The list of applications that Apple’s new Mac OS X Leopard operating system cripples or kills is growing.
Heise Security—which on Oct. 29 warned that Leopard’s firewall is deactivated upon installation—on Nov. 5 reported that maybe it’s a good thing it’s deactivated by default, given that the firewall is tripping up programs by digitally signing applications on launch and can hamper program integrity as a result.
At this point, users are complaining that the VOIP (voice over IP) application Skype and the online game “World of Warcraft” are breaking after being activated from within the firewall. Some Adobe Creative Suite users on forums have also complained about performance under Leopard, with InDesign not launching, Photoshop running but occasionally crashing on launch and Illustrator running but crashing on quit.
On top of those problems, users had already been complaining for some time on Apple forums about wireless shriveling up and dying after Leopard installation. “When you connect to your wireless network, your transmit rate will be 54 (if you’re using the 54g standard). If you start up a download or something that occupies your bandwidth (even LAN traffic), you will notice that the transmit rate drops to 11, then to 3, then to 1 until finally your downloads will drop, your ichat connections will fail and your browser will not load pages,” a user with the handle of “nunofgs” wrote on an Apple forum on Oct. 26. Scores of users have since posted similar tales of wireless problems.
As far as the firewall’s crippling of programs goes, security consultant Rich Mogull said in a Nov. 1 posting that enabling the firewall in the “Set access for specific services and applications” mode causes Leopard to digitally sign applications on launch that aren’t already signed via Apple’s mechanism.
“If that application happens to change during run-time, as Skype seems to, the signature no longer matches and the application won’t run,” Mogull said. “There are no dialogs or warnings—the icon just dances on the dock for a few bounces then disappears.”
Heise Security’s Juergen Schmidt said in the Nov. 5 posting that the reason behind Leopard’s firewall misbehaving is that, in contrast to Tiger’s firewall, it’s no longer operating at the packet level but rather is working with applications, permitting or denying applications to perform specific network activities.
At issue is a new firewall feature that was introduced in Leopard: the identification of applications via code signatures.
Apple signs certain applications that are automatically allowed to communicate with the network past the firewall—a fact that’s not shown in the user interface—even with the firewall configured to block all incoming connections.
When applications without signatures try to open a network port, Schmidt said, the firewall will block it when set to block incoming connections. In restricted mode, the firewall will prompt the user for permission to start the service and then will record to an exceptions list whatever choice the user makes. If the program is subsequently changed, previously granted permission is withdrawn.
It gets sticky when applications perform their own self-integrity checks and decide that the file on the hard disk has been changed. Skype gets into trouble running on Leopard because the operating system’s firewall signature process changes the VOIP application binary on disk, Schmidt said. If a user tries to start it up from the command line, he or she gets a “Check 1 failed” message, meaning the system can’t run Skype. Those who start Skype from the GUI merely see a dancing symbol that then disappears without further comment, as happened to Mogull. Heise says that reinstallation is required to restore the application to normal function.
A similar problem is keeping
Apple did not reply to a request for comment.
