Walling In the Mac

Let's face it -- the times, they are a-changing. Mac users no long surf the Web in a protective bubble that keeps them safe from the bad stuff lurking online.

Apple (Nasdaq: AAPL) boasts that Macs get almost zero viruses and malware infections. Security experts insist that was never really the case. Whatever sparse exposure to harm the Mac OS has granted to Apple users in the past is eroding.

The Mac's market share is growing steadily, making the Mac computer line ever more attractive to money-hungry hackers who prey on unprotected machines. Those worry-free days are sure to end soon.

It's time for Mac users to take some basic steps toward safer computing. For users who want to protect themselves against unforeseen hacker intrusions, MacNewsWorld has compiled a roundup of five firewall applications for the Mac.

Bare Bones

The above introduction is not to imply that all Mac users are completely unprotected. Apple includes a basic Unix firewall, dubbed "IPFW" (ipfirewall) in the Mac OS X.

However, setting it up or even activating it takes some work. Apple includes a brief description of IPFW in the computer documentation.

Apple added the first GUI (graphical user interface) configuration interface for the bundled firewall with Mac OS X 10.2, the Jaguar version. In the Panther version, or Mac OS X 10.3, Apple added just a bit more elaboration.

Mac users running pre-Jaguar versions of Mac OS X have to configure IPFW using the Unix command-line and configuration file or with a third-party GUI configuration utility.

Norton For Macs

One of the newest firewall entries for Mac users is the Norton Personal Firewall For Macintosh by Symantec (Nasdaq: SYMC) (US$69.95).

This product includes an application for configuring Apple's integral IPFW firewall and extends the feature set of that firewall through kernel extensions.

The Norton Personal Firewall works with Mac OS X 10.1, 10.2 and 10.3. Via an update to version 3.0.3 or later, this product is also compatible with Mac OS X 10.4 (AKA "Tiger").

The Norton firewall component is also integrated into Norton Internet Security 3.0 For Mac, which includes antivirus, privacy control and additional security features.

Sharing a Wall

Flying Buttress is a Mac firewall by Brian Hill may be familiar to long-time Mac users as BrickHouse, and it's the only shareware product in our Mac firewall roundup. You can try a fully functional version of the product for a limited period of time at no cost. To continue beyond that, you must register as a continuing user for $25.

Flying Buttress is an application for configuring Apple's on-board IPFW firewall. It offers a broad set of configuration and logging options that add greatly to Apple's basic firewall. For instance, it provides for advanced firewall configuration, logging and IP sharing options.

Version 1.3 requires Mac OS X 10.3 (Panther) or later. Earlier versions work with Mac OS X 10.1 and 10.2.

Other features allow setting firewall filters that include qualifiers on host or network addresses, filters that operate on other than TCP (transmission control protocol) or UDP (user datagram protocol) protocols and filters that cover the whole range of IPFW qualifiers, such as IP options, ICMP (Internet control message protocol) types or TCP flags.

Old-Timer

OpenDoor Networks' DoorStop X ($49) was one of the first Macintosh firewalls available independent of Apple for Mac OS 8.1 in 1998. It features a simple configuration interface along with the ability to restrict access to services based on IP address ranges.

DoorStop X enables users to add enhanced logging and other features not present in Apple's interface to its integral IPFW firewall. It requires Mac OS X 10.3 or 10.4.

DoorStop X features include the ability to define different protection settings and preferences for different network environments. It also lets users define logging options on a service-by-service basis.

DoorStop X disables IPv6 by default, but users can set it to allow IPv6 if desired. It also has updated service names and ports.

Security Guard

Sustainable Softworks' IPNetSentryX ($60) looks for suspicious behavior and triggers a filter to block the potential intruder. The firewall includes a set of pre-configured triggers along with the ability for users to add custom triggers.

IPNetSentryX has advanced firewall intrusion detection features that include bandwidth allocation, bandwidth accounting, Ethernet bridging, AirPort configuration and detailed logging. It supplements Apple's own built-in firewall.

This Mac firewall uses a less aggressive approach with the filtering structure than other Mac-based firewalls. This method makes the product much easier to configure or debug compatibility conflicts. It also is very flexible in specifying what traffic to allow and what responses to present to network events.

A Handle on the Vandals

Intego's NetBarrier X4 ($79.95) is sold as a stand-alone product or is bundled with other Intego products, such as Intego Security Barrier. NetBarrier X4 filters data bidirectionally using a full set of basic filtering rules set by default. Users can customize protection by creating their own rules.

This firewall includes an antivandal feature that detects incorrect access passwords and protects against denial of service attacks. An Internet filter feature scans outbound packets for personal data such as credit card numbers and passwords. The Internet Privacy feature checks cookies and ad banners and protects against hostile Java applets and browser plug-ins.

NetBarrier X4 works with Mac OS X 10.1, 10.2 and 10.3 and is compatible with Intel-based Macs. Other features include the ability to set firewall rules to time period schedules and the ability to disable and re-enable rules. Also, users can switch hosts from the Stop List to the Trusted Group. The firewall also detects available AirPort or WiFi networks.