OS X firewall - how to make it actually work
in [UK Mac]
|
From: Woody on 21 Jan 2010 06:12 James Taylor <usenet(a)oakseed.demon.co.uk.invalid> wrote: > Woody wrote: > > > I have used VMWare server. It does mostly work but there is a good > > reason it is free. > > Oh dear, that doesn't bode well. > > > For servers it is mostly ok. For use as a desktop it is sluggish to say > > the least (ignoring its faffyness to run and set up). > > I can do without faffyness. Time is too short for much of that. Well, I did get it set up and probably the additional problems I had were becasue i had tomcat running, and it wanted to use that port so just failed to run. I didn't try it on linux, I put it on windows, where it failed to start all the services it needed. It worked when I started them though > immediate need for a VM platform is now so pressing that I will just > have to put this machine into service in an insecure configuration on > OSX, and worry about sorting out a Linux based system at a later date. Makes sense > It really would be a lot better if I could just find a way to disable > the OSX network daemons (they're just not needed when VMware guests are > bridged and have direct access to layer 2) or otherwise get the > application firewall to work properly (which I expected to be easier). Surely then you are just relying on the reliability of the firewall? I never trusted software firewalls, I mean if you allow the network you allow the network so you can fool the thing behind it > Frankly I'm astonished that the much advertised new Leopard firewall I obviously see different advertising than you as I have never seen an advert for the firewall? > doesn't actually work and there doesn't seem to be a big stink about it. > Indeed most Mac users believe their platform is the most secure system > in existence when in fact the exact opposite is true. Its not a fact though. It may be true, or it may not be, but it isn't a 'fact'. > Apple must be > doing some kind of mass hypnosis to pull off this scale of deception. Clearly that is the only possible answer, or maybe all mac users are retards. -- Woody
From: Richard Tobin on 21 Jan 2010 06:27 In article <7rqq7mFltfU1(a)mid.individual.net>, James Taylor <usenet(a)oakseed.demon.co.uk.invalid> wrote: >But all the system daemons get access regardless, even the ones >running as root! And then any non system process, or malware, can get >access through the firewall just by piping through netcat or similar. I don't follow this. Are you suggesting that some malware already on your machine would run netcat? What would this gain it? -- Richard -- Please remember to mention me / in tapes you leave behind.
From: Ben Shimmin on 21 Jan 2010 06:28 James Taylor <usenet(a)oakseed.demon.co.uk.invalid>: [...] > There is an increasing > shortage of time pressing upon me with the work I'm doing, It's amazing how much time you can save by the simple expedient of posting to usenet less often. b. -- <bas(a)bas.me.uk> <URL:http://bas.me.uk/> `It is like Swinburne sat down on his soul's darkest night and designed an organized sport.' -- David Foster Wallace, _Infinite Jest_, on American football
From: Woody on 21 Jan 2010 06:33 Ben Shimmin <bas(a)llamaselector.com> wrote: > James Taylor <usenet(a)oakseed.demon.co.uk.invalid>: > > [...] > > > There is an increasing > > shortage of time pressing upon me with the work I'm doing, > > It's amazing how much time you can save by the simple expedient of > posting to usenet less often. Heritic. -- Woody
From: D.M. Procida on 21 Jan 2010 06:47
James Taylor <usenet(a)oakseed.demon.co.uk.invalid> wrote: > D.M. Procida wrote: > > > I'm a little puzzled by your complaints. At the level you're speaking > > of, you're presumably not dealing with anything especially to do with > > Mac OS X; it's FreeBSD, isn't it? > > Well, I'm not sure. Is the launchd system and all the listening daemons > I listed earlier part of FreeBSD, or are they part of OS X? > > > In which case, you should be able to make it do anything that you could > > make FreeBSD do. > > Are you suggesting that I can install FreeBSD instead of OS X, or that > by using MacPorts I might be able to install FreeBSD features such as a > working application firewall, or some other approach? I don't know enough about it to answer. But I'd be surprised if you couldn't control the things you want to. Daniele |