macOS Firewalls

Discussion in 'all things Mac' started by bellgamin, Jan 16, 2021.

  1. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,339
    Location:
    Hawaii
    I am a soon-to-be MAC user, awaiting delivery of my new MAC Air laptop, with Big Sur OS, o/a Jan. 27. In the meantime I have been reading up on security, especially firewalls.

    As you all know, Windows Operating System (winOS) has a very effective firewall (FW) built right into itself. So does macOS.
    • As delivered, the winOS FW is enabled. winOS does not make it easy for the user to disable its FW.
    • Unlike Windows, the firewall in macOS, as delivered, is disabled. It is up to the user to enable it.
    WHY is macOS delivered with its FW disabled? I am still pondering that question. So far, the best comments I have found about this issue are in the HowToGeek's article at HERE. That article deals with several issues including:
    • Why macOS FW isn't enabled by default
    • Downsides of FWs
    • Why you might want to enable macOS FW
    • ==>How to enable & configure macOSFW
    As you all know, there are a several 3rd party FWs for winOS. So far I have uncovered only two for macOS:
    • Lulu: see HERE and HERE. Lulu is a free "front-end" for macOS FW -- like Windows Firewall Control is for winOS FW.
    • Little Snitch: see HERE and Here. Little Snitch is a not-free stand-alone FW for macOS. (While there are stand-alone FWs for winOS, such as Comodo's, they are all free, as far as I know.)
    I would VERY much appreciate comments and/or answers to the following questions:
    • Q1: Besides Lulu & Little Snitch, are there any other 3rd party FWs for macOS?
    • Q2: Given that I possibly will NOT run any anti-virus on my MAC***, should I enable the macOS FW AND/OR should I run a 3rd party FW?
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    *** For those interested in WHY MACs don't need much added security, I suggest reading THIS article, et alia.
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,385
    Location:
    The Netherlands
    I didn't know that the firewall wasn't enabled in the macOS, sounds like a bad idea to me. On the other hand, without any third party tools, I believe that the Windows Firewall will also allow outbound connections. But anyway, you can also check out NetBarrier X9, but I believe it's integrated into Mac Internet Security X9, it's a bit unclear if you can stil use the standalone version without the AV.

    https://www.intego.com/antivirus-mac-internet-security
     
  3. Logan5

    Logan5 Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    129
    Location:
    The Dark Side Of The Moon
    Hi,

    I have been using Mac's for 11 years now, but no idea why the FW is not enabled by default. But is is very easy to enable. I used Little Snitch for many years and found it to be a very good FW, albeit a little heavy on the alerts. I've had my new M1 MacBook Pro for a few weeks now and decided to put LULU on (as well as a few other of Objective-See's free tools). So far I really like LULU and its default settings.

    Some other FW's you can try are (I have not tried any of them)...

    http://www.oneperiodic.com/products/handsoff/

    https://www.murusfirewall.com

    https://radiosilenceapp.com

    I have also used an AV (Bitdefender) since my first Mac. I came from the Windows world and just cannot see not running an AV. I have never seen a performance hit while using Bitdefender. I also have Malwarebytes installed (free version) and occasionally will run a scan with it.

    I would recommend running a 3rd party FW and a AV. Just my 2 cents :)

    Jim
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,385
    Location:
    The Netherlands
    Hands Off! and Radio Silence look pretty cool. And Hands Off! will even protect files but I do wonder if these apps can also work in silent or auto-block mode, too many alerts is never a good thing.
     
  5. Logan5

    Logan5 Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    129
    Location:
    The Dark Side Of The Moon
    If I end up not liking LULU I will try Hands Off or Radio Silence, but I really think LULU will end up being all I need.

    Also if you are looking for something that protects files and are going to use an AV, Bitdefender has an option where you can protect files/folders.

    Jim

    Screen Shot 2021-01-20 at 13.36.08.png Screen Shot 2021-01-20 at 13.34.01.png
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,385
    Location:
    The Netherlands
    I must say that Bitdefender seems to have a quite simple GUI, I kinda like that. BTW, it would be cool if you could allow apps to access only certain folders, haven't found an app on Windows who can do that. With most apps it's an "all or nothing" approach at the moment.
     
  7. Logan5

    Logan5 Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    129
    Location:
    The Dark Side Of The Moon
    I have very good luck with Bitdefender and have not seen any system performance hit.

    I don't recall any apps like that but is an interesting thought, I may have to look around for one.

    Jim
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,385
    Location:
    The Netherlands
    Yes, for example with SpyShelter you can protect folders, but if some app asks for reading/modifying permission, it will get access to ALL protected folders. Makes sense to give this permission to Win Explorer, but it makes less sense to give it to some not fully trusted download manager if you know what I mean.
     
  9. Logan5

    Logan5 Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    129
    Location:
    The Dark Side Of The Moon
  10. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    475
    Location:
    Dallas, TX
    Sandboxed apps on macOS (that is, most typically, apps purchased via the Mac App Store) by default only allow access to the app container directory and have to ask the user for permission to access other directories (see, for example, the App Sandbox in Depth article on developer.apple.com). For utilities that require broad file system access, this can be a little tiresome and such apps will instead ask for the user to enable the "Full Disk Access" entitlement under System Preferences > Security & Privacy > Privacy > Full Disk Access.
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,385
    Location:
    The Netherlands
    Yes this does sound kinda cool, I believe this works the same with UWP apps in Win 10. On the other hand, to me it's more about protecting only a couple of folders with important data, only trusted apps should be able to get access to them. But yes, it would be cool if apps could be designed in a way that they don't need full access to the file system, but it depends on the OS architecture.
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,385
    Location:
    The Netherlands
    Sorry forgot to reply, but yes I already knew about those tools. Would like to see more of these kind of specialized tools for the Mac, if you know any perhaps you can post them.
     
  13. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,082
    Location:
    North of the 38th parallel.
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,385
    Location:
    The Netherlands
    I'm sorry but I don't understand. What I meant is that I would like to know about tools similar to Process Explorer, AutoRuns, SpyShelter and AppCheck Anti-Ransomware for the macOS.
     
  15. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,406
    Back in the day I ran Intego NetBarrier on my PowerPC Mac. Now I run Lulu. Don't need additional security beyond it which is true for a UNIX computer. Just follow safe computing practice online and enjoy your Mac!
     
  16. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,406

    An AV is unnecessary because of the built in Guardian antimalware protection. It enforces Apple's App Store download policy by default and whether or not you keep it turned on, MacOS will flag any download that doesn't come from a trusted provider and block it from running. Its a lot more robust than what Windows has in responding to an unknown executable file. Chances of a Mac getting infected range from slim to none because of the strict Apple security.
     
  17. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,751
    Location:
    Toronto Canada
    Good article from HowToGeek. Loved it.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.