Firewall Software for Mac OS X: Best Options & Tips

[Moonbear]

Okay, as we were discussing cable vs. DSL internet, it occurred to me I should ask this question over here in software. What firewall software would folks recommend for a Mac running OS X (10.3.9, but I might want to upgrade to Tiger within the next year, so something that will work with my current OS but won't become obsolete when I upgrade is preferable...if that is an issue with any)? I would set up my internet to connect through airport, again, if that matters. I don't currently have anything since I just use dial-up, but I know if I'm going to be always connected, I need some form of firewall protection.

I'd especially appreciate recommendations of specific software, but otherwise, even information about what I should look for in firewall software would be helpful since I really don't know what I should be looking for and what all the different terminology means in terms of types of encryption, etc., and how to know what's relevant for my purposes, which is basically just to keep someone else from gaining access to my computer and using it for nefarious purposes.

 

[dduardo]

OS X uses a unix based firewall called ipfw which is damn good. It is a very sophiscated firewall compared to the junk windows xp provides.

If you want to manually configure it, here is the manual:

http://developer.apple.com/documentation/Darwin/Reference/ManPages/man8/ipfw.8.html

If you just want to turn it on, which is good enough for you, then follow these instructions:

http://helpdesk.its.uiowa.edu/firewall/instructions/macosx.htm

 

[Moonbear]

Thanks! I didn't even know I already had one. That's sure a lot easier than having to buy something new.

 

[russ_watters]

Frankly, for a pc on a home lan (airport is a home router, right?), you don't need a software firewall. The way a home router works acts as a nearly impenetrable firewall already. Just make sure you turn on wep encryption.

 

[Moonbear]

Airport is the wireless networking thing for macs. I know when I first set it up, it had 3 different types of encryption/password choices. When I move to a townhouse, I'll be changing whatever my current settings are to something that requires a login every time I use it so I don't end up with neighbors using my wireless. Right now that's not an issue because I have my airport set up so I do get signal out on my deck but it's pretty weak anyplace else outside my house, so I don't worry about what anyone can or cannot access. Okay, so WEP encryption it will be. I wonder if that's the one I picked randomly. Something I chose when setting it up required a 16 character password instead of the usual 8 character ones, and I'm not sure I remember what it was (I guess I don't choose easy to guess passwords since I can't even guess them sometimes...I can't count the number of times I've had to have passwords reset because I lose track of what I use.)

Unless the software firewall is going to slow things down or do something that will annoy me constantly, it probably won't hurt to turn it on.

 

[dduardo]

It doesn't hurt to have it and will be transparent to you since packets are monitored at the kernel level.

 

[russ_watters]

When I move to a townhouse, I'll be changing whatever my current settings are to something that requires a login every time I use it so I don't end up with neighbors using my wireless.

Generally, its just a password stored in your networking settings - so you don't enter it every time you connect.

Something I chose when setting it up required a 16 character password instead of the usual 8 character ones...

WEP comes in 64 or 128bit (8 or 16 characters). Some routers/computers use a password and the software generates the key, others require you to enter the entire hexidecimal key manually.

 

[russ_watters]

It doesn't hurt to have it and will be transparent to you since packets are monitored at the kernel level.

Granted. I try to keep my computers lean and mean, though.

 

[Moonbear]

Generally, its just a password stored in your networking settings - so you don't enter it every time you connect.

I might already have it set up that way then. It was so long ago that I set it up that I don't remember what I did at the time. (Do I sound like the ditzy blonde today or what? )

WEP comes in 64 or 128bit (8 or 16 characters). Some routers/computers use a password and the software generates the key, others require you to enter the entire hexidecimal key manually.

I'm going to take a wild guess that it's something software generated since I haven't seen anything anywhere to indicate to me there's a key somewhere I'd need to enter manually (I wouldn't even know where to find it to enter it)...so I'll hope that's the case.

 

[dduardo]

I tried wireless once but the performance wasn't up to snuff and ended up wiring the house with cat6 ethernet. I did have fun using one of my neighbors network for a short while.

 

[Moonbear]

I tried wireless once but the performance wasn't up to snuff and ended up wiring the house with cat6 ethernet. I did have fun using one of my neighbors network for a short while.

I only notice a difference between wireless and being wired if I start wandering too far from the base station where the signal gets weak, but I have to really try hard to do that (basically when I first got it, I wandered all over the house to see how far I could get signal and how it affected performance as I was choosing a location for the airport). I haven't had any trouble with it. I've known people with other types of wireless who have to keep resetting it, get interference (my one friend had issues between the wireless and a baby monitor...I think it was that the wireless made the baby monitor buzz constantly or something really annoying like that), or have problems with the connection dropping. Mostly I got it because I love sitting out on my deck in the spring and summer, and it was easier than running a phone line out my window, which is what I was previously doing. Plus, to me it defeats the purpose of having a laptop if I have to be tethered to a wall to connect to the internet.

Yeah, I know more than a few people who have used their neighbors' networks until their neighbors figured out they should put a password on their system, which is why I'm asking all these questions.

 

[FulhamFan3]

Frankly, for a pc on a home lan (airport is a home router, right?), you don't need a software firewall. The way a home router works acts as a nearly impenetrable firewall already. Just make sure you turn on wep encryption.

Most of the time that's true. For awhile I had my software firewall off because it would interfere with my home network. However it doesn't block say email/web viruses or programs already on your computer conneting to the outside. That's why I got zone alarm. It's the only firewall that tells me what is attempting to connect externally. For mac's however I don't think there's a problem with programs installing without permission.

 

[dduardo]

Even with NAT, pre SP2 windows xp would still be vunerable to sasser and other remote exploitable worms. It really depends on how sophisciated the router's firewall is. Look for stateful packet inspection when purchasing a router.