Who's There? Firewall Advisor
User's Guide

Getting Started

System requirements


Basic concepts

When your Macintosh is connected to the Internet, security risks are introduced, especially with full-time connections such as are common with cable and DSL hookups. It is assumed that you have chosen to install a machine-specific firewall on your Macintosh in order to address this risk. It is the job of a machine-specific firewall to block certain incoming accesses and (possibly) allow others, on the machine it runs on, and record its actions in a log file. The log file contains critical information about accesses and attempted accesses to your machine, but the data is somewhat cryptic, and there is often a great deal of it. Who's There? helps you analyze and understand the firewall's log file. Who's There? runs on the same machine as the firewall (and firewall log file).

In order to understand what Who's There? does, some basic concepts must be understood. For more information, see Open Door's security book, Internet Security for Your Macintosh and iPhone, accessible through the Who's There? Book menu (the relevant chapter and section are indicated after each item below).

Your firewall documentation should also cover these concepts in more detail.


Installation & quick start

  1. Make sure you have a firewall running on your machine, and that logging is enabled (12, Features). Who's There? analyzes the access attempts actually logged by your firewall. If you want Who's There? to have the maximum amount of information, you should set your firewall to log both allowed and denied access attempts. Usually your firewall will be configured this way by default. Otherwise you can set logging options, usually in the firewall's preferences.
  2. Install Who's There? anywhere on your hard drive.
  3. Log in as a user with administrative privileges (if you're the only user of the machine, you should have admin privileges), and then double-click the Who's There? application. Who's There? will look for a log file to process, in this order:
    1. /Library/Preferences/DoorStopX.log
    2. /Library/Preferences/WhosThere.log
    3. /Library/Application Support/Norton Solutions Support/Norton Personal Firewall/Norton Personal Firewall Log
    4. (Tiger only) /var/log/ipfw.log

After Who's There? opens and reads a firewall's log, it then displays the main window, shown below in Figure 1.

Figure 1. Main window

The default view of the main window (Access History) lists all access attempts in the firewall log file for the past 7 days. The screen is sorted by date and time, but you can change the sort order by clicking the column headings. You can use the three popup menus on the left side of the screen to change which log lines are listed in this screen. For instance you can only show access attempts that are considered high risk by Who's There? or only access attempts denied by your firewall. You can further refine which lines are listed through the filter field in the center of the top area.

You can also view passages from Open Door's security book Internet Security for Your Macintosh and iPhone related to the service specified in a selected line. With a line selected, choose "View eBook" from the Book menu, or type Cmd-E.

Who's There? can also list summaries of access attempts by either service type or IP address. Click on the tabs at the top of the main window to switch to these summaries.

There are a number of operations that can be initiated from any of the Who's There? windows. Simply click on a line in the window and then choose one of the three buttons on the right hand side. These buttons will bring up a second window, shown below in Figure 2.

Figure 2. Who's There? dialog

This window also has tabs which control the information displayed. Using the various tabs you can:

For details on the features and controls of Who's There?, read Main Window, Who's There? Dialog, and Other Windows, For a description of how to use Who's There? to investigate potentially malicious activity, read Investigating Accesses.


Upgrade installations

To upgrade from Who's There? 2.0 or later, simply replace the application with the new one and re-run the application. If you're upgrading from a version of Who's There? prior to 2.0 however, you'll also need to reenter any preferences that you were using. Such items could include settings for:

You'll also need a new serial number for Who's There? 2.3, except when upgrading from Who's There? 2.1. See "Purchasing Who's There?" below.


Purchasing Who's There?

If you are using an evaluation copy of Who's There? and wish to purchase a serial number, please visit our order page, use the Purchase menu item in the Who's There? menu, or click the Purchase button in the Who's There? startup splash screen.


Related products

Who's There? is part of a the DoorStop X Security Suite, a comprehensive set of three integrated products.

Back to Table of Contents
Back to What's New
Forward to Main Window