What is Digg?145 Comments
- schestowitz, on 11/01/2007, -8/+57Holes in an Apple? Must be a worm.
- colincornaby, on 11/01/2007, -11/+47Um, Mac OS X has never needed the firewall enabled by default, and it never has been. The only people shocked by Mac OS X not having the firewall on by default are the Windows users who are used to their operating system needing the firewall on by default.
- fanboydcs, on 11/01/2007, -3/+28considering apples firewall is not on by default and is typically an ignored feature since there are no open ports on a default osx install, I don't see why people are so upset. Use a real firewall if you need it.
- Cyhwuhx, on 11/01/2007, -1/+23.::: No wait just a darn sec...
First Microsoft gets shot to smithereens for enforcing their Firewall in XP and Vista? And now Apple gets shot to smithereens for not enforcing it? Can the public please make up their mind about what they want first before crying wolf? - Herolint, on 11/02/2007, -0/+18Actually, whether a computer has a firewall on it or not isn't really that big of a deal. What is more important are what outward facing services are enabled and are those services secure.
You can have an on-by-default firewall enabled that only allows SSH connections, but if you are using the wrong version of OpenSSH, or you have configured it poorly, you're screwed. That is much worse that if you didn't have a firewall at all and were using a properly configured SSH server with all the latest security patches. - ploke, on 11/01/2007, -7/+22It isn't a matter of need, it is a matter of best practices. The firewall should be on by default and upgrading should not turn it off. That is simply the smartest thing to do, whether the operating system is prone to viruses or not.
- betasp, on 11/01/2007, -5/+17Infected with what? What affects Macs?
- skyshock1, on 11/01/2007, -3/+14People don't seem to understand that Unix and BSD (which OSX is built on) were written from the ground up to protect themselves from the end user. That is, having STRICT user-permissions settings in place to protect the core of the OS. Even if I tell you the IP address of an un-firewalled Mac and told you to have at it, there's probably not ***** you'd be able to do it anyway. No exploitable ports/services running by default, and those that are allowing incoming connections will require secure authentication credentials.
Firewall not enabled by default... lol. - arcticblue, on 11/01/2007, -4/+14And that is why the quality of stories on Digg are going down hill.
- streak, on 10/31/2007, -2/+11Direct link:
http://www.heise-security.co.uk/articles/98120 - inactive, on 11/01/2007, -19/+28This is truly starting to become boring. When Apple drops a product, its nothing revolutionary, it may be good, and you may really want it, but its NOT the world's greatest product, its NOT infallible. However, the endless parade of "iPod Touch is Slow" or "Holes in Leopard's firewall" articles are almost MORE annoying than the endless parade of "Leopard is the Greatest OS Ever" or "God Came, Saw Leopard, Realized he Should Have contracted Apple to Design Man" articles. It doesn't even matter which one is better or worse, because they both do things the other can't.
- TritonX, on 11/01/2007, -14/+23And how big is the risk... inexistant.
- mlopes, on 11/02/2007, -5/+13Right now, all the Apple articles are being flooded with Apple haters or Microsoft fanboys, which is about as annoying as having an article crippled with Apple fanboys. Furthermore, most of the comments are rubbish, typically the "who cares, ***** apple, you suck, leopard sucks, win 3.1 > OS X", kind of rubbish.
Don't get me wrong, but if you're looking for technically inspired comments you should look elsewhere. Digg is definitely not the place for OS enthusiasts to clear their doubts. - trogdoor, on 10/31/2007, -0/+8"All computers connected to a hostile network (ie the Internet) need a firewall."
Unless there aren't any services running that could be listening on any ports, not that this is true for OS X ( far from it ). - yabos, on 10/31/2007, -0/+8Um, what do you think is running on linux? ipfw? Same thing that OS X uses.
- grumpyrain, on 11/01/2007, -2/+10That is like the I live in the country so my car doesn't need a lock argument. All computers connected to a hostile network (ie the Internet) need a firewall. The main problem with Windows before XPSP2 was that it did not ship with an enabled Firewall, and most users were not knowledgable enough to install one of the many software Firewalls or put their computer behind a hardware firewall.
