In Little Snitch, I allowed port 80 when a "google.com" popup appeared on my screen. I'm wondering if that was a good idea.
If a hacker installed a program on my Mac, and that program sent information to a server, would it go through "internet" and port 80? Considering this, is it safe to permanently allow port 80 traffic?
On the other hand, if I only accept "google.com on port 80" (instead of all sites on port 80) I get ten or 15 alert dialogs for each advertisement and service, on each website.
Best Answer
No.
If, for all processes.
Pretty much yes.
If, only for web browsing.
As @StuWilson has pointed out,
port 80is for http traffic andport 443is for https traffic. (http with TLS/SSL encryption).It's not necessary to allow all traffic of all processes on
port 80. But - for the sake of comfortable browsing - I strongly recommend enabling those ports for all traffic of webbrowsers like Safari or Chrome.For comparison, this is my setup of Chrome in HandsOff!:
Basic communication
Allow all outgoing network connections on port 443 (https)Allow all outgoing network connections on port 80 (http)Allow all domain resolvingSync
Allow all outgoing network connections to talk.google.com on port 5222Other (e.g. media)
Allow all outgoing network connections to atracktive.collegehumor.com on port 9090 (websm)Setting up a firewall can be quite a hassle. Generally - when I've expected a certain connection to build up, and know what it's for, I allow it. But you should only interfere network connections when you know what you're doing.
Many system processses regulary build up (local) network connections that are certainly valid. If you don't know how to guard a firewall, you become the first security risk for your own computer. Make sure to educate yourself on network protocols when building your own firewall.