More 10.5.1 firewall questions
Well, I confess I do not have Leopard installed yet. But I am planning on upgrading soon, and I've been reading about the firewall fuss with great interest, and I'm too curious to wait until I actually have it installed to ask some questions about it. I
think I have absorbed most of the discussions and controversies and what 10.5.1 has addressed, but I do have a few points of confusion:
1) From this article <http://docs.info.apple.com/article.html?artnum=307004-en> and this article <http://www.heise-security.co.uk/news/99104>, it sounds like in "Allow only essential" mode, any root services except the few listed are blocked, but in "Set Access" mode, they are all by default allowed incoming connections, unless explicity blocked (which assumes that you have knowledge of their existence). What could the possible rationale of this be? Why shoudn't there be a "Allow only essential, with these few exceptions that I am granting" mode?
2) Does "Allow only essential" now really mean that? Can we take that literally now? Does that mean in this mode, only those few listed services will accept incoming connections? No signed applications, either signed by Apple, or previously signed by user authorization while in "Set Access" mode?
3) Does the signature of an "auththorized" app carry over if it is copied to another machine? If I make a copy of a signed app and copy it onto my friend's computer, will it still be signed and sneak through the explicit authorization process? Or is the signature machine-specific?
4) On this page <http://www.macworld.com/article/131116/2007/12/firewall.html> is a screenshot showing a sample list of "authorized" applications-- on this list are apps like Safari and Cyberduck. I don't understand-- these are not server apps, why would you have to authorize incoming connections for them? Shouldn't these apps work even in "Block all connections" mode?
5) On the firewall screen is the statement "Mac OS X normally determines which programs are allowed incoming connections. Select this option if you want to allow or block incoming connections for specific programs." I guess I don't understand what it implies and why it is there. Does "normally" mean in "Allow all incoming connections" mode? In that case Mac OS X isn't doing squat, it's simply allowing everything through. Does it mean in "Essential" mode? In that case Mac OS X isn't really applying any brain power either, it's just blocking (mostly) everything. To me, that statement sounds like it's trying to say "Mac OS X does a pretty good job of figuring stuff out on its own, but if you really want to be picky...", when in reality, Mac OS X "normally" isn't really determining anything. Am I missing something?
Thanks for satisfying my curiosity...
-dave
1) From this article <http://docs.info.apple.com/article.html?artnum=307004-en> and this article <http://www.heise-security.co.uk/news/99104>, it sounds like in "Allow only essential" mode, any root services except the few listed are blocked, but in "Set Access" mode, they are all by default allowed incoming connections, unless explicity blocked (which assumes that you have knowledge of their existence). What could the possible rationale of this be? Why shoudn't there be a "Allow only essential, with these few exceptions that I am granting" mode?
2) Does "Allow only essential" now really mean that? Can we take that literally now? Does that mean in this mode, only those few listed services will accept incoming connections? No signed applications, either signed by Apple, or previously signed by user authorization while in "Set Access" mode?
3) Does the signature of an "auththorized" app carry over if it is copied to another machine? If I make a copy of a signed app and copy it onto my friend's computer, will it still be signed and sneak through the explicit authorization process? Or is the signature machine-specific?
4) On this page <http://www.macworld.com/article/131116/2007/12/firewall.html> is a screenshot showing a sample list of "authorized" applications-- on this list are apps like Safari and Cyberduck. I don't understand-- these are not server apps, why would you have to authorize incoming connections for them? Shouldn't these apps work even in "Block all connections" mode?
5) On the firewall screen is the statement "Mac OS X normally determines which programs are allowed incoming connections. Select this option if you want to allow or block incoming connections for specific programs." I guess I don't understand what it implies and why it is there. Does "normally" mean in "Allow all incoming connections" mode? In that case Mac OS X isn't doing squat, it's simply allowing everything through. Does it mean in "Essential" mode? In that case Mac OS X isn't really applying any brain power either, it's just blocking (mostly) everything. To me, that statement sounds like it's trying to say "Mac OS X does a pretty good job of figuring stuff out on its own, but if you really want to be picky...", when in reality, Mac OS X "normally" isn't really determining anything. Am I missing something?
Thanks for satisfying my curiosity...
-dave
iMac G5, Mac OS X (10.4.11)