Lots of people know that OS X has a very powerful stateful packet inspection firewall (ipfw) under the shiny hood of the Sharing Preference Pane thanks to its UNIX underpinnings, but actually understanding and controlling that power is something else entirely. Perhaps a bit lost in the rush to Christmas Macworld published a nice guide to configuring the Leopard firewall that's definitely helpful in getting a bit clearer about what's going on. But if you really want to dig into the options you've got to go deeper, and if you don't have the command line chops to set it up yourself, you'll want to check out the open-source WaterRoof from hanynet.com.

Basically, WaterRoof is the graphical front end to ipfw that Apple left out. As the developer notes, its features "include dynamic rules, bandwidth management, NAT configuration and port redirection, pre-defined rule sets and a wizard for easy configuration." Particularly if you're trying to use a Mac as a gateway or router and need more sophistication than the built-in Internet Sharing provides, WaterRoof can really simplify matters.

WaterRoof is a free download (donations requested) with separate versions for Tiger and Leopard. The same developer also has a simplified version with many fewer features called NoobProof.

I just ran across this nice two part series (easier part one, more advanced part two) discussing some ways to improve security in Tiger while waiting for Leopard to come along. The author, Sebastiaan de With, discusses some unfortunate choices made by Apple with regards to, among other things, firewall, networking, and Bluetooth settings, and offers suggestions for how to fix these and other potential problems. He also offers some good ideas for portable Mac users.

Now inevitably these sorts of considerations (much like security practices in air travel) involve weighing convenience against safety. I know a lot of my own practices (e.g. auto-login, running as administrator) are dangerous, but it's hard to break bad habits. What other security advice do you think is important?

graphic: Sebastiaan de With

[Via Digg]

There is a powerful firewall built into the UNIX underpinning of OS X, but getting access to its power is sometimes difficult. GlowWorm FW Lite is a network utility that allows you to control outbound network traffic on your Mac. You can set up relatively simple rules by which "you can easily define the behavior that is acceptable on the basis of a particular application, host or ip address, port number, and any combination thereof, and what action to take if such an event occurs." This seems to be similar in functionality to the Little Snitch, but Glowworm is free (however the registration process is slightly arduous).

[Via MacFreeWare]

I just bought a new MacBook, as I'm stepping down from owning a Pro and moving to a MacBook/iMac setup (more on that later), and I noticed something a little disconcerting: after going through the generic setup out of the box, Mac OS X's firewall was not enabled by default. I didn't fiddle with any settings during the initial boot and setup (besides entering a password for my wifi network and my .Mac credentials - about the only settings you can fiddle with), and I spotted this strange quirk in the Sharing Preference Pane when going to name my machine before the initial .Mac sync.

What gives? Is Mac OS X 10.4's firewall enabled by default or not? I honestly don't remember which exact version of 10.4 this MacBook shipped with (I ran Software Update immediately on startup and only caught this firewall quirk after the restart), and I'm certainly not some certified, 6-figure security expert - I'm only reporting what I saw with this initial setup.

So does anyone know what's going on? Discussions about Mac OS X's (and 10.4 specifically) inherent security often cite the firewall being turned on by default - though that clearly wasn't the case with this machine. What say you, TUAW readers?

The iPod is being turned into everything from Halloween costumes to stethoscope training tools, and now it apparently is being used to help steal hundreds of millions of dollars - in Hollywood movies, that is (don't worry, this won't be a spoiler).

Apparently Harrison Ford uses an iPod to permanently borrow $100 million from his bank in the new Firewall flick. Rick Warner, over at Bloomberg, already critiqued it quite nicely: "I don't doubt that computerized banking is ripe for theft, but the way Ford does it [sic] seems as far-fetched as James Frey's resume."

While I think it's great that the iPod and Apple are receiving all this fantastic buzz, I'm having a hard time understanding how silly product placement like this benefits anyone, let alone who instigated it. How far is stuff like this going to go? Are we going to see exploding iPods hurled down hallways to destroy genetically modified monsters in a forthcoming sequel to Doom? Here's hoping Harrison doesn't have to decode an ancient culture's chant with nothing more than his 'trusty' iPod in Indiana Jones 4.

[via iLounge]

http://www.bloomberg.com/apps/news?pid=10000088&sid=a4uL2l7YM5G8&refer=culture