14.6. Using Outbound Firewalls
Scanning the files on your disk (and new ones you download) is an effective way to locate known malware, eradicate it, and, in many cases, undo the damage it may have caused. However, one particular category of malware — spyware — has a sufficiently broad and vague definition that you could easily have programs installed that covertly send out information you'd prefer to keep private, even though the programs themselves wouldn't typically be considered illegitimate. If you're especially cautious (or paranoid), you might want to consider using special software that can watch for outgoing connections and either block you or alert you. Programs that can do this are known as outbound firewalls because they monitor connections your Mac initiates with other computers on the Internet, as opposed to conventional firewalls, which monitor inbound traffic from other computers trying to contact your Mac.
Although I understand the spirit of wanting to be fully in control of all information your Mac sends out to destinations unknown, I must admit to having a strong negative bias against outbound firewalls. It's true that such a program could identify a covert trojan or keystroke logger sending out your passwords or an ordinary application "phoning home," sending its developer details about your computer, your location, and other potentially personal details. However, in practice, much more than 99.9% of outbound Internet traffic is completely aboveboard and useful ...
Get Mac® Security Bible now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
