Why is the firewall STILL turned off by default?

[0x100]

This really boggles my mind that the firewall is still turned off by default in Mac OS 10,10.

Even Apple recommends you to turn it on to keep your system safe, what's the deal with this?

https://www.apple.com/osx/what-is/security/
"Turn on a firewall to prevent other machines from accessing services running on your Mac."

What makes it so that Apple couldn't ship it with the firewall on? I think it would help more if the people who don't really know what a firewall does has it on without knowing and the people who needs it off for some things knows how to turn it off instead of how it is today were a lot of people walk around not even thinking about it.

 

[S.B.G]

They probably assume that the majority of users will be connected to a hardware firewall, like a wifi router.

The only time you'd need to turn the OS X software firewall on is if you are connecting to a raw Internet feed, like a direct cable modem connection, or are out at a cafe on public wifi.

 

[0x100]

They probably assume that the majority of users will be connected to a hardware firewall, like a wifi router.

The only time you'd need to turn the OS X software firewall on is if you are connecting to a raw Internet feed, like a direct cable modem connection, or are out at a cafe on public wifi.

…and what computers are commonly used at cafés? Hint, they're silver colored unix systems without firewalls.
I do still think the firewall should be turned on by default.

 

[S.B.G]

…and what computers are commonly used at cafés? Hint, they're silver colored unix systems without firewalls.
I do still think the firewall should be turned on by default.

I won't disagree with you on that. But, it is what it is I suppose. User beware.

 

[Paco II]

Security versus initial experiences. Does Apple want new customers settings up their new Macs and immediately start getting alerts about allowing apps to have access etc etc. Nope.

 

[Queen6]

Maximum operability, Apple needs to set up OS X to it can work with as few problems as possible, enabling the Firewall may block some users needs, the savvy will turn on the Firewall and Stealth Mode ASAP.

OS X is still relatively safe, equally enabling the Firewall and Stealth mode are steps in further strengthening the systems security.

Q-6

 

[ssmed]

Maximum operability, Apple needs to set up OS X to it can work with as few problems as possible, enabling the Firewall may block some users needs, the savvy will turn on the Firewall and Stealth Mode ASAP.

OS X is still relatively safe, equally enabling the Firewall and Stealth mode are steps in further strengthening the systems security.

Q-6

On a similar note
New users should turn off all Autofill options in Safari.

Apple could at least have a read me which shows people that these details of set-up need to be addressed with a new computer.

 

[Queen6]

On a similar note
New users should turn off all Autofill options in Safari.

Apple could at least have a read me which shows people that these details of set-up need to be addressed with a new computer.

I know, but you can see their point to some extent, just trying to keep it simple for the masses. Same as Filevault on SSD enabled Mac`s (10.10) wouldn't hurt to have an option and small explanation on set up.

Q-6

 

[S.B.G]

I know, but you can see their point to some extent, just trying to keep it simple for the masses. Same as Filevault on SSD enabled Mac`s (10.10) wouldn't hurt to have an option and small explanation on set up.

Q-6

What's with Filevault on Mac's with SSD all about?

 

[Queen6]

What's with Filevault on Mac's with SSD all about?

On 10.10 Filevault is brought up as an option on installation, with SSD, with HD it`s not. Apple could do the same for the Firewall.

 

[S.B.G]

On 10.10 Filevault is brought up as an option on installation, with SSD, with HD it`s not. Apple could do the same for the Firewall.

That must be for Apple-branded SSD's that come with it then, right?

I have Samsung SSD's in mine and I don't recall the the Filevault option during install.

 

[Queen6]

That must be for Apple-branded SSD's that come with it then, right?

I have Samsung SSD's in mine and I don't recall the the Filevault option during install.

Guess so, all my Mac`s that have SSD are Apple proprietary, all requested the Filevault option, the ones with "spinners" didn't. Makes sense with the SSD`s as there is no hit in real world performance.

Q-6

 

[S.B.G]

Guess so, all my Mac`s that have SSD are Apple proprietary, all requested the Filevault option, the ones with "spinners" didn't. Makes sense with the SSD`s as there is no hit in real world performance.

Q-6

I've enabled Filevault on all of mine, two with SSD's and one HDD. I really don't even notice the difference on the HDD, but then I don't do very intensive stuff with it either.

 

[MikhailT]

…and what computers are commonly used at cafés? Hint, they're silver colored unix systems without firewalls.
I do still think the firewall should be turned on by default.

