Todd Woodward wrote:
> Apple today released Mac OS X v10.5.1 with Application Firewall updates which cover the following issues:
>
>
> * "Block all incoming connections" setting renamed to "Allow only essential services" to more "accurately [describe] the option"
>
What a nice WTF. This is a good example of what IMHO is Apple's wrong
tactics. There's *huge* difference between "block all incoming
connections" and "allow only essential services". Those are two
completely different things. :-)

And then, for the average user, the statement "allow only essential
services" is quite confusing. What are essential services? What if user
has no need for some of them, yet can't easily turn them off because
they're in the "essential" pack? What if someone really wants to disable
all incoming connections (say, lots of people that use just an DSL
connection, Mac and an USB printer)? If the setting has been *renamed*,
does that mean that there's actually no way to fully disable incoming
connections? Or is it still there somewhere?

Granted, you can still use ipfw to set up fine-grained firewall
policies, so you're not really stuck with Application Layer Firewall.
But, how many users know how to handle ipfw?

That's weird - while it is true that many users would like to have a
firewall that's easy to set up, denying them ability to completely lock
their computers is not something I would call good security practice.
Mixing descriptions, and having deceptive descriptions that don't
reflect the true status of the firewall - I can't see the point here.
Is this, like, being user-friendly?

P.S. Application Layer Firewall, AFAIK, doesn't filter out programs
running with superuser privileges. That calls for trouble.

[ reply ]