Leopard's Firewall Faulted by Security Researchers
by , 3:10 PM EDT, October 30th, 2007
Researchers at Heise Security have noted that, even after an upgrade from Tiger to Leopard, if the firewall was turned on in Tiger, it is turned off in Leopard, according to Robert Vamosi's C|Net Blog on Tuesday.
In addition, even if the Leopard firewall is once again turned on, some incoming connections will be allowed, determined by Leopard by default.Jürgen Schmidt, editor in chief at Heise Security said, for example, his team was able to query the NetBIOS Naming Service on the network even with the firewall on. His team also had a problem filtering UDP packets in Leopard [in the firewall].
Heise Security also faulted Apple for not including the latest version of Samba which has bug fixes. It's the same version as in Tiger.
TMO notes that Apple typically avoids confusion by keeping things simple for novices but offers a UNIX architecture that allows professionals to implement whatever they need. Also, in Leopard, the firewall has been moved from the Sharing System Preference to Security.