Apple Fixes 'Misleading' Leopard Firewall Settings

4 for 52 writes "ZDNet is reporting that Apple has fessed up to at least three serious design weaknesses in the new application-based firewall that ships with Mac OS X Leopard. The acknowledgment comes less than a month after independent researchers threw cold water on Apple's claim that Leopard's firewall can block all incoming connections. The firewall patches come 24 hours after a Mac OS X update that provided cover for at least 41 security vulnerabilities."

modes

In all honesty, why don't integrated firewalls have a basic/advanced settings mode?
Basic is ideal for most folks, but if you're so inclined just click on the advanced tab and not only have more configuration options but also a through, detailed explanation oh what the firewall is actually doing.

That'd be a great feature.

Re:As usual, other considerations...

[Rodyland]

I agree wholeheartedly with your post. What I objected to mostly was the way the OP explained away why it was broken like it didn't matter. It does matter when companies put out software that doesn't do what it says it does, moreso when it's security software and what it doesn't do is make things more secure.

Don't explain it away with "the apple experience". Apple stuffed up badly, and now have fixed it. Simple

Now they need to fix the Printing options

[Paul+Pierce]

In Tiger I had a bunch of drop-down options, like, say, hmmm, 'selection only' or say, duplex. This is entirely gone in Leopard for the printers that I have tried (i.e. HP 4050).

There is an app online that can do this for you, but it seems to only be for native programs (Safari, mail, etc...). Is it just me or should those options be built into the OS.

Everything else on Leopard has been very impressive, most of all it sped my computer up. Everything is faster, which I find very impressive for a new OS (ahem, buy-a-new-computer-4-me Vista).

OT: IPv6 still isn't working for me.

[Just+Some+Guy]

I upgraded from Tiger to Leopard last week and love it, except that I can no longer use IPv6. I've triple-checked my router, address, and prefix length manual settings and they're all correct. I just can't get out of the machine at all:

$ ping6 www.kame.net
ping6: nodename nor servname provided, or not known
$ ping6 2001:200:0:8002:203:47ff:fea5:3085
ping6: UDP connect: No route to host
$ ifconfig -a | grep inet6
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet6 ::1 prefixlen 128

Even though I have an address and router set up, it doesn't seem to be actually configuring any interfaces to use them. Another machine on the same network has no trouble:

$ ping6 www.kame.net
16 bytes from 2001:200:0:8002:203:47ff:fea5:3085, icmp_seq=0 hlim=55 time=207.462 ms
16 bytes from 2001:200:0:8002:203:47ff:fea5:3085, icmp_seq=1 hlim=55 time=206.939 ms
16 bytes from 2001:200:0:8002:203:47ff:fea5:3085, icmp_seq=2 hlim=54 time=339.163 ms

Even our old CRT iMac running Tiger works perfectly. Is anyone else successfully using IPv6 on Leopard? Is there some new gotcha that everyone but me knows about?

mod this one up 100 ...

[rs232]

'"Software firewall" is an oxymoron. A firewall is a physical box that sits between two networks, filtering the exchange of information between them'

And you only really need a firewall if you are running services on ports that you don't want visible on the Internet. And in this day and age a firewall is next to useless as so many services are being piggybacked over HTML, in order to bypass the firewall ...

was Re:Oxymoron

802.1X still broken

[Greatmoose]

10.5.1 (revised) is out, and 802.1x is STILL broken. The really scary part is when we talk with the Apple reps and system engineers, they uniformly tell us that "we don't know a whole lot about 802.1x." Ummm, what? You've had 802.1x since 10.3. I won't even go into how long MS has had 802.1x compatibility. C'mon Apple, FIX YOUR SHIT!