Several blogs have jumped on an entry in the Leopard 10.5.1 update log that reads, "In Security preferences' Firewall tab, the "Block All" option is now called "Allow Only Essential Services"."
They've taken this to mean that Apple didn't do anything about the "holes" in the firewall, and simply resorted to changing the text in the dialog.
This couldn't be further from the truth.
Read one line further and you'll find a mention of "security updates", of which there are three, and all three of which detail changes made to the firewall software. For example:
The "Block all incoming connections" setting for the Application Firewall allows any process running as user "root" (UID 0) to receive incoming connections, and also allows mDNSResponder to receive connections. This could result in the unexpected exposure of network services.This update addresses the issue by more accurately describing the option as "Allow only essential services, and by limiting the processes permitted to receive incoming connections under this setting to a small fixed set of system services: configd (for DHCP and other network configuration protocols), mDNSResponder (for Bonjour), and racoon (for IPSec).
The other entires are also written in developer-speak.
Translated, it means that when "Only essential services" is selected only a few critical services are still visible and that those are sandboxed from the rest of the system and that they're limited to a few distinct protocols to boot.
While many expected "Block All Connections" to mean just that, there's a conflict between blocking everything and between having a Mac act like a Mac and doing the things that Mac users expect them to do.
Remember, security is about allowing users to do what they want with a system, while preventing things they don't want happening from happening, especially without their permission.
If I turned off networking completely and stuck my computer into a locked vault it would be very secure... but not very useful.
If you're out in public and you're still worried, go to System Preferences > Security > Firewall > Advanced Mode and check "Enable Stealth Mode". That way your average everyday port scanner won't even see your machine.
But don't leave this option on when you get home, or file and printer sharing, iTunes syncing, and other features won't work since no other systems will be able to see your machine either.
Still ought to be a "block all" option. How hard would it be to put up a dialog if it was selected saying "if you do this x and y will no longer work". Are you sure you want to do this?
Posted by: James R. Taylor | November 17, 2007 at 04:54 AM