Mac OS X firewall blocks Skype and online gamers
You realise, of course, this means Warcraft
Magic Quadrant for Enterprise Backup/Recovery
The list of problems with the firewall bundled with Mac OS X Leopard operating system is growing.
Not only is Leopard's firewall deactivated upon installation it also trips up Skype and online gaming applications. Both German security news service Heise and security blogger Rich Mogull encountered the problem, the latest in a series each has discovered with the firewall.
Mogull traced the issue to the firewall's (application security) code signing features. Leopard signs applications on launch that aren’t already signed via Apple. The approach is designed to create a mechanism to block malware from altering executable files.
Unfortunately, some applications, such as Skype, may change as they run. This can cause a signature mismatch, and a refusal by the firewall to allow the application to run. Reinstalling the application fixes the problem, but is hardly convenient.
Heise has a similar diagnosis of the problem, which has also affected World of WarCraft gamers, it notes. Postings on World of WarCraft forums suggest a reinstall of the game is needed to get around the bug.
In personal firewalls for Windows with application firewall settings, such as Zone Alarm, users with admin privileges can manually change program privileges. Apple's failure to include something similar in Leopard's firewall in causing problems for some, but by no means all, users.
Reg Hardware editor, Tony Smith, who recently carried out a review of Mac OS X Leopard, reports that he was able to get Skype operating through the new firewall without any problems. ®
COMMENTS
I wasn't clear enough (I think you'll find)
In normal use, Skype doesn't modify anything in it's .app folder. The Skype binary in Skype.app/Contents/MacOS/Skype checks itself for consistency. The Leopard firewall alters that binary, thus tripping up Skype's internal consistency check.
Skype is paranoid. Apple's assumed that developers aren't.
Anyway, go verify for yourself:-
Install a fresh copy of skype. Then:-
cd /Applications
find Skype.app -type f -exec sum {} \; > 1
Run Skype. See, it works. Quit it. Run it again. Still works? Yup. Quit it.
Grab another file of checksums now you've run it once or twice.
find Skype.app -type f -exec sum {} \; > 2
diff 1 2
The diff should show no change in checksums.
Now turn on the Leopard firewall (I'm using "set access for specific services and applications"), run Skype, and say "always allow" to the firewall prompt. Skype is still working at this point.
Quit skype and try to relaunch - it's borked. Grab another set of checksums:-
find Skype.app -type f -exec sum {} \; > 3
diff 2 3
See how the binary's changed, and there's a CodeResources file there now.
system.log says:-
Nov 7 20:30:44 lapdog com.skype.skype[22549]: Main starting
Nov 7 20:30:44 lapdog com.skype.skype[22549]: Check 1 failed. Can't run Skype
Further confirming that it's Skype refusing to run, not Leopard actively blocking it.
A quick workaround is to run Skype from it's dmg rather than from a conventional location: the dmg is mounted read only so Leopard can't fiddle with it. Of course, if Skype needed to modify itself to run, this would also fail. It doesn't. Or hasn't yet failed for me.
Sorry to go on at length, but there's a lot of bollocks kicking around here. And no, I'm not a Skype apologist: it fecks me off as much as the next man that it's a bugger to spot on the network.
Lastly: check out http://www.ossir.org/windows/supports/2005/2005-11-07/EADS-CCR_Fabrice_Skype.pdf for an old-ish but interesting insight into the paranoia of the Skype app.
@ Jacob Reid
OK Jacob, Go lie down and sober up. Then post that again so that it makes some sense.
@Shakje
The problem with Vista and WoW (or indeed addon installers like wowace) is that it requires write permissions to the World of Warcraft directory whenever the launchers wants to install a patch. The common experience is to see the patch downloaded then fail to install, and wow prematurely ends.
As for wowace and similar software they just fail every time they try to install an addon.
So you have several choices for wow itself, run in admin mode to install a patch or set the permissions on your wow directory so your regular account can write to it. Running wowace in admin mode doesn't work - the download/install functions are separate tasks and therefore lose the admin priveleges - so you're limited to choice no. 2 (or logging in as administrator just to install addons).
I don't feel either represents too great a risk, however wow is one of the most attacked games in terms of account theft. This is usually done by cracking php guild websites and taking their user's passwords, unfortunately too many people use the same password or simple variations for everything. However if you fail to use the Blizzard launcher (which detects the most commonly used malware and key loggers), if you're running in admin mode you are opening yourself up a tad. Not too much, but just a bit.
The reality is the worst I can see happening is you lose your program directory and need to reinstall the game. It's a pain because you'd have to download large numbers of patches, but nothing more problematic than a new user installing WoW for the first time.
As for other online games, I don't know, I don't play them - but it's good to hear they don't cause these sorts of problems. :)
IT infrastructure monitoring strategies
What you need to know about cloud backup
Enabling efficient data center monitoring
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
