Snow Leopard: Enabling the Built-in Firewall

| TMO Quick Tip

Mac OS X 10.6 has several built-in security features including its own firewall to help protect you from network and Internet-based attacks. Unfortunately, the firewall is disabled by default -- and even if you enabled it in Leopard, upgrading to Snow Leopard disables it again. Turning Snow Leopard's firewall on, however, only takes a couple of steps.

To enable Snow Leopard's firewall, do this:

  • Choose Apple menu > System Preferences.
  • Click the Security Preference Pane.
  • Click the Firewall tab.
  • Click Start to turn your firewall on. If the button says Stop, your firewall is already running.

Enabling Snow Leopard's firewall.

Once your Mac's firewall is running, it's going to take a lot more effort for unauthorized users to get at your files. Think of it like a protective wall that helps keep Internet bad guys at bay.

You can also make your Mac invisible to other computers on the Internet. Here's how:

  • While you are still in the Security Preference Pane's Firewall tab, click Advanced.
  • Check Enable Stealth Mode.
  • Click OK.

Stealth Mode is like an Internet cloaking device for your Mac.

Protecting your Mac from unwanted hacking attempts is what firewall are good at, but they can't keep you safe from virus threats. Viruses aren't a big threat for Mac users now, but many business still require Mac using employees to install and use virus protection software, so be sure to check with your IT department to see if they have any special requirements.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

Comments

Islandgirl45

I have a question about the firewall on a network. I hope to purchase a Time Capsule when I get my next Mac.

Does the Mac still need the firewall turned on if it connects to the Internet through the Time Capsule’s airport connection? If so, is Stealth Mode usable through the Time Capsule?

Nemo

While Stealth Mode is a good security feature, folks should be aware that activating it can prevent certain websites, such as Hulu, from functioning properly.

DCJ001

I upgraded to 10.6 on August 28. I just checked and I found that my firewall is enabled and I am already in stealth mode. I don’t recall how long ago I enabled both of these (probably 1 1/2 years ago). But saying, “... the firewall is disabled by default—and even if you enabled it in Leopard, upgrading to Snow Leopard disables it again” is incorrect - at least for me it is.

UrbanBard

There are differences between your wired local area network and the internet. You can enable local sharing by clicking on the sharing icon in System Preferences. This will allow your local printer, DVD, scanner and bluetooth to be shared by other computers on your Local Area Network. You can also enable file and screen sharing, as well.

Time machine and time capsule are unaffected by a firewall. You can easily buy a USB-2 or Firewire external drive to backup to and then allow other people on your LAN to see it, access it and back up to it. It should cost you about $100 for a name Brand One Terabyte USB 2/ Firewire external drive at Buy.com. If you can afford to use a wired connection, the better. It is more secure than a wireless one. Even a connection through power lines is better, because the signals get blocked at the transformer. Stealth mode has nothing to do with this.

What a firewall does is to protect you from the internet by controlling the ports. A firewall makes it more difficult for an outside computer to get through to attack you. Stealth mode causes your computer not to answer when an unexpected call comes in. That way, a strange computer making a random call to see who is at home doesn’t get an answer, so it goes on its way to attack someone else.

What Apple is doing, by leaving open its firewall, is to migrate toward an Application Firewall. A generic firewall, which is normally used on Wintel machines, blocks everyone, so it must be kept off. That is fine when you are in a hostile environment where everyone is attacking you. Converts from the Linux/PC community expect that kind of firewall and get paranoid when it isn’t present, as with Apple Macs.

Apple computers are not under systematic attack; little of the malware in the PC marketplace works on it. Leaving the firewall open is not that great a hazard. But, evil people want to break into your computer, so constantly improving security is necessary. Apple is taking preventive measures far in advance of any real threat. Increasingly, every OS, application and process will be sand-boxed in it own virtual space.

An Application Firewall, inside a sandbox, allows each application to control it’s expected ports.  That way an application can verify that an internet source is legitimate. Since the application’s software controls the criteria for judging this, then the source can be put through a series of queries which it must satisfy before it gets put through. The source must supply many certificates of authenticity. Apple has been moving toward this kind of system for the last three years, but it is not, yet, fully in place.

