Guess What? Mac OS X Leopard Has Security Issues.

One of the surprises that Wil and I found when we opened up Leopard and began to dig into the features was the lack of a firewall.

Rather, the firewall in Leopard wasn’t turned on by default, and users can no longer access firewall settings as they could in Tiger. What’s up with that?

A firewall is used to close off the TCP and UDP ports which allows your Mac to communicate with a network; home network or internet. In Tiger, firewall settings were accessible from the System Preference panes.

Most Mac users didn’t bother with the firewall other than to turn it on to access various sharing services; file sharing with other Macs, iChat, iTunes, and so on. The implementation of the firewall in Tiger was rather straightforward, but could get complicated for the non-geeky users.

The firewall in Leopard is positively in conflict with what most security experts call common practice. First, Leopard’s firewall, unlike the comparable firewall in Windows Vista, is turned off by default. Second, Mac users can no longer access port by port restrictions as they could in Tiger.

Does Apple know something about security issues and protocol that the Mac experts do not? Why did Apple “dumb down” firewall access in Leopard?

Security experts are unanimous in their confusion about Apple’s intentions, but all issue a few warnings. Problems on the horizon.

For example, Thomas Ptacek listed a point-by-point, love-it-if-you’re-geeky review of what Leopard gets wrong and right in security—both from the changes in System Preference access to the firewall, and all the really good security stuff Apple built in under the hood.

From what we can tell, Leopard has more security built in which will help prevent security issues later. Most users will never see those changes but will benefit from them.

In Leopard’s System Preferences, click the Security icon. That brings up the Security pane which gives you access to General settings, FileVault, and the Firewall tab. The firewall in Leopard is nearly an all or nothing proposition, though even nothing doesn’t totally close down a Mac as it did in Tiger.

Wil pointed out to me over the weekend that Leopard firewall has three basic settings, and no way, short of using the terminal or a 3rd party application, to dig in other firewall settings. Allow all incoming connections does what you expect. Access ports are open and ready to be used. That doesn’t mean anyone can take control of your Mac, because specific services still need to be accessed.

Block all incoming connections is the second setting, which supposedly blocks every port, though we found instances where that was not the case.

The final setting is Set Access for specific services and applications. This is where Apple makes life easier for the average user since OS X Leopard may ask you in a dialog box if a specific application can get through the firewall. You may also make manual changes. This is all less complicated than a port-by-port management of the firewall, but problems persist.

For example, in Tiger both TCP and UDP access could be prevented. In Leopard, UDP appears to be ignored and allowed. That’s a strange policy, a change or ‘dumb down’ from Tiger, and an issue whereby access to your Mac could be granted by your Mac to an intruder.

Another set of Leopard features that we like at Mac360 is Screen Sharing and Back to My Mac via .Mac. Screen Sharing works as advertised and is drop dead easy. So easy, that once your Mac connects to another Mac via Bonjour and you log in, Screen Sharing never logs out, leaving another Mac vulnerable to access from your Mac. That’s not much of a problem at home, but in an office it could spell disaster.

One of our favorite firewall tools comes from OpenDoor Networks, a long time publisher of a Mac firewall. They positively insist that Leopard users avoid Back To My Mac without making changes to your system.

On top of all the confusion regarding Apple’s odd security features behavior is news of another Trojan Horse for the Mac. Intego discovered the OSX.RSPlug.A malware which can cause your Mac some harm. Of course, it’s a Trojan, not a virus, so you actually have to visit a site, download it, and install it before the damage begins. Macworld has some details on what it is, what it does, how to avoid it. In a nutshell, be careful what you download.

For now, we love and recommend Screen Sharing, and when OpenDoor upgrades their DoorStop firewall utility for Leopard, we’ll give you a detailed rundown of how it works better than the firewall in Leopard.