Very basic security questions - Help!

Joined
Jun 14, 2008
Messages
100
Reaction score
0
Points
16
Location
Wilmington, NC
Your Mac's Specs
iMac 21 Inch - 3.1 GHz I7 Quad Core - 16 GB RAM - 512 GB SSD, iPod Nano, iPad Air - 16GB Wifi Only
OK, I am the very, very low end on tech knowledge / ability. I have read all the post in this thread on "Security". Most of it (almost all of it) is over my head. So, here goes: I am running an iMac, late 2013, Intel i7 quad core, 16 gigs RAM,
& a 500 SDD that's only 1/4 full. OSX Yosemite, 10.10.5 - and everything is working fine. All the news about hackers holding companies and even individuals hostage until they pay to have their computer unlocked is un-nerving at the least.

Here's what I do: (I am retired and spend at least two hours daily on line): I send receive e-mail via g-mail, transact brokerage transactions and on-line banking stuff, visit photography web sites, Amazon, - all pretty much main stream sites.
After reading all the issues on VPNs and security on my iMac I clicked on: "System Preferences", "Security & Privacy", and then "Firewall". The Firewall was turned off - so I turned in on and then sent a test g-mail message and logged into one of the financial web sites and everything worked fine.

Oh yeah, I have the Apple Time Machine regularly backing up my whole hard drive. If, unlikely as it is, a hacker encrypted my computer hard drive would the copy of my hard drive on my Time Machine also be encrypted? I connect to the internet via an ATT phone line DSL. See, I really am lost in the computer world!
Thanks!

And, as a footnote: I would gladly pay the $6. to $8. a month the companies charge for their step-up (from their free version) for VPN service - but - do I really need that?
 
Joined
Oct 6, 2014
Messages
47
Reaction score
0
Points
6
The firewall is essential so it's good to have it on. TMB are very good in case you do happen to get ransomware you can recover fairly easily. However, it's probably a good idea to also get a anti-malware program as well to prevent most problems in todays world. OSX doesn't have as many problems as other operating systems but it does have some.
 
Joined
Nov 1, 2007
Messages
1,246
Reaction score
80
Points
48
Location
Swansea - South Wales
Your Mac's Specs
21 M1 Pro 14" MBP, 23 M2 Pro Mac Mini (MacOS 14), iPhone 15 Pro Max (iOS 17), iPad 6 (iPadOS 17)
Some say as long as your router has a firewall then you don't need the OSX one on as well. Personally I have both switched on with no visible problems.

Software protection wise, I'd install the following extensions to Safari:

- Adblock +
- Ghostery.

Also, download this and run it occasionally:

https://www.malwarebytes.org/antimalware/mac/

Stick to safe websites, make sure you never give any personal details to anyone who contacts you out of the blue and you should be OK.
 
Joined
Jan 20, 2012
Messages
5,053
Reaction score
414
Points
83
Location
North Carolina
Your Mac's Specs
Air M2 ('22) OS 14.3; M3 iMac ('23) OS 14.3; iPad Pro; iPhone 14
Some say as long as your router has a firewall then you don't need the OSX one on as well. Personally I have both switched on with no visible problems.

Software protection wise, I'd install the following extensions to Safari:

- Adblock +
- Ghostery.

Also, download this and run it occasionally:

https://www.malwarebytes.org/antimalware/mac/

Stick to safe websites, make sure you never give any personal details to anyone who contacts you out of the blue and you should be OK.

Just a 1+ for Nick's suggestions above - I do exactly the same; concerning the firewall, I also have both the one in my AirPort Extreme router and have the OS X one activated - we've had a LOT of discussion on this issue in several other threads w/ variable opinions - I've never had an obvious problem w/ both on. Dave :)
 
Joined
Nov 28, 2007
Messages
25,564
Reaction score
486
Points
83
Location
Blue Mountains NSW Australia
Your Mac's Specs
Silver M1 iMac 512/16/8/8 macOS 11.6
I leave the firewall at Apple's default - off. The firewll in the router does a more than sufficient job and I also have never had a significant problem since using OS X.1.

