Apple’s Leopard Update Includes Security Fixes

You’ll probably be updating to Mac OS X 10.5.1 anyway, if you’re running Leopard, but note that this update contains three fixes for Leopard’s firewall. (I’ve discussed some of the weaknesses in the firewall here and here.) This update patches some bugs in Leopard, so you should certainly install it. As usual for Apple updates, check the Software Update preference pane in System Preferences. You can find out more about the security fixes on this Apple security page.

Two New Apple Security Updates: Mac OS X 10.4 10.3

Apple has released a collection of security updates, covering its last two operating systems, Tiger (10.4) and Panther (10.3). The first, the Mac OS X 10.4 update, is most likely the final patch to Tiger. Containing bug fixes for the operating system overall, it also has dozens of security fixes. The Security Update 007-008 for Mac OS X 10.3 patches similar bugs in Panther. If you’re still running Panther, you must have updated to 10.3.9; for Tiger, you’ll need to be at 10.4.10 to run the update.

For the first two updates, just run Software Update on your Mac.

Stop Applications from Phoning Home with NetBarrier

While you use the Internet with lots of programs - your web browser, e-mail program and chat client - you may have other programs that access the Internet for various reasons. The most common is to check for updates; you’ll have lots of programs that do this automatically every day, or every week. You can usually choose whether these programs check for updates, and at what frequency.

But other programs may also phone home, for a variety of reasons. They may send their developers data about who’s using their software. Or, if you happen to have installed any malicious software that may want to send more information to a remote server, this could happen as well. And there’s no way to know when programs are doing this; at least not through Mac OS X.

Intego NetBarrier, however, has an Anti-Spyware feature that allows you to block network access for applications you have added to a list, or to get alerts whenever an application tries to access the Internet. You can set NetBarrier to alert you whenever a program tries to phone home, and you can then choose to allow it or to block it. Once you allow or block an application, it gets added to a list so you can see all the programs that access the Internet. You also see the port numbers they attempt to access; you can block specific ports and allow others, if you wish.

An option allows you to trust system processes, so you’re not alerted by such background applications as Software Update, .Mac syncing, and other OS X features.

With this feature, you can be sure that the only applications that use the Internet are the ones you allow. And NetBarrier can alert you whenever any other programs try to phone home.

Security Update for iPhone and iPod touch

Apple today released a security update for the iPhone and the iPod touch. Numbered 1.1.2 for both devices, this update protects against the poetic “maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution.”

Since you can only update the iPhone and iPod touch from iTunes, and since iTunes only checks for updates weekly, you should connect your device and click the Check Now button on the device’s settings screen. This will tell iTunes to check for an update right away so you can be safe.

Intego ContentBarrier X4 Compared to Apple’s Parental Controls

Mac OS X 10.5 Leopard includes expanded parental controls, which allow parents to choose some limits regarding what their children can access while using their Macs. The following is a comparison of the two types of parental control systems, showing why Intego ContentBarrier X4 remains far superior to Apple’s parental controls in Leopard.

• ContentBarrier works on Mac OS X Jaguar, Panther, Tiger and Leopard (10.2.8 or later). Apple’s new parental controls runs only on Mac OS X 10.5 Leopard.
• ContentBarrier works on Mac computers with a PowerPC G3 processor. Apple’s parental controls only run on Leopard-compatible Macs, which have G4 processors at 867 MHz or faster.
• ContentBarrier has an easy-to-use assistant that walks you through the process of setting up parental controls for your children. With Apple’s parental controls, you must make all settings manually, through a series of preference panes and tabs.
• ContentBarrier lets you use preset profiles to different children. With Apple’s parental controls, you must change settings for each user, one by one.
• ContentBarrier lets you schedule Internet access for any time of the day. You can choose a start and end time, or you can choose several periods. You can set these limits individually for each day of the week. With Apple’s parental controls, you can only set overnight limits (from bedtime to morning) and total access time during the day. You can only set these limits for weekdays or weekends.
• ContentBarrier lets you block access to specific protocols, such as streaming music and video, peer-to-peer, and newsgroups. Apple’s parental controls does not allow you to block specific protocols.
• ContentBarrier has an Anti-Predator mode, which protects children from predatory messages in chat sessions. Apple’s parental controls have no such protection.
• ContentBarrier’s Anti-Predator mode works with all chat clients. Apple’s parental controls only affect iChat.
• ContentBarrier lets you filter web access by category. Many different categories are available, such as pornography, violence, racism, hacking, etc. With Apple’s parental controls, you can only “try to limit access to adult websites.”
• ContentBarrier’s web filters are updated regularly to provide optimal protection. Apple’s parental controls have no such updatable filters.
• ContentBarrier can redirect search engine requests to family-friendly search engines. Apple’s parental controls have no such feature.
• ContentBarrier can send full logs of user activity to a parent or administrator. Apple’s parental controls have no such feature.
• ContentBarrier can let you set restrictions even on users with administrator’s accounts. Apple’s parental controls don’t let you apply restrictions to administrator’s accounts.
• ContentBarrier has additional password protection so even administrators can be prevented from changing its settings. Any administrator can change settings to Apple’s parental controls.

More on Leopard’s Firewall

In a previous article, I pointed out how Leopard’s built-in firewall “failed every test”. An article in TidBITS looks more closely at the Leopard firewall, and specifically its application blocking features that, well, don’t work as expected.

Intego NetBarrier, the first personal firewall for Mac, offers a fully understandable interface, and, yes, application blocking that works with no surprises. While Apple tries to help users by providing security features, such as their new firewall, the lack of clarity around this feature make it something to avoid. NetBarrier is much easier to understand, and, in advanced mode, gives you more control than the Leopard firewall.