Tentative Mac OS X 10.5 Leopard recommendation: Wait for a firewall fix
I’m alarmed by early words about Mac OS X 10.5’s firewall:
• By default, it’s turned off
• When it’s turned on, rules are set by application instead of by service
• Even when explicitly disabled, some ports are advertised on the LAN and can be accessed.
If this is true, it’s bad news.
Is it true? According to a report from Heise Security, Leopard’s firewall is a step backwards from the firewall in the previous version, Mac OS X 10.4 Tiger.
As mentioned earlier, I haven’t yet installed Leopard. I still intend to do so, but on a test system only – which is cocooned safely inside my LAN and guarded by two hardware firewall appliances.
If the firewall is as porous as this early reports says, I won’t be putting Leopard onto my everyday work machine until Apple fixes it. The MacBook Pro travels widely and connects to public WiFi networks. The firewall is critical.
My tentative recommendation is to hold off on any deployments of Leopard until Apple addresses the issue, or until other organizations can verify (or refute) what Heise reports.
If you, dear reader, hear more about this, one way or another, please let me know.