Researcher: Mac OS X Leopard's firewall is a mess

Apple may boast that its latest operating system, Mac OS X 10.5 Leopard, trumps Windows Vista in terms of features and functionality. However, one security researcher isn't too thrilled with the new Mac OS's integrated firewall. In particular, InfoWorld quotes security consultant and former Gartner analyst Rich Mogull as saying the Leopard firewall "is a mess."

Mogull asserts that Leopard's firewall is "so simple as to be nearly useless." It includes three main settings—allow all, block all, and only allow access to specific apps—as well as a stealth mode. However, even with the "block all" and "stealth" settings selected, some Apple services are still detected as open by port scans. Things go from bad to worse with the selective access mode, which Mogull says prevents some applications from running altogether.

When the "Set access...." mode is turned on, Leopard digitally signs applications that the user allows access to incoming communication. But if that application is subsequently changed -- say when it's updated to a new version -- the signature no longer matches, and the application won't run. While that's typical of firewalls, Leopard also blocks applications that change at runtime. Skype, the popular VoIP software and instant messenger, is one such program.

If the user has set the firewall to "Set access..." and runs Skype, the icon will bounce a time or two on the dock, but not load. Nor does Leopard tell the user that Skype has failed or why it won't launch. Only the Mac OS X Console gives a clue, with a message such as: 11/2/07 9:47:51 AM [0x0-0x35035][399] Check 1 failed. Can't run Skype.

Considering this type of problem with the "set access" setting, Mogull advises that users simply rely on their router's built-in protection instead of Leopard's firewall. He does nonetheless seem hopeful, saying "all of this is fixable" and "Apple clearly was a little rushed, but they're moving in the right direction."

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.