You've heard it before, but it's worth repeating: The best security comes in layers. The focus of this article will look at one layer of security in particular, firewall software, and dissect the differences between Intego NetBarrier X9 and macOS High Sierra's firewall.
Apple's macOS High Sierra has a firewall built-in to prevent malicious incoming connections, and you may even be using it right now, but how does it compare to Intego NetBarrier? Do both firewalls offer the same protection or is one superior to the other? These are all great questions that we'll clear up, but first, let's cover some basic questions you may have about firewalls.
Why do I need a firewall?
You need a firewall because the information on your Mac is valuable, not just to you but to others as well. Names, passwords, credit card details, contact lists, tax return information, and browsing habits are just a few of the things that can be used to make a quick buck by someone with malicious intent. If someone can get access to your system, through either hacking or the use of malware, such information, and much more, can be collected and taken. This information can then be used by that person directly or sold online.
The best firewall will alert you when a connection attempt is made to or from your Mac, monitoring both incoming and outgoing connections, so that you can decide if it's something you initiated and want to let through or not. The most basic firewall will only prevent unauthorized applications, programs, and services from accepting incoming connections.
How does a firewall work?
All the connections made to and from your Mac are analyzed and compared to one or more lists. One example of such a list is one with approved applications and conditions in it. Skype may be allowed to send and receive data, but only to specific ports or domains. A firewall can have different rules set up based on location; for example, at home incoming network traffic from the local network is trusted, but when you're at Starbucks using their Wi-Fi it is not.
At home, you may want an application or process to accept incoming connections, but at work you may not. While the initial training of a firewall may take some interaction and time, the firewall has to learn your preferences and behaviors. Of course, once that's done it will always follow your rules in the background. If a connection attempt is made that does not follow your rules, you will get notified.
You mentioned a better firewall option?
Indeed, there are great firewalls and good firewalls. You want your firewall to monitor both incoming and outgoing traffic, and unfortunately the macOS firewall only monitors incoming traffic. (Of course, monitoring incoming traffic is important.)
Hackers, port scans and other external attacks and probes need to be blocked, but what if your Mac was compromised by malware? Malware eventually phones home and this is an outgoing connection. The macOS firewall will let such connections go with no questions asked. What if you want to block metric and tracking connections made by applications? There are many scenarios in which you may want to block outgoing connections, and to do that and to allow more fine-tuned controls in general, the macOS firewall is simply not enough.
Enter Intego NetBarrier X9. Intego's NetBarrier X9 firewall software works much differently than macOS High Sierra's firewall. Here is an overview of the differences between the two firewalls.
The notion that less interaction with your software is better does not necessarily apply to security products. You want to have an easy setup and configuration process while maximizing protection.
The macOS firewall can be enabled and configured in System Preferences > Security & Privacy > Firewall, and enabling is as simple as clicking the “Turn On Firewall” button.
The macOS firewall has a default configuration, which you can pull up by clicking the “Firewall Options” button. Any sharing services you may have enabled will automatically accept incoming connections and the same goes for signed software. You may recall that most malware these days is signed by a valid certificate, so this option should really not be enabled, let alone by default. You can add or remove applications from the list and select whether to allow or block incoming connections.
This configuration is the same regardless of what kind of network you’re on. Home, at work, or on a public Wi-Fi network, the same settings apply unless you manually go in and change them each and every time. This is, of course, not ideal because different environments pose different security risks.
Intego NetBarrier X9 takes a different approach — it asks you during setup what kind of network you’re on, and then it automatically adjusts security settings based on the network environment.
Each location comes with its own pre-configured settings to ensure once the setup is done you enjoy maximum protection. The next step in the setup is a small guide that shows you what’s where, and once you close the tutorial you can start exploring and fine-tuning the firewall.
As I mentioned earlier, the macOS firewall lets you manually add or remove applications and select if they allow or deny incoming connections. Applications you don’t add and that don’t meet one of the criteria (being built-in to macOS or signed) will trigger a popup if they receive incoming traffic. This popup is a basic “allow” or “deny” window. That’s essentially the macOS firewall from start to finish.
During setup, NetBarrier X9 already showed you a selection of locations. Each location has its own configurations that you can tweak and edit until you have it exactly the way you want it. When you switch between locations, the configuration you set up will become active right away.
The following firewall settings can be configured using Intego NetBarrier:
You can select whether an application or process is allowed to receive incoming connections or create outgoing connections. If you’re not sure what the right choice is, then you can set it to “ask,” so it will alert you when a connection attempt is made. Here is an example:
Want even more control? Click the “Advanced” button for more options.
This view will show you the IP address or domain an application or service is attempting to connect to or receive connections from. You can then allow all connections or just this specific connection always or once. Granular controls like these are part of what sets NetBarrier apart from the macOS firewall.
And it’s not just applications that can be configured using NetBarrier. Services, custom domains, IP addresses and processes can all be managed as well. Don’t want an application or service to connect to a specific IP address and/or a specific port? You can set it up as an exception in just a few clicks. Not sure which ports or protocols a process or service needs? Select it from a list while setting up an exception and NetBarrier will set it up for you. For example, if you want to allow your VPN connection through at all times, but don’t know which ports or protocols it needs, you can select it from a list and all the right ports and protocols are set up for you.
More configuration can be done in the NetBarrier preferences. Here you can set a default profile that will be used when you join an unknown network and select if you want signed applications or system applications to automatically be trusted (NetBarrier does not trust signed applications by default).
Feedback and logging
Knowing what your firewall is up to can be very beneficial. This can help you fix any configuration issues you may have made or other behavior you may want to address. Feedback tells you what’s going on right now while logs show you what happened in the past.
The macOS Firewall provides no feedback, and as of High Sierra, has no logs that I was able to find. (I wish there was more to tell you, but there isn’t; no feedback and no logging.) Several places were checked and several tricks were tried to get some kind of logging going, but nada. This is not uncommon, apparently.
Intego NetBarrier offers both feedback and detailed logging. Feedback comes in the form of several animations that easily let you see what kind of traffic is being allowed or blocked, as well as which applications are listening for a connection, sending or receiving traffic.
You can also keep a floating window around that shows you live application feedback.
And, of course, a log can be pulled up at any time that shows you exactly what happened in the past.
Full customization, feedback, logging, different location profiles with their own configurations, ability to manage not just applications but also processes and services, and the power to protect both outgoing and incoming connections make Intego NetBarrier X9 a far superior firewall compared to what's built-in to macOS.
Apple's macOS firewall has not really changed in over a decade, but the threats targeting Macs and the security needs of Mac users have continued to evolve. A firewall product must adapt to these threats and needs in order to meet today’s expectations, and NetBarrier fits the bill.
- Intego NetBarrier X8 Compared to OS X Yosemite's Firewall
- Intego NetBarrier X5 Compared to Apple's Leopard Firewall
- Targeted Malware Attacks and the Importance of Layered Protection