The Realm of the Verbal Processor

Jarvis's Ramblings

Mac Leopard Firewall Holes

Mac’s new Leopard operating system included an “upgraded” firewall. However, according to security researchers (Leopard Has More Holes Than Spots), it’s not exactly an upgrade. Matter of fact it had some serious issues. Such as shutting off by default (even if you had the firewall turned on before upgrading). Such as having fewer options than the previous version for what to allow or block. Such as the “block all” firewall option not actually blocking everything.

Apple has since released a flury of patches to fix many of the issues, but it begs the question…why on earth did they think it was a good idea to turn OFF the firewall by default? Again…going back to a statement I made in my iPhone vulnerabilities post…didn’t they learn anything from mistakes Microsoft made in the past and fixed years ago…going back to XPSP2?

Another note: the patches that Apple released on November 14-15. There were 41 (yes, forty-one) patches released on the 14th to fix issues in OS X and Safari. Another three patches on the 15th to address firewall issues. [Note: in the comments below, nak mentioned that these numbers may be incorrect. I got the numbers from the article linked to above. I honestly don’t know who is right…nak or the article.] Never heard any uproar about that. Now…if Microsoft released 43 patches over a period of two days to fix a single OS…I am positive that there would have been all kinds of bad press about the “demon software giant” that keeps releasing shoddy software and has to release 43 patches in two days to fix it. In particular, I am confident that Mac users would have been gloating about the “idiots” running Microsoft software.

However…Apple gets a pass. No uproar. Nothing. Heck…I didn’t even know that there had been that many patches until an hour ago. For certain my Mac friends weren’t about to say anything to me!

Anyway, thinking about all of this finally got me motivated to write a post I’ve been contemplating for a while now…Why I do not want a Mac. And my reasoning has absolutely nothing to do with the technology…

November 28, 2007 - Posted by | tech


  1. The biggest problem is that Apple changed the UI for the firewall to something that makes it easier for a non-techie to understand, but did not initially explain how the firewall works, so everyone commenting on or trying to use the firewall was using invalid assumptions on its expected behavior. A normal user should not have to know about ports, etc. One big issue was that the firewall did was break some existing apps due to its digital signature methodology. You do not hear an uproar about patches because Apple’s patches usually fix bugs. There was and is an uproar about issues with Leopard, especially networking, but I do not suppose you are one who posts on Apple’s support forums.

    Comment by Taras | November 28, 2007

  2. I count 20 updates on 11/14 and three on 11/15. How exactly do you get come up with 41? Of the 20 released on 11/14, 8 are essentially a single update, packaged differently for different hardware (ppc or intel) and software editions (client or server).

    Only two of the updates are for Leopard itself. While both of the Leopard updates released on 11/15 may contain patches to the firewall, the third – a graphics firmware update clearly does not.

    How did you come up three updates on 11/15 to address firewall issues?

    If you install Vista now, and run Windows Update you actually will find 41 updates. If you install Tiger now and run Software Update you will find fewer than a dozen updates. Vista has been on the market for 1 year, versus 2.5 years for Tiger.

    Comment by nak | November 28, 2007

  3. nak,
    My info about the number and content of the patches came from the article that I linked to in the post. Not having a Mac, I have no way of verifying the number or content. If that information is in fact incorrect, I appologize for the mistake. I will make a note in the post pointing to your comment.

    You are right…I don’t post on Apple forums. :-) Thanks for the extra info on the issues.

    Comment by Jarvis | November 28, 2007

  4. I see by ad-libbing the content of the linked article it appears as though 41 patches were released. The update released on 11/14 (Mac OS X 10.4.11) may have contained “41 patches” but it also included a new version of Safari. Similar to how Microsoft released IE 7 (ostensibly a Vista feature) for Windows XP, Apple released Safari 3 (ostensibly a Leopard feature) for Tiger. I don’t think you’d count all the issues IE 7 fixes and proclaim that Microsoft released “2,961 patches” for IE 6.

    The single Leopard update released on 11/15 apparently addresses three issues with the firewall. Think “service pack.” I doubt you’d ever count every issue addressed in a service pack as a patch and claim that “Microsoft released 4,682 patches.”

    But at least you used the same method of counting as Apple when it counts up the 300 features in Leopard. Instead of calling a new DVD player one new feature, Apple manages to count it as six.

    All that being said, I don’t think Leopard is a stellar release. At least Apple got patches out fairly quickly. And it still stands that there are currently 41 separate “critical” or “recommended” updates for Vista.

    Comment by nak | November 28, 2007

  5. BTW, Apple does make a list of updates available here:

    If you click on an individual update there is a list of what that update addresses. Unfortunately, sometimes Apple is rather tight lipped and only lists “bug fixes,” or “compatibility fixes” in its change log.

    Comment by nak | November 28, 2007

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: