections to your iMac.

What problem do you expect a firewall to solve?