Holes in Leopard's firewall? ...

C

cmeisenzahl

Registered
What's the word on this? I've been using Tiger since the beginning and have been very happy with the firewall. Should this story be of any concern?

Holes in Leopard's firewall?
Although Apple is selling its new Mac OS X Leopard operating system on its improved security, researchers at Heise Security have already found fault with its firewall. Unlike with Windows Vista, the Apple firewall is not enabled by default and must be enabled by the end user. Even if you had the firewall enabled in a previous version of the Mac OS X, after an upgrade to Leopard the firewall will again be set to "Allow all incoming connections." It will be disabled.
http://www.news.com/8301-10784_3-9807471-7.html

Thanks!

Chris
 
Well, the story is true and Apple should be slapped left and right for allowing the story to happen this way. Let's hope nothing further arises from it (knock on wood!), but to ship Leopard Firewall disabled and have system-upgrades turn activated firewalls *off* ... sounds bad.
Apparently, there are some details in Heise's report that are misinterpreted (the off/filtered ports are stealth, i.e. they're protected). Doesn't change the overall feeling: Apple's lazy concerning security and is still selling us security as one of 300 "new features" in Leopard.
 
In Tiger, firewall gave me all ports "Stealthed" except one which reported "Closed" when I ran a Shields Up firewall test.
The best I can get in Leopard is 1 port "Stealthed" and all the remaining report "Closed" with the same Shields Up test.
I'm not sure what's going on here.

jb.
 
You must log in or register to reply here.
Back
Top