Mac OS X Firewall

You don’t have to travel far or pay a fee to start protecting your Mac from break-ins. Take a quick trip to the Sharing pane in your Mac’s System Preferences, and there, with the click of a mouse button, you can turn on the built-in OS X firewall—and put a wall between you and the rest of the world.

OS X’s built-in firewall lacks the flash and sizzle of other firewall applications. It has no multi-colored gauges breaking down network traffic by type, and no alerts, beeps, or buzzes to warn of impending danger. But it’s there if you want it, running silently in the background and monitoring incoming traffic for potential danger.

The emphasis is on incoming . As it ships from Apple, the firewall does not monitor traffic that may be originating from your own computer. If your Mac gets possessed by a malware application that then attempts to attack or infect other computers via your Internet connection (a not-uncommon trick), OS X’s firewall won’t, by default, pay any attention. And, there’s no way to change this default setting from your System Preferences. To force the firewall to monitor outbound traffic, you must use Terminal’s command-line interface. For most users, that’s a scary undertaking.

With Tiger, Apple’s firewall has added three useful new features, which are all available by clicking on the Advanced button in the firewall pane. First, you can create a log of attempted network infiltrations. While this log will likely confuse network novices, those with a little technical expertise will find it useful.

Second, you can now enable Stealth Mode. Hackers often find vulnerable computers by querying every network port (essentially an unlocked door to your computer) for a given IP address and waiting for a response. If your computer replies, you’re a potential target. Stealth Mode tells your computer not to answer questions from strangers.

Finally, you can now configure the firewall to block User Datagram Protocol (UDP) traffic. UDP is a networking protocol used by some applications, including those that utilize VoIP and streaming media, as well as some online games. While this feature can help keep your Mac safer, it can also—in the hands of a novice—severely limit or disable network/Internet access.

Macworld buying advice

While Apple’s built-in firewall application lacks the flash and reporting capabilities of some firewall programs, it will still get the job done. For most users, who are simply looking for a way to protect personal data and avoid exposing their Mac to hackers with nefarious intentions, OS X’s firewall is enough.

[ Jeffery Battersby is a network analyst and a regular contributor to Macworld.]

Apple’s built-in firewall costs nothing and starts with the click of a button, but requires Terminal access and networking know-how to access all of its features.

Subscribe to the Help Desk Newsletter

Comments