Quantcast
Subscribe to magazine

Leopard's Firewall a 'Mess,' Breaks Skype, Says Researcher

Gregg Keizer, Computerworld

  • 0 Yes
  • 0 No

Leopard's firewall is confusing, inconsistent, switched off by default and incompatible with some applications, a security researcher said Friday after analyzing the new security tool.

"This firewall is a mess," Rich Mogull, a security consultant and former Gartner Inc. analyst, said after spending two days digging into the new firewall's capabilities. "It's a step back from Tiger's firewall. I was originally pretty bullish on Leopard's security, and I still am on the concepts, but the implementation makes most of its advances ineffective or unusable."

Firewall Options

The firewall in Mac OS X 10.5, a.k.a Leopard uses a bare-bones interface -- earlier this week, Mogull called it "so simple as to be nearly useless" -- that offers users three options:

-- Allow all incoming connections

-- Block all incoming connections

-- Set access for specific services and applications

Other settings let users switch on the stealth mode, which is supposed to cloak all ports on the Mac, preventing attackers from even "seeing" the machine when scanning the Internet for open ports, and probing for potential victims. After a Leopard upgrade, the firewall is set to the first, "Allow all..." which means, in fact, that the firewall is switched off. Users with machines that had the firewall turned on also saw their firewall turned off after Leopard was installed.

"'Block all...' does seem to block actual connections," said Mogull, "but any shared ports are detected as 'open/filtered' on a port scan." And unless users turn on stealth, some services -- Bonjour, Apple's network device locating technology, is one -- are seen as open by scans, no matter what firewall setting is selected. Only by using "Block all..." with stealth enabled are shared services actually invisible.

"In short, 'Block all...' seems to block inbound connections but ports show as open/filtered," he said. "Stealth mode works, partially, but some ports still show on a port scan no matter what. Bonjour is always accessible, unless you're in stealth mode."

Those inconsistencies pale against the firewall's ability to break some applications without warning. While testing the firewall's "Set access..." option, Mogull discovered that Leopard prevents some applications from running.

  • Recommend this story?
  • 0 Yes
    0 No

"Leopard's Firewall a 'Mess,' Breaks Skype, Says Researcher" Comments

Related Security Articles

More Related Security Articles
  • Myth of the Million Dollar Database Think only the big boys can afford the best database solutions? Think again. Learn about low cost systems that have proven time and time again to outperform legacy UNIX vendors on a dollar for dollar basis.
  • The Future Sales Force - A Consultative Approach This white paper discusses the challenges of selling complex products and services, and the new skill sets sales professionals must employ in today's evolving market.

PC World's Marketplace

PC World's Free Whitepapers

Name City
Address 1 State Zip
Address 2 E-mail (optional)