- FelixSchmelix, on 11/01/2007, -18/+25I get the impression that the guy who wrote the original firewall review article was intentionally looking for a way to make the firewall look bad. I'm pretty OS agnostic, and am convinced that you can have a decent on-host firewall for any OS, and that you can also misconfigure it to offer little protection. Following are my test results, performed using nmap on the same LAN as a Macbook running OS X 10.5. The Macbook had no sharing of any kind enabled, but was using many SMB shares and other network applications.
http://padilla.net/osx-10.5_firewall_test - FKnight, on 11/01/2007, -0/+6Obviously you missed the memo about 8 years ago that firewalls (both hardware and software) have more features now.
- vulapine, on 10/31/2007, -1/+6I don't think Apple heard you. Try again, but speak out of your mouth instead of the other end of your digestive tract.
- superkendall, on 11/01/2007, -0/+5In the past I've configured ipfw on teh command line without issue. That is the advanced control you are looking for - if you care enough to go for advanced settings, using the command line is not an issue. And as noted since the command line is there, graphical shells are trivial.
- graviplana, on 11/01/2007, -2/+7Umm, This is FUD BS, BTW. Idiots.
- MikeCerm, on 11/01/2007, -1/+5XP and Vista have built-in firewalls. Since XP SP2, it's been enabled by default. Either you have it enabled (and don't know it), or you manually disabled it because you have an external firewall (probably in a router).
Either way, you have a firewall. If you don't, you're insane, and your computer WILL get infected, if it isn't already. - Jem2768, on 11/01/2007, -3/+7A writer of security articles that doesn't understand how to use nmap and what "open | filtered" actually means.... if he broke out the nmap documentation he'd see it simply means there is NO response - i.e. no reply whatsoever from that port.
I'm not denying he has valid points about the firewall being enabled but on this point he's talkin' out of his proverbial - TheRealToma, on 10/31/2007, -4/+8If you look at his other articles, hes actually a writer of secuirty articles.
- yabos, on 11/01/2007, -0/+4Why does MacMall suck? Do they run UPS now? Once it's out of their hands any lag is UPS's fault.
- canthraxp, on 11/01/2007, -5/+9The only thing that sucks more dick than your mom-jokes is your mom.
- centerblack, on 11/01/2007, -0/+4Apple borrowed from xerox. They bought NeXT and borrowed heavily from NeXTStep. Apple comes up with a lot of great ideas. The ideas they borrow from others they implement in a way that seemingly only they can or only they care to. Apple puts a lot of care into the details of their products, and it shows. If you'd ever heard Ives talk about what considerations went into the iMac or the MacBook you'd understand.
'Mac fans' might have an easier time 'admitting' if you provided a concrete example... - Herolint, on 10/31/2007, -0/+4It has nothing to do with "big boys". OSX doesn't have any outward facing services on by default (I think this is true anyway) so there's nothing for a remote machine to attack. Windows, on the other hand, had a bunch of buggy outward facing services on by default with Windows XP and previous versions, which is why worms could travel so fast and take down corporate networks in a matter of minutes.
A firewall is just to protect against all the buggy, outward facing services. If you have a firewall installed, but have a port open to a buggy service, then you're just as screwed as if you didn't have a firewall at all. - SPThom, on 11/01/2007, -0/+4The "security issue" at hand here is simply that the OS X firewall is disabled by default.
I *wish* all of Windows' security problems were fixed by a single-click of a button in the system settings. - MatTipton, on 11/04/2007, -0/+4Regardless of defaults... if you are truely concerned about security then best practice is that you should check for yourself and actually verify whether or not it is on or off. You shouldn't just assume. It is very true that security by default is nice... but on the flip side you should check to see what's really going on versus supposed defaults.
- centerblack, on 11/01/2007, -0/+4sarcasm?
That's rendezvous/bonjour and they had to turn on bonjour messaging in iChat. I'm think Rendezvous/Bonjour only works on the local network unless you use something like Network Beacon to publish the service.... - centerblack, on 10/31/2007, -0/+4Redwall runs on gentoo.
Gentoo is a linux distribution.
