Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

humpbacktwale

macrumors regular
Original poster
Dec 20, 2019
204
33
Yeah, no...not sure who told you that, but that's patently false. If a system has been compromised, it doesn't matter whether or not you've punched any holes in the firewall because almost no home (or even small business) networks have any egress rules. Even if they did, threat actors are sufficiently clever nowadays that they'd find a way to piggyback their C2 traffic on the ports that are open.
Yes, and in that case it wouldn't be coming up in a dialog to allowing incoming connections, it would function the same as all other programs and initiate a connection from inside the network. This prompt is solely for incoming connections. Also every router, if the firewall is enabled, will block all external traffic unless a port has been opened. Hence the need for port forwarding in the first place. A compromise is completely different, and doesn't seem likely from what Obviouslynotmyuser stated. Or at least seems to be a separate issue from what everyone else is discussing.

If you could connect to someones device whenever you wanted, that defeates the purpose of firewalls, and if there was a compromise, the dialog wouldn't pop up. Also plenty of firewalls have egress rules by default, mac included.

Moreover, this happens to everything that isn't signed properly and check their own integrity. It will continue to happen even if you click allow.

Or would you not agree that, in this case, it is referring to whether you want the app to accept or deny incoming connections if they are made?

Edit: This, up until recently, specified that if the integrity was verified by the app itself, the dialog appears on every instance of the app. Seems that language is absent now, but I assume it still does this.
 
Last edited:

nottafanboi

macrumors newbie
Jul 11, 2022
2
2
Yes, and in that case it wouldn't be coming up in a dialog to allowing incoming connections, it would function the same as all other programs and initiate a connection from inside the network. This prompt is solely for incoming connections. Also every router, if the firewall is enabled, will block all external traffic unless a port has been opened. Hence the need for port forwarding in the first place. A compromise is completely different, and doesn't seem likely from what Obviouslynotmyuser stated. Or at least seems to be a separate issue from what everyone else is discussing.

If you could connect to someones device whenever you wanted, that defeates the purpose of firewalls, and if there was a compromise, the dialog wouldn't pop up. Also plenty of firewalls have egress rules by default, mac included.

Moreover, this happens to everything that isn't signed properly and check their own integrity. It will continue to happen even if you click allow.

Or would you not agree that, in this case, it is referring to whether you want the app to accept or deny incoming connections if they are made?

Edit: This, up until recently, specified that if the integrity was verified by the app itself, the dialog appears on every instance of the app. Seems that language is absent now, but I assume it still does this.

All I can say is that I've been in the infosec field for too long to believe that macOS doesn't have any vulns which would allow an attacker to defeat the protections you've mentioned. Windows has those same protections as well, yet anyone paying attention is already aware that multiple exploits have been disclosed which allow them to be defeated...sometimes with very little effort.

I'll leave you with this thought which has served me well in my years as a cybersecurity professional: there are two types of vulnerabilities - those that have been found/disclosed, and those that will.
 
  • Like
Reactions: foliovision

humpbacktwale

macrumors regular
Original poster
Dec 20, 2019
204
33
Yeah ok after reading some other posts on the mac stack exchange forum, it was definitely Privacy Badger causing this. Disabling it stopped the dialogue, and launching chrome without a network connection did as well. Absent from the background page that shows the extensions network traffic during that time was the traffic to check for updates when the dialogue did appear. The recent update of the extension a few days ago seems to have solved the issue.

They must have been checking the integrity themselves every time, which caused the dialogue to appear as macOS wasn't the one checking it.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.