Best firewall for Mac?

Posted:
in General Discussion edited January 2014
Is Zonealarm available for Mac? If not, what's the best firewall for Mac?



And please don't tell me I don't need protection and Mac is so secure, ect. I know about this new virus for Mac and I'm not taking ANY chances with an almost $2000 investment.



I'm buying Tech Pro Tools 4 for a utility and Norton Anti-Virus for virus protection. Now, what about a firewall?

Comments

  • Reply 1 of 19
    Use the built-in firewall, it is robust. If you want to be a "power-user" learn the syntax of the Unix command line for the firewall. You can find it at any BSD Unix site.



    P.S.> Get Mc Affee Virex instead of Norton Antivirus. Norton products are not really polished for the Mac.
  • Reply 2 of 19
    it's not a virus....



    And in any case, a virus will not ruin your 2000 dollar investment. Just what's inside of it



    Intego's Firewall is pretty good, makes the page loading speed go kinda slow if you turn on every filter possible on high...
  • Reply 3 of 19
    zozo Posts: 3,117member
    my 2500$+ "investment" is connected directly to a DSL 24/7 without firewall nor antivirus nor behind a router with builtin firewall crap and such. I once installed an antivirus but I dont think its even been updated since 2003. Heck, I don't even know if its working.



    That new "virus" is bogus.



    You can sleep easy
  • Reply 4 of 19
    amoryaamorya Posts: 1,103member
    Quote:

    Originally posted by dferigmu

    Is Zonealarm available for Mac? If not, what's the best firewall for Mac?



    And please don't tell me I don't need protection and Mac is so secure, ect. I know about this new virus for Mac and I'm not taking ANY chances with an almost $2000 investment.



    I'm buying Tech Pro Tools 4 for a utility and Norton Anti-Virus for virus protection. Now, what about a firewall?




    OK, a few points.
    • There are still no viruses for MacOS X

    • That doesn't mean you don't have to worry about security

    • A firewall is essential. Firewalls are not related to viruses - they protect against hackers

    • There are malicious programs for X - they just can't replicate, hence not being viruses

    On the firewall front, I'm perfectly happy with OSX's built in firewall. If set up properly, it can make your computer incredibly secure. If you want more control, however, another firewall or GUI for the built-in one might be appropriate.





    Amorya
  • Reply 5 of 19
    zozo Posts: 3,117member
    but why are firewalls essential on OSX? If it's "impossible" to hack it, then why bother?
  • Reply 6 of 19
    there's never anything that is "impossible."



    Hackers can still get into the computer if they wanted to, and since mac os has been conforming with standards it makes it even easier. Besides, you may "accidently" or "unknowingly" allow things to go through the computer just by visiting web pages.
  • Reply 7 of 19
    zozo Posts: 3,117member
    that why I put impossible between quotes. Of course its not impossible.



    I was just wondering WHAT can anyone actually do if they have access to all your ports (like not having a firewall up).



    It seems that in Windows your PC is fvcked in an instant with worms, backdoors, malware, virusses, etc that get installed on your PC in an instant. But what can happen on Linux/Unix/OS X?
  • Reply 8 of 19
    Quote:

    Originally posted by dferigmu

    Is Zonealarm available for Mac? If not, what's the best firewall for Mac?



    And please don't tell me I don't need protection and Mac is so secure, ect. I know about this new virus for Mac and I'm not taking ANY chances with an almost $2000 investment.



    I'm buying Tech Pro Tools 4 for a utility and Norton Anti-Virus for virus protection. Now, what about a firewall?




    Norton is craptastic. You might as well join .Mac and get Virex for free. But yeah, other posters are right, I have never seen a single spyware/virus/etc. on my Mac. In MacOS X, to install anything admin/root-level, you have to explicitly type in your password to authorize. That alone makes it a lot harder, malware can't just install DLLs, ActiveX controls, etc. like you can on a PC silently without your explicit consent.



    As far as firewalls, the built-in firewall along with program called Little Snitch will do everything that ZoneAlarm will do (Little Snitch monitors what apps try to connect to).
  • Reply 9 of 19
    dobbydobby Posts: 797member
    Quote:

    Originally posted by ZO

    It seems that in Windows your PC is fvcked in an instant with worms, backdoors, malware, virusses, etc that get installed on your PC in an instant. But what can happen on Linux/Unix/OS X?



    Linux/Unix/OSX = unix. Windows is designed differently.

    Part of the windows design seems to be poor authorisation checking for stuff only an admin should be doing.

    On the positive side it runs MS Office really well.



    Unix also has flaws but its inherent design doesn't lend itself to the scale of vulnerabilities that windows has.

    Its a bit like smtp. Its great for e-mail until people take advantage of its inherent flaws which are no proper authentication which is why spam is so prolific. Get rid of SMTP and us X.400 and you will reduce spam by 80% due to the fact you can't mimic other peoples addresses etc (you would probably want to use something a bit better than X.400 as well).



    See the link below for some interesting reading regarding system designs MS/Unix.http://www.joelonsoftware.com/articles/APIWar.html



    Dobby.
  • Reply 10 of 19
    And I wouldn't buy anything from Intego.