If it makes you feel more secure to follow the author’s advise, do so. I have. It won’t make you BE any safer, just FEEL safer. Eventually, Apple will make the necessary changes to enable the Application Firewall, but that might not be until 10.7 or 10.8.

Snow Leopard has very secure UNIX03 foundations which protect us from virus, worms, adware and spyware. Apple recently added programs which notify you that a communication or a program is Spam, a Trojan horse or a Phishing attack. The Application Firewall will be added to these preventive measures. It will make it even more difficult for outsiders to attack you. But, it is not yet fully in place, so Apple doesn’t talk much about it.

geoduck

Nicely put UrbanBard. I’m sure that clarified things for a lot of people, including me.

nytesky

But saying, ?... the firewall is disabled by default?and even if you enabled it in Leopard, upgrading to Snow Leopard disables it again? is incorrect - at least for me it is.

I completely agree. I just checked my MacBook Air and the firewall is already enabled. Better double check you facts.

Dave Hamilton

DCJ001 said: But saying, ?... the firewall is disabled by default?and even if you enabled it in Leopard, upgrading to Snow Leopard disables it again? is incorrect - at least for me it is.
I completely agree. I just checked my MacBook Air and the firewall is already enabled. Better double check you facts.

Actually, we triple-checked (at least!). And on all the Macs we did check, the built-in firewall was disabled after the upgrade to Snow Leopard. On the flip side, you now have confirmed your firewall is on like you wanted it to be: that’s not a bad thing at all!

Dave Hamilton

And I’ll add my thanks to UrbanBard for the in-depth commentary. That’s extremely helpful!

DaMoose

I have a firewall for my LAN and it is enabled by my router. I can avoid the firewall using ShareTool. This allows me to access my home computer remotely when I am on travel. I can then see my home system’s desktop on my remote laptop. Question is will this addition firewall block remote access?

UrbanBard

I’m not sure what it happening, DaMoose. Local Area Networks can get very large and complex. They can extend across the country or the world through satellites.

It depends on what that router is attached to and what you have enabled on the Sharing page. There is web sharing in the sharing menu on System Preferences. Remote login gives you a code which allows you to log in from afar. Apple’s web page has documentation which explains how to use these things.  Check it out.

I’ve known of companies which have used routers on dedicated lines to connect several LAN’s into one. Usually, a router can have hardware or software firewalls between them.

I think the point is that with the Internet you are communicating with a server who’s function is to provide you with a contact with other computers. On the LAN you are contacting another computer either directly or through a router.

iJack

Once again, it would be so nice if TMO had a setting to make these how-to’s printable.  Yeah, I could print my screen, but who wants all those ads?  Other Mac sites do it, so why not TMO?

DaMoose

Ujack,

I too find the inability of sending MacObservef to the desktop or wherever a problem. To solve it, I use Paparazzi to get a copy of a web site and then to a .jpg file. All you have to do is put the URL into Paparazzi click twice and there it is on your desktop.

WetcoastBob

Making a “How-to” printable is simple.  Highlight the text you want to copy.  Hit Command-C.  Then open Pages and Hit Command-V and you will have a document you can print containing the text of the “How-to”

It may be necessary to do some editing within the document to remove some material not relevant to the text.

Then all you have to do is print the Pages document.

iJack

@WestCoastBob - Most of these how-to’s contain pictures, as does this one.  I have done what you suggested many times, and it’s a real drag, hence my post above. 

I have also downloaded and tried Paparazzi, thanks to DaMoose’s suggestion, and while it’s a clever little tool, it still contains all the ads, which makes for an unsatisfactory PDF.

There are web sites that provide a simple “print this article” option for saving the body of the article with all illustrations, but no ads, or other extraneous materials.  Since TMO produce so many of these useful pieces, I am asking why they can’t go that one extra step, and allow us to save a PDF document on 8 1/2 x 11.

Dave Hamilton

Thanks for the comments about printing. We are (now) aware of this and working on a fix. Something funky grew into the CSS over the migration to our new CMS in the last year, and we’re battling that on this issue right now, but we’ll succeed in the fight (of course, if we have any CSS gurus that care to lend a hand… let us know!).

Thanks,
-Dave

iJack

Thank you, Dave.  It’s good to know our comments are being “heard.”

Log-in to comment