OS Firewall Being Disabled

When the PIA client starts to connect, it completely shuts down the Mac OS firewall. Does anyone know if this is dangerous and if it exposes the machine to hackers, and if there are any ways to fix this?

Would turning the firewall back on again after PIA has connected be helpful?

Comments

  • edited June 19 Posts: 6
    I don't think it matters too much as all the traffic from PIA is firewalled anyhow. I've never used firewall on OS X as it plays havoc with certain sites and apps I use.

    have a look at this article: http://www.makeuseof.com/tag/mac-really-need-firewall/

    I recommend an app such as Little Snitch or Hands Off for limiting what apps can send/receive traffic.

    Post edited by OSXer on
  • edited June 19 Posts: 360
    That sounds like an OS issue, not PIA. The PIA app is nothing more than a GUI to configure OpenVPN. OVPN is the engine used to setup and connect the VPN. So, if, and this is a big if, anything is causing your FW to showdown, it will be OpenVPN or one of it parameters.
    Post edited by Omnibus_IV on
  • Posts: 540
    That sounds like an OS issue, not PIA. The PIA app is nothing more than a GUI to configure OpenVPN. OVPN is the engine used to setup and connect the VPN. So, if, and this is a big if, anything is causing your FW to showdown, it will be OpenVPN or one of it parameters.
    False. The PIA app does indeed disable the OSX firewall and has been doing so since at least ver. 63. PIA has never given a credible reason for why they disable the OSX firewall. I won't use the PIA app for this very reason, and many other reasons. Plainly put the PIA app is buggy and even dangerous.  I use Viscosity instead, but there are other OpenVPN app options too, such as Tunnelblick.

    OSXer is correct about using Little Snitch. I use it myself, along with the OSX firewall. I will never use an app by a company that thinks it prudent to disable my firewall without even telling me, and telling me why. Is there another app in the entire world that does that?
  • Posts: 360
    Have to disagree with you. If PIA has the ability to overwrite OSX then Apple is violating their own standard of their closed architecture. This is the main reason why people will jailbreak their phones, to gain control.

    You may believe that PIA has that power over OSX however, I do not.

    JMHO
  • edited July 20 Posts: 540
    Believe what you want, Omnibus. Apparently you haven't been around here long enough to know the kind of insanity that PIA is capable of perpetrating in the name of "security," including crippling an inherently secure OS. And why are you implying that it's somehow Apple's fault that PIA is hacking their OS? Is it also Apple's fault that PIA disables OSX LAN? This too has been a huge issue since at least ver. 55.

    Do a little searching in the forums and you'll discover that dozens of OSX users have complained of the same problem, and it's been going on since ver. 54. Here's just one of many examples.

    PIA has never denied that they disable the OSX firewall. In fact they've admitted it. Their so-called Support has been confronted about it many times in the past two years and have yet to fix it. As I've said elsewhere, PIA is a marketing company, and they're very good at marketing. They are not a technically savvy or competent networking business.
    Post edited by tomeworm on
  • Posts: 181
    When the PIA client starts to connect, it completely shuts down the Mac OS firewall. Does anyone know if this is dangerous and if it exposes the machine to hackers, and if there are any ways to fix this?

    Would turning the firewall back on again after PIA has connected be helpful?
     https://helpdesk.privateinternetaccess.com/hc/en-us/articles/115000442028-Why-Does-The-VPN-Disable-The-Firewall-
  • Posts: 360
    Then I stand corrected. :)
  • edited July 20 Posts: 540

    Why Does The VPN Disable The Firewall?


    "PIA disables the firewall because it implements its own one and blocks any traffic that's not to or from the VPN server."

    Now there's an brilliant answer! Spoken like a true PIA Tech Support prevaricator, umm, I mean genius.

    Sorry PIA. The correct answer is: "We're a bunch of freaking morons who don't know how to write code that's compatible with OSX. So we'll just hack the OS to disable the firewall. And then we'll pawn that off as 'security'."

    Can anyone show me even just one other vpn service in the entire world that does this? No? Didn't think so.

    Like I say, use the PIA app at your own peril. If they actually think disabling the OSX firewall is a good idea then how can we have any confidence that their app doesn't have other major flaws in it too?
    Post edited by tomeworm on
  • edited July 20 Posts: 181
    tomeworm said:

    Why Does The VPN Disable The Firewall?


    "PIA disables the firewall because it implements its own one and blocks any traffic that's not to or from the VPN server."

    Now there's an brilliant answer! Spoken like a true PIA Tech Support prevaricator, umm, I mean genius.

    Sorry PIA. The correct answer is: "We're a bunch of freaking morons who don't know how to write code that's compatible with OSX. So we'll just hack the OS to disable the firewall. And then we'll pawn that off as 'security'."

