NetBarrier X5

Intego's NetBarrier X5 security suite offers several tools to protect your Mac from vandals and criminals. Its centerpiece is the NetBarrier firewall, but the package can also block cookies while your surf the Web, scrub personal data afterwards, and block Trojan horses. While NetBarrier X5's features are generally good, the $50 program has enough peculiarities that some users will be better off with the firewall tools that come with OS X for free.

Intego sells NetBarrier in several different forms: single-seat licenses, multi-user versions with a management console, bundled with antispam and antivirus programs, and a "Dual Protection" package that combines Mac and Windows coverage. I tested just the single-seat NetBarrier X5 itself, not the bundles. You can buy annual updates to the program's filters, but Intego says it will provide free upgrades of the program itself until the next major upgrade.

Firewall foundations

The NetBarrier installer loads the suite itself, plus Intego's NetUpdate service (which keeps Intego software current), and some shared components used by other Intego software. All told, a default installation includes four applications, three widgets, a kernel extension, and various other bits. If you change your mind later, you'll need to use Intego's uninstaller to get rid of it all.

A Setup Assistant walks you through a simplified explanation of the programs' features and suggests some reasonable default settings; for users with more knowledge, those settings are quite configurable.

Once launched, the application is nicely laid out and informative. If you're curious about what your Mac is up to, NetBarrier's Services display, as well as with its Log and Traffic windows, show you network activity on a dozen different gauges. OS X's Activity Monitor offers several of the same traffic metrics, but NetBarrier does a better job of presenting the information in a friendly and intelligible manner.

The biggest question about NetBarrier X5 is: Why? Mac OS X Leopard offers two firewalls of its own (the classic ipfw, which filters network traffic by port and address, and the application firewall introduced in Leopard, which is what you configure from its System Preferences: Security interface). So if OS X has two firewalls of its own, why would you want to spend money on NetBarrier X5?

For starters, NetBarrier X5 is much more configurable than Apple's implementation of ipfw. If you want the advanced protection of ipfw, but don't want to spend the time configuring it (either from the command line or using a free configuration tool such as NoobProof), NetBarrier is a good option.

I was pleased, for example, that NetBarrier X5 offers a "Client, local server" firewall option, whereby your Mac can access resources anywhere on the Internet, but won't accept incoming connections from anywhere but the local subnet(s)--an option I have long wished Apple would implement. (If you're on a public network, such as at a cafe or library, the "Client only" option, which blocks incoming probes even from the same network, is probably safer.)

NetBarrier doesn't offer anything its own equivalent to Leopard's socket firewall for restricting incoming network connections on an application-by-application basis. But just as you can use both ipfw and OS X's socket filter at the same time, you can run NetBarrier X5 and Apple's socket filter together. Additionally, NetBarrier's anti-spyware feature controls outgoing connections on an application-by-application basis, complementing the socket filter's incoming control.

Despite those configuration options, however, NetBarrier X5's protection can sometimes backfire. For example, I have an Apple TV on my wireless network. For whatever reason, NetBarrier decided that the Apple TV was attacking the Mac it is paired with, and automatically added the Apple TV to its Stop List. Because I had enabled the program's e-mail notifications feature, NetBarrier sent me a message saying me it had detected an attack. But that e-mail didn't say it was also automatically adding the Apple TV's network address to the blacklist. Such alerts should be clearer.

It's easy enough to move devices from the Stop List to the Trusted Devices list. It's also possible to add a range of addresses (such as all devices on my home network) using wild-cards (you enter the first part of the IP addresses you want to block, followed by asterisks). Unfortunately, this feature isn't well documented; when I contacted Intego tech support, they didn't know about it. I also wish NetBarrier had a "watch and learn" mode, in which it recorded all network access for later review without interfering with that traffic.

Privacy protection

In addition to its traditional firewall protection, NetBarrier X5 can restrict Web sites' access to your cookies and other private data. If you are dissatisfied with Safari's Private Browsing or Firefox's Clear Private Data settings, NetBarrier's privacy protections are worth checking out.

Unfortunately, like the firewall, those protections can be problematic. In my testing, they kept Netflix, Facebook, and the TiVo web interface--and, presumably, other sites that rely on cookies for their basic functionality--from working properly. When you add a domain to the cookie filter, you get an alert warning that enabling that option "may prevent you from accessing web sites that require Cookies to be enabled." That alert should be stronger; again, the program's communications should be clearer.

Washing Machine, included in the base NetBarrier X5 package, reviews and removes traces of Internet activity, such as cookies and browser history, from Web browsers and other programs that access Web sites. While Safari and Firefox can do the same, other programs--such as news readers and Help Viewer--aren't always so security conscious, so Washing Machine is a nice addition.

Whenever I had a problem with any of NetBarrier X5's components, Intego support was responsive: They provided generally reasonable answers to e-mail queries within 24 hours. However, for some complaints--including my Apple TV issue--Intego did not seem to understand what I wanted, or why it mattered.

NetBarrier X5's documentation does a decent job of explaining the concepts and features of the firewall, but it can be rather verbose and doesn't provide all the technical detail you might want.

Macworld's buying advice

NetBarrier X5 provides a good set of features for preventing malicious access to your Mac from the Internet. Its default settings should offer good protection for network novices, and it's eminently configurable for more experienced users. But its tendency to block perfectly legitimate traffic--both in firewall and privacy-protection modes--could cause havoc for many users. As such, don't buy unless you're prepared to spend some time trouble-shooting and tweaking the software.

This story, "NetBarrier X5" was originally published by Macworld.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.