October 31, 2007
Leopard’s firewall isn’t so hot
Posted Oct. 31, ’07, 6:29 AM PT by Derik DeLong
Category | Security
Our constantly online lifestyle has made a firewall a must for essentially every computer user. This is so much so that it’s hard to find an internet capable OS without one built in. These days, Windows enables its own by default. That’s great. Unfortunately, Apple still isn’t enabling OS X’s by default. And that’s the least of its worries.
Heise Security runs down several issues with Leopard’s firewall. They’re all worth our attention. First, in the normal operating mode (allow specific service ports), it doesn’t just open ports for the listed services. Rather, it allows any service started on the Mac to poke holes. That includes malicious software.
Further, there are some other services that Apple keeps running, like ntp and netbios that have open ports not listed in System Preferences. Now, you might argue that’s ok because you trust Apple to keep those services up to date (and relatively free of vulnerabilities). If you’re paranoid, you’d turn on the straight deny option of the firewall to close up all ports. That still wouldn’t protect you. NTP, for example, is still available, even in that mode.
This is one of those reasons that I still recommend the use of a router even with a single Mac (and turn off UPnP for the love of Pete). I hope Apple addresses these issues soon.
3 Comments
Leave a comment
Recent Entries
About MacUser
MacUser is your source for news, info, and opinion about Apple, the Mac, and the iPod. Our dedicated team of bloggers covers everything that is relevant to Mac users — and, okay, some stuff that’s not quite relevant, but is still a lot of fun.
Subscribe/RSS
- Blog Posts
- Blog Comments
- Podcast (RSS) (iTunes)
Tip us off!
- Email: macuser [at] macuser [dot] com
Recent Comments 
- vectr on Reunited: an Apple Remote and an Apple TV
- Slevin on Reunited: an Apple Remote and an Apple TV
- geeniusatwrok on Steve Jobs still parking in Apple's handicapped spaces
- Chris Comber on Psystar says Apple has trust issues
- Gianni Chiappetta on Television ads misleading? Say it ain't so!
- closethipster on Developer and iPhone software firm part company
Categories
- Apple (210)
- Advertising (148)
- Events (219)
- Huh? (170)
- Humor (251)
- News (143)
- People (239)
- Rivals (378)
- Speculation (154)
- Steve Jobs (156)
- Stores (196)
- Apple TV (56)
- Business (424)
- Games (137)
- Geekery (449)
- Hardware (885)
- Accessories (69)
- Intel Macs (161)
- Ihnatko (18)
- Internet (437)
- Legal (216)
- MacUser (91)
- Money (162)
- Music (328)
- Podcasting (98)
- Photography (70)
- Security (235)
- Software (1468)
- Updates (502)
- Tips (347)
- Troubleshooting (182)
- Video (379)
- Windows (205)
- iPhone (192)
- iPod (574)
- iPod Accessories (92)
- iPod Software (58)
- iTunes (109)
- iTunes Store (414)
Archives
- August 2008 (161)
- July 2008 (175)
- June 2008 (171)
- May 2008 (185)
- April 2008 (234)
- March 2008 (217)
- February 2008 (215)
- January 2008 (239)
- December 2007 (169)
- November 2007 (164)
- October 2007 (187)
- September 2007 (167)
- August 2007 (195)
- July 2007 (152)
- June 2007 (223)
- May 2007 (243)
- April 2007 (286)
- March 2007 (288)
- February 2007 (250)
- January 2007 (266)
- December 2006 (244)
- November 2006 (293)
- October 2006 (307)
- September 2006 (250)
- August 2006 (268)
- July 2006 (288)
- June 2006 (293)
- May 2006 (297)
- April 2006 (351)
- March 2006 (366)
- February 2006 (110)
- January 2006 (107)
- December 2005 (23)
Mac Publishing Sites
Links
I just installed Leopard last night and I can't make any sense of the Firewall preference pane anymore. Definite downgrade.
There appears to be a "work-around" for this problem. If you enable "Stealth Mode" those open UDP ports will be blocked.
I am an informations security professional and I struggled to understand the Firewall options. I just may open up the console and edit the iptables directly.