Linux is an OS.
Redwall is an OS firewall.
OS firewalls are 'chumps'.
Redwall is a chump OS firewall.
gg nub. - skyshock1, on 11/01/2007, -0/+4Apples and Oranges. Windows is entirely too exploitable, and OSX is not. A firewall will protect the perimeter of the building, but what's the point if the building's already completely locked down?
- Crispuk, on 11/01/2007, -4/+7I had to disable the damn Windows Firewall anyway =/
- FKnight, on 11/01/2007, -3/+6Buried for inaccuracy. Mac OS X is impervious to all security vulnerabilities that can ever be imagined.
- rpark, on 11/01/2007, -2/+5I just think that its funny that everyones saying MY OS IS MORE SECURE when (at the time of writing) under this article is the "Crack Windows Passwords with Linux".
- Philluminati, on 10/31/2007, -1/+4wtf?
- vulapine, on 11/01/2007, -0/+3We want the opposite of what anyone thinks we want. The grass is always greener and stuff.
- rubyeyes, on 11/01/2007, -1/+4So the author enabled NetBios and was surprised it responded to network requests? Isn't that the point of NetBios? What he should mention is that by default SMB is turned OFF and the first thing he did was turn SMB on.
Also if he doesn't want his date/time to update he needs to check off the little box on the Date/Time preference panel that says "Set date/time automatically". - Herolint, on 10/31/2007, -0/+3A firewall does not equal "security". In my opinion, this is an overblown "issue". You're more than welcome to go into System Settings and click a checkbox to turn the firewall on as well.
Now, if the firewall had a problem when it was on, that would be something to talk about, in my opinion. - rubyeyes, on 10/31/2007, -1/+4As opposed to the Linux fanboys? or the OpenSource fanboys? or the Java fanboys? or the RubyonRails fanboys? or the Ron Paul fanboys?
- streak, on 11/01/2007, -8/+11RTFA to get a glimpse of what's going on that you didn't know about.
- Cayfox, on 11/01/2007, -1/+3A firewall should never be the only line of defense - sensible configuration, minimal privileges, and no unnecessary services are all good security practices. From what I've seen, OS X does all of those things. Many exploits in the Windows world seem to rely more on careless user interaction than open ports anyway.
- axcess99, on 11/01/2007, -0/+2Having the firewall off by default is bad IMO,
However, Ubuntu and many other linux's don't run firewall by default either. The point there is not that "someone else is bad therefor we aren't". Instead the point is a firewall is only needed if you have services running. Both Ubuntu and Mac run very very few services by default (unlike windows). So there is much less (or no) potential for remote exploits to start with.
Firewalls protect you from flaws (or misconfiguration) in your own services. Don't run services = don't need firewall.
Firewalls do not protect you from Trojans. Once something bad is running on your computer, you've already lost. - natedouglas, on 11/01/2007, -3/+5Please block Apple stories in your preferences. Please.
- jsp317, on 11/01/2007, -0/+2Why did you have to disable it? Windows firewall is about as easy to config as boiling water. Oh i know your game didn't work because it was on. All you had to do was open the it and allow it to connect. Done
- cranium, on 11/01/2007, -1/+3From a security standpoint, Unix variants are a whole different ball game than Windows. So much so that it doesn't make all that much sense to compare the two. The point is that your risk differential is an order of magnitude smaller in this case.
- natedouglas, on 11/01/2007, -1/+3It's implemented, it's just not on by default. Actually, they had it in 10.0, if I remember it correctly, but didn't have a GUI interface for it until 10.2 (it relied upon the ipfw CLI until then). OS X 10.2 came out two years before XP SP2.
So what were you saying? - SPThom, on 10/31/2007, -1/+3God, I hate when I chock under the pressure.
- scoot2006, on 11/01/2007, -2/+4This just in: a new piece of software isn't perfect.
Neither OS X or Windows will ever come out with a new release that's bug free or 100% secure. No program will ever have that. To expect it is asinine. -
Show 51 - 100 of 140 discussions
Check out the new & improved 
© Digg Inc. 2009
— Content created and posted by Digg users is