Ha, a firewall wouldn't do much in a public network. You need to be using a VPN at the very least.

 

[Nermal]

On 10.10 Filevault is brought up as an option on installation, with SSD, with HD it`s not. Apple could do the same for the Firewall.

I got the option on my Early 2011 MBP with the original HDD.

 

[Queen6]

I got the option on my Early 2011 MBP with the original HDD.

K, maybe I just missed on the late 2011 MBP (15'), but also thought I saw some similar comments in a thread, equally it`s no "biggie" Back the original point, it would be better if Apple did the same with the Firewall, I have never had a problem, just very rarely an application will require access and then you get a pop up.

Same now as 10.10 better to prompt the user to turn on, at installation seems not reason not to, as Firewalls are common these days. Better to be safe than sorry, The OS X Firewall just adds another barrier, anyway personally I have always just turned it on ASAP as it has no cost or overhead.

Q-6

 

[0x100]

.

 

[Queen6]

Another thing that may be bad for non tech users is that when you enable the firewall the light in the setting turns yellow and there's a warning triangle like it's very wrong to do it. On Windows on the other hand it's green when you turn it on and you get warnings and red when you turn it off.

I know that windows is by nature less secure than Mac OS, but this could be confusing for the non tech users.

Non of my Mac`s show this, they are all in the "Green" equally can't remember exactly behaviour on initial set up.

Q-6

 

[S.B.G]

I got the option on my Early 2011 MBP with the original HDD.

I must have a bad memory from when I installed Yosemite, three times, to where I just don't recall the Filevault option.

 

[Abba1]

Maximum operability, Apple needs to set up OS X to it can work with as few problems as possible, enabling the Firewall may block some users needs, the savvy will turn on the Firewall and Stealth Mode ASAP.

OS X is still relatively safe, equally enabling the Firewall and Stealth mode are steps in further strengthening the systems security.

Q-6

I agree. And, I like making my own decisions. As it is, I use both Apple's firewall and a compatible firewall over that. But, it is my decision to do so.

----------

On a similar note
New users should turn off all Autofill options in Safari.

Apple could at least have a read me which shows people that these details of set-up need to be addressed with a new computer.

I like the idea of Apple having a "read me" for new users. But, most users who come from a Microsoft environment will have so much more to learn in order to use Mac, that a "read me" might not be practical for Apple. The bookstore, be it online or physical, is their best bet. And, there are enough books tailored for beginners that they will learn then what has to be done.

----------

Ha, a firewall wouldn't do much in a public network. You need to be using a VPN at the very least.

I have an additional firewall that actually does protect in a public network. It automatically changes from Home to Work to Public Hotspot, and in the latter nothing gets in without your explicit permission.

----------

I must have a bad memory from when I installed Yosemite, three times, to where I just don't recall the Filevault option.

It was there for me after a clean install. I do worry about beginners using FileVault, however, as they are in danger of losing everything in it if they forget their password as sometimes happens.

 

[NoBoMac]

The yellow dot on Firewall is when you turn on "Block all incoming connections". With the warning that basically says "lots of stuff will not work with this setting".

 

[bbfc]

Another thing that may be bad for non tech users is that when you enable the firewall the light in the setting turns yellow and there's a warning triangle like it's very wrong to do it. On Windows on the other hand it's green when you turn it on and you get warnings and red when you turn it off.

I know that windows is by nature less secure than Mac OS, but this could be confusing for the non tech users.

It's green for me. Looks like you have something that needs attention.

 

[fisherking]

if i'm at home, and i have the firewall turned on on my router, why would i have it on on my mac as well? just trying to understand this...

 

[S.B.G]

It was there for me after a clean install. I do worry about beginners using FileVault, however, as they are in danger of losing everything in it if they forget their password as sometimes happens.

That is the compromise we have to make for security over convenience these days. I wish it weren't so.

I have Filevault turned on and keep my password, in my head, but also in a secure location as well as the recovery key.

 

[MikhailT]

I have an additional firewall that actually does protect in a public network. It automatically changes from Home to Work to Public Hotspot, and in the latter nothing gets in without your explicit permission.

You might know what to do but that means nothing for majority of the public.

Also, a firewall does nothing to protect you against MITM attacks. You can't in advance know what's coming in has not been changed. The firewall does not verify the certificates.

Unless you're talking about something else.