“Macs don’t get viruses, do they?”
It’s a question I’ve been asked many a time by somewhat less tech savvy friends. There’s a perception that the Macintosh is impervious to security issues, and while it’s true that your Mac can’t run the majority of nasty software out there (unless you’re running Windows on your Mac of course!), complacency is never a good idea!
In this series of articles for For Mac Eyes Only, I’ll be examining some basic steps you can take to ensure your Mac is kept safe and secure. In this first post, I’ll be looking at some basic principles and then delving into the Mac OS X Firewall.
Principles
Trust
Whether it’s choosing which software to install, with whom you want to share your files, or anything else, trust is important.
For example, when I’m connected to my home network, I have a higher level of trust in that network and the computers connected to it than if I were connected to a public WiFi network in a coffee shop. It sounds obvious — and perhaps it is — but the way I’m going to ask my computer to behave will be different because of those two levels of trust.
It’s a similar question when it comes to installing software, or giving your personal information to websites. You need to ask yourself questions — who are these people and are they reputable? What is ‘the deal’ here?
Again, it’s often common sense and is probably applicable in more situations than just computer security, but stopping and thinking about trust — considering for a moment with whom you want to create a trust relationship — can save you headaches (or maybe worse) down the line.
Switch Things Off! (When you’re Not Using Them)
Our modern computer systems are packed with useful and convenient features. We can easily share information with others — sometimes too easily. It’s very easy to switch on a cool feature, use it once, and then leave it on for months afterwards. I have certainly been guilty of this in the past. Each feature you have enabled but aren’t using is one more potential security risk, so it makes sense to switch off anything you’re not using.
We’ll look at this in more detail in a future post, but in the meantime, go ahead and investigate the ‘Sharing’ pane of System Preferences to see what you might have turned on.
The Firewall
For those not in the know, a firewall is a network security tool that filters communications between your computer and things ‘out there’ on the network. It makes these filtering decisions based on rules. Some of those rules might be built-in, such as, “did the user ask for this connection to be made? If not, block it!” And some might be customisable, like “allow ‘Dropbox’ to accept connections from the local network”. Without a firewall, anything on your computer can potentially become a ‘server’ to anything else out on the internet, and anything out on the Internet can potentially connect to your computer!
Note that a firewall can be either software or hardware — if you connect to the Internet through a ‘NAT router’, such as an AirPort Extreme or most other home routers produced in the last few years, that router is acting as your first line of defence and is doing the job of a firewall. It still doesn’t hurt to turn on your software firewall as well though — while your router might do a great job on your home network, if you take your Mac and connect it to other networks, perhaps at a friend’s house, or a public hotspot, your software firewall will suddenly be promoted to that all-important primary defensive role.
Firing up the Firewall
Mac OS X has a software firewall built-in, but curiously, it isn’t enabled by default. Here’s how you can switch it on in OS X 10.6 Snow Leopard.
Go to the Apple menu and choose System Preferences. Click on the Security option, and go to the Firewall tab. If the padlock in the bottom left of the window is locked, you’ll need to click it and enter an administrator password to be able to make any changes.
Here, you can see the status of the firewall. If it’s ‘Off’, go ahead and click Start to switch it on. It’s actually that simple to enable the firewall. It will stay switched on and protecting your Mac from unwanted connections until you come back to this page and tell it to stop.
Some Advanced Options
If you click Advanced…, there are actually a few more settings you can choose from. If you want detailed control over which applications on your computer are allowed to accept incoming connections, you can use the list on this page to block or allow individual apps. Just click on the plus symbol, find the app in question, and then select ‘Allow incoming connections’ or ‘Block incoming connections’.
If you’re connecting to a network that you really don’t trust, you can enable the ‘Block all incoming connections’ option. This might impact the functionality of some applications, of course, but means that — as the description tells us — only the most essential services are allowed to work. No third party applications will be allowed to accept incoming connections.
The ‘Automatically allow signed software to receive incoming connections’ option is, I believe, enabled by default. This means that any software that is ‘signed’ as coming from a trustworthy source will be considered trusted and will be allowed to poke its head through the firewall. This is a reasonable compromise if you trust (see that word coming up again?) the apps you have installed. Without this option, you will get a number of ‘Allow/Deny’ popup windows the first time you launch some applications after enabling the firewall.
Finally, the ‘Enable Stealth Mode’ option is something I always switch on. It’s not vital, but with this option switched on, you’ll be less visible to those sniffing around for computers to attack. It’s akin to keeping your valuables out of sight — it’s not bulletproof, but it’s something that is easy to do that makes you less of a target.
‘Better Out than In’?
Note that the block and allow controls for each application under the Advanced options don’t prevent these applications from communicating at all. They only affect incoming connections — allowing these applications to accept communications from other computers.
If you want to have control over which applications on your Mac can have any communications with the outside world, you’ll need to do your homework and look at some third-party software, such as Little Snitch.
Join Us Next Time…
The OS X firewall is a pretty easy-to-use, and very useful, tool for protecting your Mac. As I mentioned earlier, though, it’s not the whole story. Next time in this ‘Securing your Mac’ series, we will be looking in more detail at the Sharing pane of System Preferences — and the risks you might want to be aware of when using Mac OS X’s sharing capabilities on public networks. See you then!
For More Reading:
The steps above are for enabling the software firewall in Snow Leopard. For the steps to enable the software firewall is OS X 10.5 Leopard, please see Apple’s support article on the subject: Mac OS X v10.5, 10.6: About the Application Firewall.
Hi Peter
Thanks for covering an interesting subject and giving us a valuable insight into the intricacies of security within the Mac. I’m looking forward to your future articles from which I’m sure there will be much to learn!
Jane,
Thanks very much for your feedback. I’m already looking forward to starting the next instalment! :)