Why you need DoorStop X on Mac OS X

Mac OS X ships with a basic firewall "built-in." So why should you use our DoorStop X firewall as opposed to the one included with Mac OS X? Good question. We have lots of good answers:

Ease-of-use. DoorStop X uses large, hard-to-miss icons to represent different services, actions and states, as opposed to Mac OS X's firewall which, as a System Preference pane, presents a limited, text-based user interface. Easy-to-use means less risks of mistakes that could compromise your machine's security. Additionally, the firewall's Setup Assistant guides you step-by-step through the process of securing your Mac's services.

DoorStop X firewall
Instabilities. Leopard (Mac OS X 10.5) included an entirely new and untried model for its firewall, and serious problems resulted. Although Apple addressed many of these problems in subsequent Leopard releases, and has continued to make changes in Snow Leopard (10.6) and Lion (10.7), issues remain. DoorStop X is a mature product, based on highly stable Unix firewall technology. Fully tested with Lion, it leaves one less thing to worry about if you've upgraded to 10.7.
Logging. Mac OS X's built-in firewalls have historically included very poor logging capabilities:
- Tiger's (10.4's) firewall logs only access attempts blocked by the firewall, but not those that make it through. So you see those attacks that don't get through the firewall, but don't see those (the more critical ones) that do, giving you a false sense of security. It also wipes out all its logging data periodically.
- Leopard's (10.5's) firewall logs both allowed and denied access attempts, but only to active services and applications, so you don't see most access attempts at all. Its log also lacks critical destination port number information.
- Snow Leopard's (10.6's) and Lion's (10.7's) firewall include destination port number information, but still do not log all incoming access attempts.
DoorStop X provides on-by-default logging of both allowed and denied access attempts, service-by-service logging options, log archiving and optional logging of low-level "UDP" attempts. So you'll have both the data you need to make conscious security decisions, and also a detailed, permanent history for any sort of forensic analysis you or anyone else needs to do on your machine. DoorStop's logging data is especially powerful when used with our Who's There? Firewall Advisor.

Who's There? Firewall Advisor
Protect specific ports and system services. The built-in firewall model is application based, and only lets you protect applications, not system services. Moreover you must protect either all of an application's services or none of them. DoorStop X lets you protect specific system services (for instance Bonjour or Kerberos), and also services within applications (for instance iChat's screen sharing). Flexibility is important when it comes to security.
Not an all-or-nothing approach. Mac OS X's firewall uses an "all or nothing" approach to security. If you want to provide, say, your home network with access to any particular service on your machine (like file, music or photo sharing), you need to have the firewall provide access to that service to everyone on the Internet. Especially when combined with the built-in firewall's severe logging limitations, opening up a service to everyone is a serious security risk.

The Mac OS X "built-in" firewall
DoorStop X lets you open up (or deny) a service to specific groups. You can open the service to only a specific Internet address, or to a range of addresses. You can also open the service to all machines on your home network, or to any other specific network.
Designed for mobility. DoorStop X lets you define "Location" sets that provide different protection settings and other preferences for different network environments, making it easy to move securely between, for instance, home, work and public wireless hotspots.
Part of an integrated solution. The DoorStop X firewall is one component of our comprehensive DoorStop X Security Suite, which also includes Who's There? and our book "Internet Security for Your Macintosh and iPhone" and its blog isfym.com and Twitter stream. Suite products work together to help you not only protect your Macintosh, but also to learn about and understand the underlying issues involved.
Macintosh Internet security is our business. We shipped the first Macintosh firewall, and have been in the business since 1998. We also have real-world experience as a Macintosh-focused ISP. And we literally wrote the book on Macintosh Internet security.