Mac Firewalls

Do Mac users need a firewall?

Macintosh pundits disagree about the need for security. Apple's operating systems are structured differently than Windows operating systems and are less vulnerable to attack. In addition, because Apple systems represent a minority market share, they have been less attractive targets for malicious hackers. Mac users running OS X have a firewall included in the operating system (two, actually, as of Mac OS X 10.5.1). By default, the Mac firewall closes the most-exploited ports, requiring users to actively enable ports for file sharing, print sharing or personal web hosting.

The Leopard and Snow Leopard operating system firewalls block only inbound connections, meaning they won't prevent spyware from "phoning home" with your sensitive data or browser history. Older Mac firewall technology, called ipfw, or ipfirewall, remains part of the operating system. Though that technology is capable of blocking outgoing connections, it is turned off by default and can be challenging to configure for all but the most advanced users. For that reason, Macworld authors Rich Mogull and Chris Pepper recommend using a third-party front-end for that firewall, such as Hanynet's WaterRoof (for advanced users) or NoobProof (for less experienced users) if you want to make use of IPFW; both are free.

Mogull and Pepper conclude that "for most users, the firewalls built into OS X are enough," but Macworld does review several third-party firewalls. Little Snitch (*Est. $30) from Objective Development gets the highest rating among the latest standalone firewall offerings. According to Mogull and Pepper, Little Snitch is pre-configured not to interfere with safe surfing while allowing the user to control inbound and outbound connections. It also has a network monitor, which shows users which programs are accessing their network. The reviewers recommend Little Snitch "for those whose computers are always online, or are often online in public places." Only a handful of users at Download.com rate Little Snitch, but the latest version has some very satisfied users.

Mac users looking for a firewall program as part of a security suite may like ntego's VirusBarrier X6 (*Est. $50 for up to 2 Macs). The program combines Intego's old NetBarrier firewall and network software (no longer available separately) with an antivirus program and other functions. Nicholas Bonsack at Macworld doesn't test VirusBarrier X6 but says that its improvements include a two-way firewall, phishing and spyware protection, and "dynamic code monitoring" to identify new kinds of malware. Tom Gorham at Britain's Expert Reviews does conduct testing and says, "VirusBarrier's firewall is both easier to understand and more configurable than Mac OS X's built-in offering." He adds that the program's anti-spyware functionality resembles that of Little Snitch. Intego also offers a more comprehensive security solution, SecurityBarrier X6 (*Est. $80 for up to two Macs), which adds anti-spam, parental control, back up and data protection features. However, user feedback is sparse, and we did not see any professional feedback for that suite.

Many free firewall programs have been developed for Linux. However, none of these has been formally reviewed by any well-regarded critics. TopBits.com describes a dozen of them and has links; see Useful Links for more information.