    Can anyone show me even just one other vpn service in the entire world that does this? No? Didn't think so.

    Like I say, use the PIA app at your own peril. If they actually think disabling the OSX firewall is a good idea then how can we have any confidence that their app doesn't have other major flaws in it too?
    I gave you an answer to the question stated above whether you believe it or not is not my problem.

    Have a great day.

    ~ Private Internet Access VPN Customer.
    Post edited by OpenVPN on
  • Posts: 540
    Hey OpenVPN, no reason to take my reply personally. It wasn't directed at you. It was directed at PIA tech support.
  • Posts: 181
    tomeworm said:
    Hey OpenVPN, no reason to take my reply personally. It wasn't directed at you. It was directed at PIA tech support.
    Oh I know but there's also absolutely no reason to insult them either because they're human beings and they do their very best to provide the most secure and private Internet experience. I just think you should cut them a break.
  • edited July 20 Posts: 540
    OpenVPN said:
    Oh I know but there's also absolutely no reason to insult them either because they're human beings and they do their very best to provide the most secure and private Internet experience. I just think you should cut them a break.
    There are dozens of reasons to insult them, all of which are well deserved.

    And just how long should I cut them some slack for? 1 year? 2 years? 3 years? Seriously. Just how long should we have to wait before they fix the messes they've created? The reality is I cut them slack month after month after month. They release one new "update" after another only to have the same exact bugs and defects, and they even introduce new bugs and defects with new "updates." A lot of us were more than patient and cut them all kinds of slack. Where did that get us?

    You may think me rude and demanding. But believe it or not I've been more than patient.

    PIA spends a fortune on marketing/hype. If they took just 10% of their marketing budget and spent it on R&D, and hiring competent tech support people, instead of marketing hype, they wouldn't have so many angry customers.
    Post edited by tomeworm on
  • Posts: 181
    tomeworm said:
    OpenVPN said:
    Oh I know but there's also absolutely no reason to insult them either because they're human beings and they do their very best to provide the most secure and private Internet experience. I just think you should cut them a break.
    There are dozens of reasons to insult them, all of which are well deserved.

    And just how long should I cut them some slack for? 1 year? 2 years? 3 years? Seriously. Just how long should we have to wait before they fix the messes they've created? The reality is I cut them slack month after month after month. They release one new "update" after another only to have the same exact bugs and defects, and they even introduce new bugs and defects with new "updates." A lot of us were more than patient and cut them all kinds of slack. Where did that get us?

    You may think me rude and demanding. But believe it or not I've been more than patient.

    PIA spends a fortune on marketing/hype. If they took just 10% of their marketing budget and spent it on R&D instead they wouldn't have so many angry customers.
    Why are you so upset by the firewall being disabled? How exactly does this affect user experience for computer performance?
  • Posts: 540
    OpenVPN said:
    Why are you so upset by the firewall being disabled? How exactly does this affect user experience for computer performance?
    Do you enable the firewall on your router? If so do you know why? How exactly does this affect user experience for computer performance? If PIA could figure out a way of having their app disable the firewall on your router would you be okay with that?
  • Posts: 181
    tomeworm said:
    OpenVPN said:
    Why are you so upset by the firewall being disabled? How exactly does this affect user experience for computer performance?
    Do you enable the firewall on your router? If so do you know why? How exactly does this affect user experience for computer performance? If PIA could figure out a way of having their app disable the firewall on your router would you be okay with that?
    Yes, I do have a firewall enabled on my router. I have never enabled firewalls which are built into the operating system. This thread is specifically referring to the firewall that is built into Mac OS being disabled when the application is running. I have no problems.
  • Posts: 540
    So you're okay with PIA hacking your OS? I don't know of a single security expert who would be okay with any of this. It raises too many red flags. But if it doesn't bother you then don't let me deter you. If they take down your firewall what else are they doing to your OS without your knowledge? How exactly have you determined that you "have no problems"? The reality is you can't be sure.

    What we can be sure of is that PIA made a technical decision to shut off the OSX firewall not because it complies with Apple best practices (doing so accomplishes just the opposite) or because it's a good security measure (just the opposite!). They did so only because they're too technically incompetent to write an app that functions within the framework of OSX. No other vpn app in the world does this, only PIA.

    There are honest vpn providers who, rather than cobbling together shabby OSX apps acknowledge they lack the programming expertise to do the job right and recommend their customers use a third party OpenVPN app like Viscosity or Tunnelblick. PIA should either do that or hire a competent programmer and finish the job properly.


  • edited July 20 Posts: 181
    tomeworm said:
    So you're okay with PIA hacking your OS? I don't know of a single security expert who would be okay with any of this. It raises too many red flags. But if it doesn't bother you then don't let me deter you. If they take down your firewall what else are they doing to your OS without your knowledge? How exactly have you determined that you "have no problems"? The reality is you can't be sure.

