Apple Firewall off by default?

[Brio]

Over the last couple of weeks I've been setting up a LOT of new iMacs for my work. One thing I've noticed among all of them is that the firewall is off by default and has to be turned on. Then I was tweaking my own settings on my laptop and noticed that my firewall was off despite having turned it on years ago with a "set it and forget it" type mentality, knowing that it'd be on unless something turned it off or I purposefully did that. Is this just a fluke? Sure if your network is protected at least you have some manner of security but it just seems silly to have to turn something on when even Windows has theirs on automatically. (And even screams at you when it's off)  The question for me remains, why would Apple have a key security feature on their hardware, off, right out of the box?

 

[Speed Weed]

So they can spy on you easily with the Firewall off. 

[mynameisjuan]

Similar to other unix based OSes. 

 

See firewalls are important but you dont always need them. If nothing is listening on a port, nothing will happen. Very few services are listening by default on many ports, reason why firewalls are not needed as bad as Windows which can have 10s of ports listen upon boot. 

[Alex Atkin UK]

10 hours ago, mynameisjuan said:

Similar to other unix based OSes. 

 

See firewalls are important but you dont always need them. If nothing is listening on a port, nothing will happen. Very few services are listening by default on many ports, reason why firewalls are not needed as bad as Windows which can have 10s of ports listen upon boot. 

Considering how many people use laptops that would be a very poor decision on Apples part.

 

It also doesn't matter how "very few" ports are listening, as it only takes one service with a flaw or something the user installed opening a port to become a huge security issue.

[mynameisjuan]

12 hours ago, Alex Atkin UK said:

Considering how many people use laptops that would be a very poor decision on Apples part.

 

It also doesn't matter how "very few" ports are listening, as it only takes one service with a flaw or something the user installed opening a port to become a huge security issue.

There still is a firewall in almost any basic router you pick up. Yeah it is a concern but not as much as you think. 

[NelizMastr]

On 10/15/2018 at 6:21 AM, DaPhuc said:

So they can spy on you easily with the Firewall off. 

Contrary to popular belief, of all the big software and hardware companies, Apple really doesn't give a shit about your personal information. They don't even want to collect your data.

[Alex Atkin UK]

2 hours ago, mynameisjuan said:

There still is a firewall in almost any basic router you pick up. Yeah it is a concern but not as much as you think. 

But you aren't necessarily using your computer on a secure network, thus its a problem.

 

Plus if your network is running on IPv6 you can't be sure how much access your router is allowing.

 

One company assuming the security of another company will "avoid the problem" is just downright bad practice!  If both Apple and your router manufacturer don't give a crap, you're in trouble.

[mynameisjuan]

39 minutes ago, Alex Atkin UK said:

But you aren't necessarily using your computer on a secure network, thus its a problem.

 

Plus if your network is running on IPv6 you can't be sure how much access your router is allowing.

 

One company assuming the security of another company will "avoid the problem" is just downright bad practice!  If both Apple and your router manufacturer don't give a crap, you're in trouble.

I think you are confused on security. 

 

But if you want to criticize Apple you need to criticize every Linux distros as they dont have it by default. Seriously, its not that big of a problem.

[Alex Atkin UK]

Just now, mynameisjuan said:

I think you are confused on security. 

 

But if you want to criticize Apple you need to criticize every Linux distros as they dont have it by default. Seriously, its not that big of a problem.

Apple devices are for novices, Linux is more for experts, big difference.  Plus I'm not sure that's true, fairly sure I had to manually disable the firewall every time I reinstalled Linux.

[mynameisjuan]

Just now, Alex Atkin UK said:

Apple devices are for novices, Linux is more for experts, big difference.  Plus I'm not sure that's true, fairly sure I had to manually disable the firewall every time I reinstalled Linux.

Ubuntu just started enabling the firewall by default last year. And to contradict your own point, if its so important why are you disabling the firewall?

[Alex Atkin UK]

2 minutes ago, mynameisjuan said:

Ubuntu just started enabling the firewall by default last year. And to contradict your own point, if its so important why are you disabling the firewall?

I knew you would say that and I already explained, people using their machines on insecure networks.

 

I keep it enabled on my laptop but off on my NAS as all firewalling is done on my pfSense box.

[Speed Weed]

4 hours ago, NelizMastr said:

Contrary to popular belief, of all the big software and hardware companies, Apple really doesn't give a shit about your personal information. They don't even want to collect your data.

LOL, how do you know they won't collect your data? You can't trust their words when their actions say opposite. 

[dalekphalm]

On 10/16/2018 at 10:49 AM, mynameisjuan said:

I think you are confused on security. 

 

But if you want to criticize Apple you need to criticize every Linux distros as they dont have it by default. Seriously, its not that big of a problem.

This argument makes absolutely zero sense.

 

Linux does it because by default there's no ports listening - sure. But Linux also does it because they EXPECT users to configure and tweak the system to the exact specifications they want, including whether (and to what degree) to use the Firewall.

 

Linux is traditionally for expert users.

 

macOS is used by Novice users, many of whom wouldn't even know what a firewall is.

 

The different OS's are aimed at users with different skill levels.

 

On 10/16/2018 at 10:53 AM, mynameisjuan said:

Ubuntu just started enabling the firewall by default last year.

And to add onto that, Ubuntu, the OS that is largely considered "Linux for noobs", so if they are shipping with the Firewall enabled, that's likely due to an increase in novice users.

On 10/16/2018 at 10:53 AM, mynameisjuan said:

And to contradict your own point, if its so important why are you disabling the firewall?

What? This point makes no sense.

 

So because he wants to disable the firewall, that means his argument that the firewall should be enabled by default to protect novice users is flawed? I don't think so.

 

An expert can make the decision to disable the firewall safely, because he can plan for this, and ensure other security is in place (Eg: a firewall elsewhere, or making sure the system is secured with no listening ports, etc). A novice cannot do these things.

 

In my opinion, macOS should have the firewall on by default, as the vast majority of users are not experts.