Dig through your Mac’s settings and you’ll find a firewall, turned off by default. Isn’t that insecure? Why would Apple be so irresponsible?
Don’t panic: this doesn’t mean your machine isn’t secure. The firewall in question lets you block incoming traffic to particular programs, meaning it’s only useful if there are programs on your computer that you’d like to restrict in terms of incoming information.
If that’s not the case, and if you use the Internet primarily behind a secure router, you probably don’t need to enable a firewall at all.
What Do The Experts Say?
A lot of general tech advice is really only true in particular situations – and “you need to have a firewall turned on or you’re not safe” is a good example of that. This isn’t to say that firewalls aren’t helpful – they can be, in some circumstances. But simply installing and turning one on isn’t going to be helpful in all cases, particularly if you don’t know how to configure it.
If none of this means anything to you, at all, you’re probably best just leaving the firewall turned off.
It’s possible I’m out of my depth here – I’m a software usability guy, not a security expert. Thomas Reed, on the other hand, knows what he’s talking about. He’s the longterm blogger behind The Safe Mac, a site that’s been documenting Mac security trends for nearly a decade. He argues that you don’t need a firewall on your Mac:
For the most part, the average user does not need a firewall. A firewall is not a magical solution to problems like malware and spam, and is not much use at protecting a system that is left unsecured.
My one-time colleague Chris Hoffman, writing for HowToGeek, came to a similar conclusion:
In summary, a firewall isn’t really necessary on a typical Mac desktop, just as it isn’t really necessary on a typical Ubuntu Linux desktop. It could potentially lead to more hassle with setting up certain network services. But, if you feel more comfortable with it on, you’re free to enable it!
This seems to be the consensus out there on the web: firewalls are great for power users, who understand what a firewall is for and know how to properly configure it to achieve what they want. For everyone else, enabling a firewall is unnecessary at best and infuriating at worst.
Still, if you want to turn a firewall on and configure it, you’ve got options. Let’s go over them.
Turning On Apple’s Firewall
Not all Mac users know this, but there’s been a built-in Mac firewall since Snow Leopard. You’ll find it in the System Preferences, under Security.
As we said, this is off by default. Turning the firewall on is easy:
If this option is greyed out, you’ll need to click the lock at bottom-left and enter your password before you can do this. Once you do you’ll be able to access additional options:
You can block particular applications from inbound requests. Note that you cannot stop applications from making outbound requests using this firewall, which is why many opt for more advanced options.
Other Mac Firewall Options
In addition to the firewall included with OS X, there are a selection of third-party tools that provide control over incoming and outgoing connections, as well as which software can send and receive information over the Internet.
Murus ($10) — A Better GUI for The Built-In Firewall
Apple’s built-in firewall is Packet Filter, a powerful firewall commonly known as “pf” and well-known to Unix users. The default GUI, outlined above, doesn’t give you access to many of pf’s features, which is where Murus comes in. For $10 this app gives you control over inbound and outbound requests, and a lot more.
There’s a free version to download if you want to get a feel for what’s offered, though you’ll need to pay up if you want control over outbound requests.
Little Snitch ($35) — Top-Class Firewall for OS X
Another popular Mac firewall is Little Snitch, which notifies you when any program is accessing the Internet and lets you decide whether they should have access or not. For $35 it’s not exactly cheap,
This is a popular product that packs in the attention to detail, so look into it if you’re seriously contemplating setting up a firewall or you specifically want easy, GUI control over individual applications.
Private Eye — A Free Network Monitor
If you like the idea of seeing which programs are using your Internet, but don’t necessarily think you need the full firewall experience, I highly recommend checking out Private Eye.
With this app you can monitor, in real time, which of your applications are accessing the Internet and what specific URLs they’re accessing. This has all sorts of uses, from figuring out whether your Mac has malware to working out which programs are using bandwidth constantly.
The Take-Away: Learn to Use Your Firewall
If you know how a firewall works, and are willing to take the time to configure it properly, go for it! Turning on the firewall won’t hurt anything, especially as most port ranges need to be opened manually if you are accessing the Internet via a secured router.
If you’re not sure, there’s no particular reason to turn it on. A firewall can add an additional layer of security, sure, but that doesn’t mean your system is any more vulnerable without one turned on.
Do you use a firewall with Mac OS X? Which one and why?
Image Credits: Fire ring Via Shutterstock