    What we can be sure of is that PIA made a technical decision to shut off the OSX firewall not because it complies with Apple best practices (doing so accomplishes just the opposite) or because it's a good security measure (just the opposite!). They did so only because they're too technically incompetent to write an app that functions within the framework of OSX. No other vpn app in the world does this, only PIA.

    There are honest vpn providers who, rather than cobbling together shabby OSX apps acknowledge they lack the programming expertise to do the job right and recommend their customers use a third party OpenVPN app like Viscosity or Tunnelblick. PIA should either do that or hire a competent programmer and finish the job properly.


    PIA VPN doesn't hack your operating system or compromise the security of your computer or mobile device. It simply establishes a secure connection from your Device to one of their servers (which you pay them to access.) When establishing this secure connection PIA establishes it's own firewall in order to prevent various leaks. If they were hacking our Devices Apple would never allow them to make their application available for download on the iOS app store. Apple only allows companies and vendors who are strictly vetted by them to have their applications on the IOS app store. If you dislike this service so much why are you still paying for access to their network? Please explain that to me.  When you install the application you gave the application permission to control your network settings which is how they're able to change your DNS resolution and shut off your IPv6 Signal. If you don't like it cancel your subscription and switch to another provider, it's that simple.
    Post edited by OpenVPN on
  • Posts: 540
    OpenVPN said:
    PIA VPN doesn't hack your operating system or compromise the security of your computer or mobile device. It simply establishes a secure connection from your Device to one of their servers (which you pay them to access.) When establishing this secure connection PIA establishes it's own firewall in order to prevent various leaks. If they were hacking our Devices Apple would never allow them to make their application available for download on the iOS app store. Apple only allows companies and vendors who are strictly vetted by them to have their applications on the IOS app store. If you dislike this service so much why are you still paying for access to their network? Please explain that to me.  When you install the application you gave the application permission to control your network settings which is how they're able to change your DNS resolution and shut off your IPv6 Signal. If you don't like it cancel your subscription and switch to another provider, it's that simple.
    You're implying that Apple has somehow given an official stamp of approval to PIA's OSX app because its iOS app is on the Apple iOS store? Now you're just being dishonest by loading up the discussion with logical fallacies. Thanks but no thanks -- I won't engage in a debate with a prevaricator.

    You are free to bow down and worship PIA and think they're the greatest thing since sliced bread (falls jelly-side up every time) and I am free to be critical of their OSX app (which I haven't used in almost two years), and their pathetic support which grows worse by the day. It's one of the wonderful things about free speech and a free market economy. We get to patronize who we want while also being critical of their failures and shortcomings.
  • Posts: 181
    tomeworm said:
    OpenVPN said:
    PIA VPN doesn't hack your operating system or compromise the security of your computer or mobile device. It simply establishes a secure connection from your Device to one of their servers (which you pay them to access.) When establishing this secure connection PIA establishes it's own firewall in order to prevent various leaks. If they were hacking our Devices Apple would never allow them to make their application available for download on the iOS app store. Apple only allows companies and vendors who are strictly vetted by them to have their applications on the IOS app store. If you dislike this service so much why are you still paying for access to their network? Please explain that to me.  When you install the application you gave the application permission to control your network settings which is how they're able to change your DNS resolution and shut off your IPv6 Signal. If you don't like it cancel your subscription and switch to another provider, it's that simple.
    You're implying that Apple has somehow given an official stamp of approval to PIA's OSX app because its iOS app is on the Apple iOS store? Now you're just being dishonest by loading up the discussion with logical fallacies. Thanks but no thanks -- I won't engage in a debate with a prevaricator.

    You are free to bow down and worship PIA and think they're the greatest thing since sliced bread (falls jelly-side up every time) and I am free to be critical of their OSX app (which I haven't used in almost two years), and their pathetic support which grows worse by the day. It's one of the wonderful things about free speech and a free market economy. We get to patronize who we want while also being critical of their failures and shortcomings.
    You can believe whatever you want, I don't care. I don't think I could say anything that could convince you otherwise.
  • Posts: 540
    OpenVPN said:
    You can believe whatever you want, I don't care. I don't think I could say anything that could convince you otherwise.
    You could start by being honest. That would help your credibility, thereby making you more believable.
  • Posts: 181
    tomeworm said:
    OpenVPN said:
    You can believe whatever you want, I don't care. I don't think I could say anything that could convince you otherwise.
    You could start by being honest. That would help your credibility, thereby making you more believable.
    For all we know you could be a PIA competitor.
  • Posts: 360
    OpenVPN's credibility is sound.
  • Posts: 181
    OpenVPN's credibility is sound.
    Thank you.
Sign In or Register to comment.