+1 for Gohostery, AdblockPlus, Malwarebytes for Mac and a little free utility called Onyx.
 
M

MacInWin

Guest
I agree with all that's been said, and I'll chip in that I have the firewall on. There is a firewall in my router, but the software firewall is on because occasionally I take the MBP on the road and connect to public networks, so having the FW defaulted ON means I don't have to remember to turn it on when I am on the road. The two work well together, so it seems to me to make sense not to have to remember one more thing when go on the road.

One other thing is that TM backups are NOT bootable, so if your system does get impacted and you need to wipe it out and start over from the backups, you may want to create a bootable USB stick, or a bootable external drive. That way you can boot from that, restore the TM backup and be back in the water pretty quickly. Even faster if the bootable external is a full clone of the internal drive, because then you just boot from it and clone it back to the internal drive and you are fully restored. I do both TM and clone backups daily. I use Carbon Copy Cloner, but SuperDuper! will do the same thing.
 
Joined
Jan 1, 2014
Messages
629
Reaction score
52
Points
28
Your Mac's Specs
MacBookPro 13 v11.1, i5 2.4 GHz, 256 GBs SSD, 8 GBs DDRs
Certainly, files can and will be encrypted on the Mac via Cryptolocker variants. It can take place directly on the Mac, but the most common venue is some versions of Windows running in a virtual environment, such as:

  1. Parallels
  2. VMWare Fusion
These and other solutions allow sharing files between the host and the virtual machine. Cryptolocker will encrypt these and network accessible files, in addition to the files on the local drives. While it is convenient for the end user accessing document in both OSs, it's a feature that should be disabled in my view.

Backups, especially the data backups, should be off line and encrypted. If the backup media is available for Cryptolocker, it'll encrypt the backup as well. I usually keep daily encrypted data backups offline, rotate them out on the FiFo based daily backups, keeping five days any given time.
 
Joined
Mar 22, 2015
Messages
117
Reaction score
11
Points
18
Perhaps we newbies could benefit from learning what exactly a firewall does. I run both the router firewall and the software one on my mac. I have no idea what either one does and is it detrimental to performance to run both?
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
The Firewall on a new Mac is off by default. Apple assumes that your router Firewall will be protection enough. Keeping both your Mac's Firewall on along with that of the router does no harm and might actually be a good thing in case you're out in the public somewhere using free WiFi. Your Apple Firewall protects both incoming and outgoing actions.
 

Slydude

Well-known member
Staff member
Moderator
Joined
Nov 15, 2009
Messages
17,596
Reaction score
1,072
Points
113
Location
North Louisiana, USA
Your Mac's Specs
M1 MacMini 16 GB - Ventura, iPhone 14 Pro Max, 2015 iMac 16 GB Monterey
@Charlie I don't want to gum up the works unnecessarily with pointless questions. I used to have the firewall on but don't now mainly because I rarely take the MacBook Pro on the road. so here's the question for the benefit of everyone who is not a techie but still concerned about security: Isn't the quality / effectiveness of the built-in firewall somewhat dependent upon whether the OS is / is not up to date? 10.6.8 for example, is the most up to date version of Snow Leopard one can get but I doubt its as effective as something more modern such as El Capitan.
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
Sure, Snow Leopard is probably less secure than El Capitan, but that should not change the way the built in firewall works.
 
Joined
Jan 20, 2012
Messages
5,053
Reaction score
414
Points
83
Location
North Carolina
Your Mac's Specs
Air M2 ('22) OS 14.3; M3 iMac ('23) OS 14.3; iPad Pro; iPhone 14
Thanks for the reply!

Sure, Snow Leopard is probably less secure than El Capitan, but that should not change the way the built in firewall works.

@ Pasquanel - really difficult to summarize the concept of a firewall in just a forum post - of course, there are hardware & software firewalls (both of which I'm using at the moment w/ my AirPort Extreme router & the OS X firewall on) - SO, please look at the these numbered links for MUCH more information: Link 1 Link 2 Link 3 Link 4

As to whether your Mac OS X firewall should be ON or OFF has been much debated, both here in this forum and also in the links just given - if you're at home behind a router w/ a hardware firewall, then the software one may not be needed, but many of us still have it ON - NOW, if you are taking your laptop on the road and connecting to public Wi-Fi networks, then certainly use the OS X firewall.

