I just moved to Leopard last night, and all-in-all the upgrade went smoothly enough. I did the archive and install method, and choose to have it retain my settings. The migration in Leopard seems to be more thourough, as it also ‘migrated’ mostly all of my ‘unix’ underlying files/directories that were ignored in Tiger. This included pretty much everything in /Library/ (such as /Library/Webserver/Documents/ and things like /usr/). There was some initial (expected) work I needed to do to get the website working again, but I got almost everything working, after some research on how to configure all the features from Apache 1.3 in Apache 2.
But that’s not the point of this post. I wanted to highlight some of the problems I had with the new Leopard firewall. I wanted to highlight some of the problems I had with the new Leopard firewall, since I hadn’t seen a discussion about it here yet.
First off it seems the new firewall isn’t based on ipfw like the one in Tiger was. And it seems much more feature limited. This has been documented elsewhere already… ( Leopard’s firewall a ‘mess’ & Investigating the leopard firewall ).
One thing those articles mention is the ’signing’ of applications when you enable the firewall’s “Set access for specific services and applications”. This digital signature gets created and embeded in the application, so obviously when an app is upgraded it will prompt again. That doesn’t bug me much…However, the real problem is in programs that check themselves (for whatever reason). The above article mention Skype, but my personal issue was with Starcraft (1). It refuses to run after ‘allowing’ it through the firewall, saying that it couldn’t verify the application version, and maybe a virus has modified it. Of course without allowing it through the firewall, you can’t play the game online… I’m assuming battle.net makes a checksum of the application binary to assure it’s ‘valid’ before allowing you online to play. This is likely a key part of their efforts to stop cheaters from playing with hacked copies of the program, as well as prevent piracy. I haven’t done extensive testing, but I can only assume that other programs, especially games, will have similar problems, not just Skype. Anyone else who runs into this issue can ‘fix’ it (at least for starcraft) by re-downloading the latest update files from blizzard, and replacing the ‘modified’ application with the ‘original’ one.
For now, my only option has been to turn the new firewall off (Allow All) and rely solely on my router.