    There are 'rumours on the internets' (including MacNN forum posts) connecting them to the 'virus' such that some folks are suggesting not just FUD marketing, but that they may have encouraged its development.
  • Reply 11 of 19
    airslufairsluf Posts: 1,861member
    Kickaha and Amorph couldn't moderate themselves out of a paper bag. Abdicate responsibility and succumb to idiocy. Two years of letting a member make personal attacks against others, then stepping aside when someone won't put up with it. Not only that but go ahead and shut down my posting priviledges but not the one making the attacks. Not even the common decency to abide by their warning (afer three days of absorbing personal attacks with no mods in sight), just shut my posting down and then say it might happen later if a certian line is crossed. Bullshit flag is flying, I won't abide by lying and coddling of liars who go off-site, create accounts differing in a single letter from my handle with the express purpose to decieve and then claim here that I did it. Everyone be warned, kim kap sol is a lying, deceitful poster.



    Now I guess they should have banned me rather than just shut off posting priviledges, because kickaha and Amorph definitely aren't going to like being called to task when they thought they had it all ignored *cough* *cough* I mean under control. Just a couple o' tools.



    Don't worry, as soon as my work resetting my posts is done I'll disappear forever.

  • Reply 12 of 19
    airslufairsluf Posts: 1,861member
    Kickaha and Amorph couldn't moderate themselves out of a paper bag. Abdicate responsibility and succumb to idiocy. Two years of letting a member make personal attacks against others, then stepping aside when someone won't put up with it. Not only that but go ahead and shut down my posting priviledges but not the one making the attacks. Not even the common decency to abide by their warning (afer three days of absorbing personal attacks with no mods in sight), just shut my posting down and then say it might happen later if a certian line is crossed. Bullshit flag is flying, I won't abide by lying and coddling of liars who go off-site, create accounts differing in a single letter from my handle with the express purpose to decieve and then claim here that I did it. Everyone be warned, kim kap sol is a lying, deceitful poster.



    Now I guess they should have banned me rather than just shut off posting priviledges, because kickaha and Amorph definitely aren't going to like being called to task when they thought they had it all ignored *cough* *cough* I mean under control. Just a couple o' tools.



    Don't worry, as soon as my work resetting my posts is done I'll disappear forever.

  • Reply 13 of 19
    Quote:

    Originally posted by dobby

    ...Its a bit like smtp. Its great for e-mail until people take advantage of its inherent flaws which are no proper authentication which is why spam is so prolific. Get rid of SMTP and us X.400 and you will reduce spam by 80% due to the fact you can't mimic other peoples addresses etc (you would probably want to use something a bit better than X.400 as well).



    See the link below for some interesting reading regarding system designs MS/Unix.http://www.joelonsoftware.com/articles/APIWar.html



    Dobby.




    Good read anyway



    Once "Email" was THE KILLER application to make "Internet" commonly known and succesfully adopted by average people.

    Reason No 1: Ease of use. Litterally everyone (nearly) is able to set up an email client.



    Granted, time has changed and the smpt protocols are inherently weak. But also i am pretty much sure that every smpt successor can be hijacked easily for bad.



    PS: Though i'd be glad if the spam sponge dried out 50% at least
  • Reply 14 of 19
    pijupiju Posts: 1member
    there is an opensource ipfw GUI configurator for handling ipfw on mac osx



    check out http://www.hanynet.com/noobproof/



    its free!



    sometimes kernel level firewall is better than application level.

    it just work, with no fancy popup box alert. but you still can do realtime monitoring with some UNIX commands.
  • Reply 15 of 19
    Best firewall for a Mac is the same as the best firewall for a PC, a good router.
  • Reply 16 of 19
    Hackers can still get into the computer if they wanted to, and since mac os has been conforming with standards it makes it even easier. Besides, you may "accidently" or "unknowingly" allow things to go through the computer just by visiting web pages.
  • Reply 17 of 19
    hill60hill60 Posts: 6,992member
    Why don't you test what you already have?



    Try the Shields Up test on this site



    ----------------------------------------------------------------------



    GRC Port Authority Report created on UTC: 2010-01-19 at 11:29:33



    Results from scan of ports: 0-1055



    0 Ports Open

    0 Ports Closed

    1056 Ports Stealth

    ---------------------

    1056 Ports Tested



    ALL PORTS tested were found to be: STEALTH.



    TruStealth: PASSED - ALL tested ports were STEALTH,

    - NO unsolicited packets were received,

    - NO Ping reply (ICMP Echo) was received.



    ----------------------------------------------------------------------
  • Reply 18 of 19
    quadra 610quadra 610 Posts: 6,757member
    Just use what comes with OS X and make sure your router is configured properly.



    You don't need anything else.



    Winblows 7 is selling well (anything would, after Vista) and junk netbooks pervade the market. You've got nothing to worry about.
  • Reply 19 of 19
    mythinkmythink Posts: 1member


    I Use Symantec Endpoint I purchased the 5 user license to cover both PC and Mac's. Don't use McAfee or Norton they both have lot's of issue Endpoint is the Comercial software for Business and doesn't have a yearly subscription. their are various sites were you can get a really good deal. I spent about the same you would for a single user license in the store. The Mac Edition I belive uses OSX Firewall since it does an execellent job. every once in a while I may get a pop-up just get the address and ad it to the hosts file like this


     


    in terminal type the following:


     


    sudo vi /etc/hosts


     


    <enter your password>


     


    <scroll down to the bottom and Type "A" this enter edit mode at end of line>


    <press enter for new line>


     


    127.0.0.1   www.domain.com


     


    <ESC :wq!  <-- this to escape edit mode and save and quit>


     


    you do the above and you will no longet get pop up from the designated site.

Sign In or Register to comment.