The Mac has a well-deserved reputation for being more secure than traditional Windows PCs. In fact, Apple is so confident that the Mac is more secure that Windows that the company does not even bother to turn on the built-in firewall in OS X.
That’s right. Surprise. There’s a free firewall already on your Mac to provide an extra layer of security, but it’s not running. To turn it on, simply open System Preferences, click Security & Privacy, click the Firewall button, turn it on (it’s off by default), and set the options.
Options? That’s where the fun begins. OS X’s built-in firewall has far more capability than Apple gives Mac users to access. If you’d like more control over which apps can connect to the outside world via network ports, try Murus, a front end for the built-in firewall already on your Mac. What you get for free is inbound filters, logging, a number of presets, port management, and rules capability (which is where firewalls start to get a bit geeky).
You won’t need to know much about firewall syntax, and there’s no code to type. Murus is friendly and features drag and drop as the modus operandi. The Lite version is free. Murus Basic comes with a nominal price tag (considering the value of a very secure Mac), but also adds outbound filtering and logging, port knocking, custom rules, and more. The Murus Pro version has all that plus manual custom rules, NAT and forwarding, and more (including the Murus Logs visualizer which gives you a graphical view of firewall logs).
For any Mac user who is more concerned about security and privacy than the average bear, even Yogi would recommend Murus. Start with the free Lite version and as your experience grows, upgrade as needed.
Need some eye candy to help you feel secure?
To this day I still have no clue why Apple doesn’t bother to turn on the built-in firewall. Hubris? Or, is it a customer support issue? After all, if all Mac users turned on the built-in firewall it’s likely that customer support problems would grow exponentially.