Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Apple Firewall off by default?

Over the last couple of weeks I've been setting up a LOT of new iMacs for my work. One thing I've noticed among all of them is that the firewall is off by default and has to be turned on. Then I was tweaking my own settings on my laptop and noticed that my firewall was off despite having turned it on years ago with a "set it and forget it" type mentality, knowing that it'd be on unless something turned it off or I purposefully did that. Is this just a fluke? Sure if your network is protected at least you have some manner of security but it just seems silly to have to turn something on when even Windows has theirs on automatically. (And even screams at you when it's off)  The question for me remains, why would Apple have a key security feature on their hardware, off, right out of the box?

 

Firewall.thumb.png.0ccb426936e7835e7b531706d9bd77ce.png

Have Fun, Be Yourself, and live your life the way you want to.

Link to comment
Share on other sites

Link to post
Share on other sites

Similar to other unix based OSes. 

 

See firewalls are important but you dont always need them. If nothing is listening on a port, nothing will happen. Very few services are listening by default on many ports, reason why firewalls are not needed as bad as Windows which can have 10s of ports listen upon boot. 

Link to comment
Share on other sites

Link to post
Share on other sites

10 hours ago, mynameisjuan said:

Similar to other unix based OSes. 

 

See firewalls are important but you dont always need them. If nothing is listening on a port, nothing will happen. Very few services are listening by default on many ports, reason why firewalls are not needed as bad as Windows which can have 10s of ports listen upon boot. 

Considering how many people use laptops that would be a very poor decision on Apples part.

 

It also doesn't matter how "very few" ports are listening, as it only takes one service with a flaw or something the user installed opening a port to become a huge security issue.

Router:  Quotom-Q555G6-S05 running pfSense WiFi: Zyxel NWA210AX (~940Mbit peak)

Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX
ISPs: Zen VDSL (~74Mbit) + VOXI 4G [Vodafone] (~120Mbit) + Three 5G (~500Mbit average)

Link to comment
Share on other sites

Link to post
Share on other sites

12 hours ago, Alex Atkin UK said:

Considering how many people use laptops that would be a very poor decision on Apples part.

 

It also doesn't matter how "very few" ports are listening, as it only takes one service with a flaw or something the user installed opening a port to become a huge security issue.

There still is a firewall in almost any basic router you pick up. Yeah it is a concern but not as much as you think. 

Link to comment
Share on other sites

Link to post
Share on other sites

On 10/15/2018 at 6:21 AM, DaPhuc said:

So they can spy on you easily with the Firewall off. 

Contrary to popular belief, of all the big software and hardware companies, Apple really doesn't give a shit about your personal information. They don't even want to collect your data.

PC Specs - AMD Ryzen 5 5600X MSI B550M Mortar 16GB Crucial Ballistix DDR4-3600 @ CL15 - RX5700XT 660p 1TBGB & 256GB 600p Fractal Define Mini C CM V550 - Pop!_OS 20.04

 

Link to comment
Share on other sites

Link to post
Share on other sites

2 hours ago, mynameisjuan said:

There still is a firewall in almost any basic router you pick up. Yeah it is a concern but not as much as you think. 

But you aren't necessarily using your computer on a secure network, thus its a problem.

 

Plus if your network is running on IPv6 you can't be sure how much access your router is allowing.

 

One company assuming the security of another company will "avoid the problem" is just downright bad practice!  If both Apple and your router manufacturer don't give a crap, you're in trouble.

Router:  Quotom-Q555G6-S05 running pfSense WiFi: Zyxel NWA210AX (~940Mbit peak)

Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX
ISPs: Zen VDSL (~74Mbit) + VOXI 4G [Vodafone] (~120Mbit) + Three 5G (~500Mbit average)

Link to comment
Share on other sites

Link to post
Share on other sites

39 minutes ago, Alex Atkin UK said:

But you aren't necessarily using your computer on a secure network, thus its a problem.

 

Plus if your network is running on IPv6 you can't be sure how much access your router is allowing.

