Mac OS X firewall blocks Skype and online gamers

You realise, of course, this means Warcraft

By John Leyden • Get more from this author

Posted in Operating Systems, 6th November 2007 20:08 GMT

Tune into our application security webcast, click here

The list of problems with the firewall bundled with Mac OS X Leopard operating system is growing.

Not only is Leopard's firewall deactivated upon installation it also trips up Skype and online gaming applications. Both German security news service Heise and security blogger Rich Mogull encountered the problem, the latest in a series each has discovered with the firewall.

Mogull traced the issue to the firewall's (application security) code signing features. Leopard signs applications on launch that aren’t already signed via Apple. The approach is designed to create a mechanism to block malware from altering executable files.

Unfortunately, some applications, such as Skype, may change as they run. This can cause a signature mismatch, and a refusal by the firewall to allow the application to run. Reinstalling the application fixes the problem, but is hardly convenient.

Heise has a similar diagnosis of the problem, which has also affected World of WarCraft gamers, it notes. Postings on World of WarCraft forums suggest a reinstall of the game is needed to get around the bug.

In personal firewalls for Windows with application firewall settings, such as Zone Alarm, users with admin privileges can manually change program privileges. Apple's failure to include something similar in Leopard's firewall in causing problems for some, but by no means all, users.

Reg Hardware editor, Tony Smith, who recently carried out a review of Mac OS X Leopard, reports that he was able to get Skype operating through the new firewall without any problems. ®

Understand how application security is evolving