@ Chscag - when looking at 'System Preferences' in El Capitan (and presumably many previous OS Xs), the 'incoming' traffic seems to be easily controlled, but to me at least, 'outgoing traffic' control is just not obvious - does not seem to be clear in the GUI - maybe more of a terminal issue - don't know. Just bringing up some confusion I've had w/ this outgoing issue since switching over to Apple computers. Thanks. Dave :)
 

Slydude

Well-known member
Staff member
Moderator
Joined
Nov 15, 2009
Messages
17,596
Reaction score
1,072
Points
113
Location
North Louisiana, USA
Your Mac's Specs
M1 MacMini 16 GB - Ventura, iPhone 14 Pro Max, 2015 iMac 16 GB Monterey
Sure, Snow Leopard is probably less secure than El Capitan, but that should not change the way the built in firewall works.
That's kinda the point. Bet there are people out there who don't realize that the internal firewall is only as secure as the version of the OS behind it. In other words regardless of how the firewall operates they are expecting it to be as up-to-date as more recent OS versions.
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
That's kinda the point. Bet there are people out there who don't realize that the internal firewall is only as secure as the version of the OS behind it. In other words regardless of how the firewall operates they are expecting it to be as up-to-date as more recent OS versions.

And that's exactly the reason we harp on folks to update OS X from those older less secure versions. ;)
 
Joined
Jan 1, 2014
Messages
629
Reaction score
52
Points
28
Your Mac's Specs
MacBookPro 13 v11.1, i5 2.4 GHz, 256 GBs SSD, 8 GBs DDRs
Both the local and broadband firewalls have advantages, but...

The firewall is a network layer protection, pretty much a gatekeeper of network traffic based on source/destination and port number or protocol. All of them are stateless nowadays, meaning that the initial, or first time seen connection is checked against the firewall rule base, and if the connection allowed, the reply and subsequent connections flow through without further evaluation against the firewall rule.

Generally, both of the firewall types allow all outbound connection and protocols, while blocking all incoming connection request by default. Yes, it'll protect against direct attacks from the outside or the internet, but it will not block internal host's applications initiating a connection to the outside. This allows the end-user accessing the internet with any of the applications installed on the system. The any application includes malware on the system, if any; the firewall will not differentiate between the applications. In another word, the firewall will not prevent the "hacked system" calling home, or calling the command and control center, nor will the firewall block the responses to the "calling home" initiated connection.

By no means I am saying that there's no use in activating the firewall, quite the opposite. The firewall does have its purpose in your layered security protection, just keep its limitations in mind.
 
Joined
Mar 22, 2015
Messages
117
Reaction score
11
Points
18
I tried running both the router and Apple firewall but I use voyage for my home phone (voip) and it stopped the phone from working.
 
Joined
Apr 26, 2008
Messages
2,963
Reaction score
120
Points
63
Location
Belgium
Your Mac's Specs
iPad Pro 12.9 latest iOS
To the OP ..... also do not install anything that you did not specifically went looking for.
If you see pop-up windows on your screen saying you should install/upgrade this that an the other, .... think twice.
Do not install directly from that pop-up window, but browse to the vendor's website and install from there if need be.

Cheers ... McBie
 
Joined
Jun 26, 2008
Messages
351
Reaction score
25
Points
28
Location
Mississippi
Your Mac's Specs
iMac and Macbook
I am glad I read this thread. My firewall was turned off and I was not really aware of it. My 2015 MacBook Pro also has firevault and it was turned on by default. I assume that is okay.
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
I am glad I read this thread. My firewall was turned off and I was not really aware of it. My 2015 MacBook Pro also has firevault and it was turned on by default. I assume that is okay.

Yes, that's OK but please do not forget your Filevault password or your data could be gone forever. ;)
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top