 

One company assuming the security of another company will "avoid the problem" is just downright bad practice!  If both Apple and your router manufacturer don't give a crap, you're in trouble.

I think you are confused on security. 

 

But if you want to criticize Apple you need to criticize every Linux distros as they dont have it by default. Seriously, its not that big of a problem.

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, mynameisjuan said:

I think you are confused on security. 

 

But if you want to criticize Apple you need to criticize every Linux distros as they dont have it by default. Seriously, its not that big of a problem.

Apple devices are for novices, Linux is more for experts, big difference.  Plus I'm not sure that's true, fairly sure I had to manually disable the firewall every time I reinstalled Linux.

Router:  Quotom-Q555G6-S05 running pfSense WiFi: Zyxel NWA210AX (~940Mbit peak)

Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX
ISPs: Zen VDSL (~74Mbit) + VOXI 4G [Vodafone] (~120Mbit) + Three 5G (~500Mbit average)

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, Alex Atkin UK said:

Apple devices are for novices, Linux is more for experts, big difference.  Plus I'm not sure that's true, fairly sure I had to manually disable the firewall every time I reinstalled Linux.

Ubuntu just started enabling the firewall by default last year. And to contradict your own point, if its so important why are you disabling the firewall?

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, mynameisjuan said:

Ubuntu just started enabling the firewall by default last year. And to contradict your own point, if its so important why are you disabling the firewall?

I knew you would say that and I already explained, people using their machines on insecure networks.

 

I keep it enabled on my laptop but off on my NAS as all firewalling is done on my pfSense box.

Router:  Quotom-Q555G6-S05 running pfSense WiFi: Zyxel NWA210AX (~940Mbit peak)

Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX
ISPs: Zen VDSL (~74Mbit) + VOXI 4G [Vodafone] (~120Mbit) + Three 5G (~500Mbit average)

Link to comment
Share on other sites

Link to post
Share on other sites

4 hours ago, NelizMastr said:

Contrary to popular belief, of all the big software and hardware companies, Apple really doesn't give a shit about your personal information. They don't even want to collect your data.

LOL, how do you know they won't collect your data? You can't trust their words when their actions say opposite. 

Link to comment
Share on other sites

Link to post
Share on other sites

On 10/16/2018 at 10:49 AM, mynameisjuan said:

I think you are confused on security. 

 

But if you want to criticize Apple you need to criticize every Linux distros as they dont have it by default. Seriously, its not that big of a problem.

This argument makes absolutely zero sense.

 

Linux does it because by default there's no ports listening - sure. But Linux also does it because they EXPECT users to configure and tweak the system to the exact specifications they want, including whether (and to what degree) to use the Firewall.

 

Linux is traditionally for expert users.

 

macOS is used by Novice users, many of whom wouldn't even know what a firewall is.

 

The different OS's are aimed at users with different skill levels.

 

On 10/16/2018 at 10:53 AM, mynameisjuan said:

Ubuntu just started enabling the firewall by default last year.

And to add onto that, Ubuntu, the OS that is largely considered "Linux for noobs", so if they are shipping with the Firewall enabled, that's likely due to an increase in novice users.

On 10/16/2018 at 10:53 AM, mynameisjuan said:

And to contradict your own point, if its so important why are you disabling the firewall?

What? This point makes no sense.

 

So because he wants to disable the firewall, that means his argument that the firewall should be enabled by default to protect novice users is flawed? I don't think so.

 

An expert can make the decision to disable the firewall safely, because he can plan for this, and ensure other security is in place (Eg: a firewall elsewhere, or making sure the system is secured with no listening ports, etc). A novice cannot do these things.

 

In my opinion, macOS should have the firewall on by default, as the vast majority of users are not experts.

For Sale: Meraki Bundle

 

iPhone Xr 128 GB Product Red - HP Spectre x360 13" (i5 - 8 GB RAM - 256 GB SSD) - HP ZBook 15v G5 15" (i7-8850H - 16 GB RAM - 512 GB SSD - NVIDIA Quadro P600)

 

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×