Quantcast
PCWorld.com is upgrading some back-end systems. Some site features, such as user registration, may be temporarily unavailable.
Subscribe to magazine

Leopard's Firewall a 'Mess,' Breaks Skype, Says Researcher

Gregg Keizer, Computerworld

  • 0 Yes
  • 0 No

Leopard's firewall is confusing, inconsistent, switched off by default and incompatible with some applications, a security researcher said Friday after analyzing the new security tool.

"This firewall is a mess," Rich Mogull, a security consultant and former Gartner Inc. analyst, said after spending two days digging into the new firewall's capabilities. "It's a step back from Tiger's firewall. I was originally pretty bullish on Leopard's security, and I still am on the concepts, but the implementation makes most of its advances ineffective or unusable."

Firewall Options

The firewall in Mac OS X 10.5, a.k.a Leopard uses a bare-bones interface -- earlier this week, Mogull called it "so simple as to be nearly useless" -- that offers users three options:

-- Allow all incoming connections

-- Block all incoming connections

-- Set access for specific services and applications

Other settings let users switch on the stealth mode, which is supposed to cloak all ports on the Mac, preventing attackers from even "seeing" the machine when scanning the Internet for open ports, and probing for potential victims. After a Leopard upgrade, the firewall is set to the first, "Allow all..." which means, in fact, that the firewall is switched off. Users with machines that had the firewall turned on also saw their firewall turned off after Leopard was installed.

"'Block all...' does seem to block actual connections," said Mogull, "but any shared ports are detected as 'open/filtered' on a port scan." And unless users turn on stealth, some services -- Bonjour, Apple's network device locating technology, is one -- are seen as open by scans, no matter what firewall setting is selected. Only by using "Block all..." with stealth enabled are shared services actually invisible.

"In short, 'Block all...' seems to block inbound connections but ports show as open/filtered," he said. "Stealth mode works, partially, but some ports still show on a port scan no matter what. Bonjour is always accessible, unless you're in stealth mode."

Those inconsistencies pale against the firewall's ability to break some applications without warning. While testing the firewall's "Set access..." option, Mogull discovered that Leopard prevents some applications from running.

  • Recommend this story?
  • 0 Yes
    0 No

"Leopard's Firewall a 'Mess,' Breaks Skype, Says Researcher" Comments

 

Featured APC Accessories

  • APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
  • APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.

People who read this also read:

  • 15 Minutes to a Secure Business Get the Secure in 15 toolkit starting with the "15 Minutes Month-at-a-Glance" calendar. McAfee will send you additional tools and tricks to stay protected around the clock.
  • A Buyer's Guide to Data Protection Implementing data protection products and processes can be daunting. Make the right decisions by exploring what is available and what makes sense for your organization. Use this simple guide to evaluate different vendor offerings.

Sponsored Links