Leopard's Firewall Faulted by Security Researchers
Leopard's Firewall Faulted by Security Researchers
by , 3:10 PM EDT, October 30th, 2007
Researchers at Heise Security have noted that, even after an upgrade from Tiger to Leopard, if the firewall was turned on in Tiger, it is turned off in Leopard, according to Robert Vamosi's C|Net Blog on Tuesday.
In addition, even if the Leopard firewall is once again turned on, some incoming connections will be allowed, determined by Leopard by default.
Jürgen Schmidt, editor in chief at Heise Security said, for example, his team was able to query the NetBIOS Naming Service on the network even with the firewall on. His team also had a problem filtering UDP packets in Leopard [in the firewall].Heise Security also faulted Apple for not including the latest version of Samba which has bug fixes. It's the same version as in Tiger.
TMO notes that Apple typically avoids confusion by keeping things simple for novices but offers a UNIX architecture that allows professionals to implement whatever they need. Also, in Leopard, the firewall has been moved from the Sharing System Preference to Security.
Observer Comments
Vista is bulletproof!
The Death of 3rd Party Security Vultures and Such!
McAfee Inc., Trend Micro Inc., CA Inc. and especially Symantec, ... say goodnight! We are about to announce MS ForeFront 2.0!
Let me make it clear that while I have tolerated these "anti-virus" vendors for years, something about their very existence has not set very well with me. I mean, having a bunch of multi-million dollar companies that depend solely on there being bugs, leaks, holes, exploitables, mistakes, oversights and problems in Windows dosen't speak very well of Microsoft. They are like carrion, buzzards, jackels, ... protecting a rotten carcass from other smaller vermin. They always argue, "But, Bu-bu-but you need us!", maybe that was true in the past, but no longer!
VISTA IS BULLETPROOF!
None of these quacks bag of tricks are any longer necessary!
Between WGA and Forefront the OS and Genuine MS apps are totally impervious to attack! They are so secure that many times even the registered owners have trouble gaining access to the computer! So then how could any hacker?
These vultures will kick, choke and whine as the user-base realizes this truth, but I say good riddance, your success reflected badly on us anyway.
http://fakesteveballmer.blogspot.com
Wed Oct 31, 2007 6:14 am Subject: The story is fake! Heise don't know how to use nmap!
First off - Leopard does not need to run a single monolithic firewall. Leopard is specifically designed to grant network reception and send permissions on an app-by-app basis by default. Therefore, the firewall is actually always on. You have to make exceptions by opening up ports to allow file sharing, screen sharing, Skype, et. Otherwise, if you aren't running any servers, like sshd or "file sharing", a firewall is useless. Not running daemons that listen for outside connections is much more secure than a firewall. What a firewall is good for is allowing local network users access to services, while denying those services to other networks. But most of us have no need to run services at home, so a firewall is pretty much pointless.
If Leopard trusts the app/service (which is either trusted via cryptographic signature or by being initiated by the root user), it gets network access. Otherwise, it does not get access, plain and simple.
This means that in order to break in, you either have to have the cryptographic trust, or you already have to know the local machine's root password.
For the truly paranoid, the traditional firewall is sitting there in System Preferences, where you can turn it on at any time after installation. This will give you twice the protection that Vista could ever hope to give in its current state. So long as you don't use Windows Sharing (NetBEUI/NBT), a web server, ssh, NFS, or p2p... you generally have no need for a firewall if there's nothing on your box listening for inbound requests from the network (local or otherwise).
Comments are currently closed. Please email the author instead.
Recent Headlines - Updated November 8th
- Sat, 7:58 PM
- News - Apple TV 3.0.1 Update Fixes Missing Content Bug
- Fri, 7:45 PM
- Rumor - Taiwan Leak Shows Verizon UTMS/CDMA iPhone for Q3 2010
- 6:40 PM
- News - iPhone Moves Into RadioShack
- 6:30 PM
- News - Apple to Open Stunning Paris Apple Store in Le Louvre on Saturday
- 5:43 PM
- Free on iTunes - Dictionary, Dictionary, Dictionary, And More
- 4:09 PM
- John Martellaro's Blog - Particle Debris (week ending 11/6) Failure IS an Option
- 3:32 PM
- Games - The Latest App Store Games: Gravity Sling, RocketBird, Ground Effect, Checkers!
- 2:25 PM
- Games - Star Soccer 2010 for Mac Puts Gamers in Role of Up-and-Coming Player
- 2:15 PM
- How-To - The Mysteries of Rosetta Housekeeping
- 1:33 PM
- News - iPhone Game Developer Sued for Collecting User’s Cell Numbers
- 1:17 PM
- Games - Warhammer Online Expands Trial Play Option
- 11:19 AM
- Rumor - Apple May Be Bringing RFID to the iPhone
The Mac Observer Reader Specials
- TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com
RamJet Memory: Mac Pro 8-core 8GB Kit $199.99, 4GB Kits $109.99! Sale on MacBook and MacBook Pro 8GB kits $549.99! New MacBook DDR3 2GB for $49.99. iMac and Mac mini 4GB Kits for $79.99! 1TB SATA Hard Drives for $109.99! Click here
OWC: Mercury On-The-Go FW800+USB2 up to 1.0TB. Bus Powered, no external power supply needed. Macworld ‘Editor’s Choice’, CNET ‘Very Good’ Starting from $99.97, 500GB $159.99. Click here
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.

