Is the firewall enabled in Mac OS X by default, or not?
I just bought a new MacBook, as I'm stepping down from owning a Pro and moving to a MacBook/iMac setup (more on that later), and I noticed something a little disconcerting: after going through the generic setup out of the box, Mac OS X's firewall was not enabled by default. I didn't fiddle with any settings during the initial boot and setup (besides entering a password for my wifi network and my .Mac credentials - about the only settings you can fiddle with), and I spotted this strange quirk in the Sharing Preference Pane when going to name my machine before the initial .Mac sync.
What gives? Is Mac OS X 10.4's firewall enabled by default or not? I honestly don't remember which exact version of 10.4 this MacBook shipped with (I ran Software Update immediately on startup and only caught this firewall quirk after the restart), and I'm certainly not some certified, 6-figure security expert - I'm only reporting what I saw with this initial setup.
So does anyone know what's going on? Discussions about Mac OS X's (and 10.4 specifically) inherent security often cite the firewall being turned on by default - though that clearly wasn't the case with this machine. What say you, TUAW readers?
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 3)
k said 5:09PM on 9-18-2006
Yep, Firewall is off by default, at least it was on my MacBook
Reply
Ricky Murray said 5:12PM on 9-18-2006
i just recieved a macbook last friday and i just checked and the firewall was not enabled...
Reply
Paul Dunlop said 5:10PM on 9-18-2006
It's always off. It's a common misconception that the OS X firewall is on by default. It never has been as far as I'm aware.
Reply
henrrrik said 7:18PM on 9-18-2006
As far as I know it isn't enabled by default. IMO it doesn't matter as long as no network services accepting connectings are running on the machine by default.
A default installation of Ubuntu Linux doesn't even have a firewall for that same reason.
Reply
Enoch said 5:13PM on 9-18-2006
I set up alot of computers for work and firewall has never been turned on by default for any of them.
Reply
jf said 5:13PM on 9-18-2006
Always off by default. In fact, I don't think I've ever turned it on. Come and get me.
Reply
Eli Hodapp said 5:14PM on 9-18-2006
Who cares? I've never had my firewall turned on, and my Mac sits on an external IP.
I'm not worried about it.
Reply
Zack Kitzmiller said 5:16PM on 9-18-2006
Firewall was NOT enabled on my MacBook or iMac.
Reply
Travis said 5:26PM on 9-18-2006
None of my Mac's (iBook, iMac, MacBook Pro) have had the firewall on. It just seems that it's included, but not turned on by default.
Reply
Mark Fleser said 5:24PM on 9-18-2006
When my 24" iMac came the firewall wasn't on...shipped w/ 10.4.7.
Reply
Travis Bell said 5:24PM on 9-18-2006
If you ask me though, it should be off by default.
There are way to many users out there who might be using some type of app requiring port "x" to be open and lets face it, lots of people don't even know what a firewall is let alone how to enable/diable to open ports for one.
This is an effort to keep tech support low and the initial user experience high.
Reply
Mark D. said 5:24PM on 9-18-2006
Whoa, off for me, and I could have sworn I enabled it when I bought this MBP several months ago.
I'm not techincally too worried, but this is good to know since I rather prefer having a firewall active when on public networks (unlike at home, where I usually site behind the router's firewall unless I open ports or set the DMZ.)
I'm also kind of suprised, with Apple priding itself on offering a secure OS while not enabling the firewall by default doesn't sync. On the other hand, Microsoft didn't enable XP's built-in firewall by default either until SP2, so it's not like Apple was out of place as far as default configurations go.
Reply
Gene said 5:27PM on 9-18-2006
I don't think that the Mac OS firewall has ever been on by default -- I believe that this misperception comes from the fact that Mac OS sharing services are off by default, meaning file sharing and other services that provide a route into the computer. Out of the box, a Mac has no open ports to exploit. You have to turn them on yourself.
These kinds of services are often ON by default in Windows; or at least, they were when this issue first surfaced a few years ago.
Reply
cbuck said 5:29PM on 9-18-2006
I don't that I have ever had a new 10.X Mac with the firewall enabled out of the box. But then again, I am a CONSTANT tweaker, who could remember?
Reply
Mike said 5:30PM on 9-18-2006
Being a BSD variant, Darwin doesn't have unnecessary services on by default. You don't need to firewall an application that isn't running.
If you want some entertainment value, research nmap, then point it at a Mac...You won't learn much!
Reply
mike said 5:32PM on 9-18-2006
"Discussions about Mac OS X's (and 10.4 specifically) inherent security often cite the firewall being turned on by default"
Can you backup this statement with some links? As far as I know the firewall has NEVER been enabled by default.
Reply
David said 5:32PM on 9-18-2006
It makes perfect sense for it to be off by default. Having it on would lead to the frustration of users who want it to 'just work'. Even with the firewall off, I have a lot of confidence in OS X to repel hackers anyway. They can't install spyware or run executables remotely, so....what's the big deal?
Reply
Mike said 10:40PM on 9-18-2006
Bah, I'll save you the effort:
scdlelinux01:/home# nmap -p 1-32767 -T insane 10.33.135.108
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-09-18 15:23 MDT
Interesting ports on 10.33.135.108:
(The 32766 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
5000/tcp open UPnP
Nmap finished: 1 IP address (1 host up) scanned in 324.357 seconds
scdlelinux01:/home#
Reply
Jerry Nick said 5:44PM on 9-18-2006
Here also: Off by default. Wasn't never before turned on by default.
Reply
Fizzy said 5:54PM on 9-18-2006
The Firewall (in all versions of OSX) has always been "OFF" by default. That's the first thing I do after a fresh install. I wish Apple would leave it "ON" be default for the non-technical Mac users.
Reply