The list of problems with the firewall bundled with Mac OS X Leopard operating system is growing.

Not only is Leopard's firewall deactivated upon installation it also trips up Skype and online gaming applications. Both German security news service Heise and security blogger Rich Mogull encountered the problem, the latest in a series each has discovered with the firewall.

Mogull traced (http://securosis.com/2007/11/01/leopard-firewall-code-signing-breaks-skype-and-other-applications) the issue to the firewall's (application security) code signing features. Leopard signs applications on launch that aren’t already signed via Apple. The approach is designed to create a mechanism to block malware from altering executable files.

Unfortunately, some applications, such as Skype, may change as they run. This can cause a signature mismatch, and a refusal by the firewall to allow the application to run. Reinstalling the application fixes the problem, but is hardly convenient.

Heise has a similar diagnosis (http://www.heise-security.co.uk/news/98492) of the problem, which has also affected World of WarCraft gamers, it notes. Postings (http://forums.worldofwarcraft.com/thread.html?topicId=2647255853&sid=1&pageNo=2#35) on World of WarCraft forums suggest a reinstall of the game is needed to get around the bug.

In personal firewalls for Windows with application firewall settings, such as Zone Alarm, users with admin privileges can manually change program privileges. Apple's failure to include something similar in Leopard's firewall in causing problems for some, but by no means all, users.

Reg Hardware editor, Tony Smith, who recently carried out a review (http://www.reghardware.co.uk/2007/11/05/review_osx_leopard_pt_1) of Mac OS X Leopard, reports that he was able to get Skype operating through the new firewall without any problems. ®

Related stories

Mac security site littered with malware (12 March 2008)
http://www.channelregister.co.uk/2008/03/12/mac_security_site_malware_infestation/
A better way to build OS X preferences (11 March 2008)
http://www.channelregister.co.uk/2008/03/11/mac_secrets_preferences/
Skype blocks poison movie peril (18 January 2008)
http://www.theregister.co.uk/2008/01/18/skype_security_vuln/
We know security and usability are orthogonal - do you? (22 November 2007)
http://www.channelregister.co.uk/2007/11/22/security_usability_are_orthogonal/
Skype faces 020 7870 cut-off (22 November 2007)
http://www.theregister.co.uk/2007/11/22/skype_down_again/
Leopard data loss glitch uncovered (6 November 2007)
http://www.theregister.co.uk/2007/11/06/leopard_dataloss_bug_uncovered/
Mac OS X 10.5 Leopard - Finder (5 November 2007)
http://www.reghardware.co.uk/2007/11/05/review_osx_leopard_pt_1/
Security site knocks spots off Mac OS X Leopard firewall (2 November 2007)
http://www.channelregister.co.uk/2007/11/02/leopard_security_analysis/
Reality distortion for Java on Leopard? (2 November 2007)
http://www.channelregister.co.uk/2007/11/02/apple_leopard_java/
Mac users get a new OS, and a Trojan for good measure (2 November 2007)
http://www.theregister.co.uk/2007/11/02/weekly_0211/
Laggard Apple lets Leopard virtualize (1 November 2007)
http://www.channelregister.co.uk/2007/11/01/apple_allows_leopard_virtualization/
Apple's Leopard rejects latest version of Java (29 October 2007)
http://www.channelregister.co.uk/2007/10/29/no_java_for_leopard/
Dreaded Blue Screen of Death mars some Leopard installs (27 October 2007)
http://www.channelregister.co.uk/2007/10/27/leopard_install_problems/