Why is the firewall STILL turned off by default?

[Abba1]

You might know what to do but that means nothing for majority of the public.

Also, a firewall does nothing to protect you against MITM attacks. You can't in advance know what's coming in has not been changed. The firewall does not verify the certificates.

Unless you're talking about something else.

I agree! But, don't throw out the baby with the bathwater. We need all the protection we can get in this hostile world. And most or even just much is better than none.

 

[Apple_Robert]

if i'm at home, and i have the firewall turned on on my router, why would i have it on on my mac as well? just trying to understand this...

No real need provided the router is set up properly. I think some just want to have it on in both places.

 

[n-evo]

Another thing that may be bad for non tech users is that when you enable the firewall the light in the setting turns yellow and there's a warning triangle like it's very wrong to do it. On Windows on the other hand it's green when you turn it on and you get warnings and red when you turn it off.

I know that windows is by nature less secure than Mac OS, but this could be confusing for the non tech users.

I see the text turns to gibberish as well! Anyway, the light turns yellow and you get a warning triangle because there is in fact something wrong. This is what happens on my iMac:

 

[fisherking]

No real need provided the router is set up properly. I think some just want to have it on in both places.

wouldn't there be a conflict if it's on in both places? or, perhaps, the possibility of an issue?

anyway, have been using macs since about 1996, and have NEVER had the firewall on on my mac (but always on the router)...

 

[S.B.G]

wouldn't there be a conflict if it's on in both places? or, perhaps, the possibility of an issue?

anyway, have been using macs since about 1996, and have NEVER had the firewall on on my mac (but always on the router)...

No, not really. They won't conflict with each other, but if you're allowing certain ports open in one, and not the other, then you'd see some issues with things not working properly.

 

[fisherking]

No, not really. They won't conflict with each other, but if you're allowing certain ports open in one, and not the other, then you'd see some issues with things not working properly.

and, because i'm not clear about this...what's the benefit of having the firewall on in 2 consecutive places (ie the mac, and the router)?

 

[S.B.G]

and, because i'm not clear about this...what's the benefit of having the firewall on in 2 consecutive places (ie the mac, and the router)?

Really, none. You only need one, properly configured in use. The software firewall, in OS X, doesn't need to be on when you're behind your own hardware firewall, such as most wifi routers.

The time you would need to turn the software firewall on is if you are taking a laptop to a cafe and using public wifi.

 

[fisherking]

Really, none. You only need one, properly configured in use. The software firewall, in OS X, doesn't need to be one when you're behind your own hardware firewall, such as most wifi routers.

The time you would need to turn the software firewall on is if you are taking a laptop to a cafe and using public wifi.

got it thanx!

 

[cathul]

OS X is still relatively safe, equally enabling the Firewall and Stealth mode are steps in further strengthening the systems security.

Q-6

Stealth mode does nothing except telling people "Hey look, there is something, but i don't say what it is.... yet".
Real stealth mode can be achieved by shutting down every single network interface you have on your computer, i.e. shutting down wifi, removing the network cable and stuff like that.

_This_ is real stealth mode, because the connected router then says "destination not reachable", which is in compliance with RFCs for internet networking.

Using stealth mode, i.e. dropping ICMP messages can lead to unexpected behavior like MTU discovery not working and stuff like that, so you better leave it disabled.