Cracks in the Mac OS X Leopard firewall

[lifi]

I surfed a little bit in net around and saw this article:

 

In the course of functional testing, heise Security has discovered a series of problems and peculiarities in the way the firewall in Apple's new operating system behaves. These may have an effect on system security. As with previous versions, by default the firewall in Mac OS X Leopard is deactivated. But even if the user activates it manually, the system is far from sealed off.

 

The major purpose of a firewall is to refuse access to uninvited guests. In particular, this means sealing off local services to prevent access from potentially hostile networks, such as the internet or wireless networks. However, the Leopard firewall fails miserably in this respect. In tests carried out by heise Security it was possible to communicate with the time server from remote even with the firewall set to "Block all incoming connections" - even when the Mac was directly connected to the internet via a DSL connection. The time server is started automatically by the system. In wired LANs, the NetBIOS name server from the Samba package is also active and, despite the firewall, accessible.

 

With the configuration set to the more flexible "Set access for specific services and applications," the firewall even allows access to arbitrary services started by the user -- regardless of whether or not they are in the list of shared services. Therefor a trojan horse could open a backdoor, that is accessible over the internet despite the firewall being activated.

 

Whether or not the accessible services represent an acute security problem is hard to judge. The fact that Apple uses versions of open source software in which bugs have already been found and documented by the developers is cause for concern. Apple uses version 4.2.2 of ntpd. The current version is version 4.2.4. It is not clear whether Apple has either fixed any relevant bugs in this version or back-ported fixes from more recent versions.

 

Prior to Service Pack 2, the Windows XP firewall was also deactivated by default and it was possible to access system services from the internet. Only after the emergence of worms such as Lovsan/Blaster and Sasser, which rapidly infected millions of Windows computers via security vulnerabilities in system services, did Microsoft change this.

 

 

for people who like to read more: link

with a second look

 

What do you think?

[Azurael]

Most people are behind NAT and a software Firewall is a waste of time anyway....

[empreality]

Mac OSX = Flaws?

 

Holy {censored}, the world is coming to an end!!!

[Sabr]

Mac OSX = Flaws?

 

Holy {censored}, the world is coming to an end!!!

 

All newly released operating systems come with problems. Take XP or Vista for example.

[Conroe Mac]

*L* some people are so sheltered.

[Forceman]

Actually it does stealth all your ports so someone trying to scan for your computer gets no response. It's not like Leopard has a security nightmare on it's hands like XP with Blaster, it's only because of that they enabled the firewall in SP1.

 

Take this article with a pitch of salt with small fingers.

[Darryljohn]

I use AVG on the PC. Have a DDWRT Router, so that usually sorts out what can be and cant be let through.

[peach-os]

guys.....did you realize that this topic is 3 years old ?

[Hernandez]

As for me for protecting mac i prefer use ProteMac NetMine.It’s really good firewall.