The Firewall In The Mac OSX Leopard Is Mostly Useless, Say Experts
"Best firewall – no firewall" has been a common joke in the IT world for some time. However, it seems that Apple has taken it for serious, and their latest released OS goes to prove it.
November 1, 2007
As Heise Security's report points out, the firewall included in the Leopard OS managed to fail every security test performed by the firm. Jurgen Schmidt writes:
“The most important task for any firewall is to keep out uninvited guests. In particular, this means sealing off local services to prevent access from potentially hostile networks, such as the Internet or wireless networks.
But a quick look at the firewall configuration in the Mac OS X Leopard shows that it is unable to do this. By default it is set to "Allow all incoming connections," i.e. it is deactivated. Worse still, a user who, for security purposes, has previously activated the firewall on his or her Mac will find that, after upgrading to Leopard, the system restarts with the firewall deactivated.”
Also, it seems that the firewall is also unable to to make the difference between trusted networks and networks that present a certain risk; Leopard will treat them all the same, at least initially.
Of course, there's always the possibility of blocking all incoming connections, but this time the option won't be much help either. The report points out that potential attackers will still be able to communicate with at least two system services, the time server and the NetBIOS name server.
The report notes that the “problems and peculiarities described here are not security vulnerabilities in the sense that they can be exploited to break into a Mac”. However, it suggests that Apple users would do better not to rely on the firewall for the time being.