I’ve been on a grand unification quest to find all the duplicates and old versions and generally clean the heck up on my desktop Mac, in preparation for a clean full “reference” backup and then a Leopard upgrade. I’m hearing enough security kerfuffle about the new (dis)improved firewall on Leopard; that I’m feeling glad that I didn’t buy a copy yet. Some of the issues are less relevant to me than to some, as I have a gateway firewall on our local net.
I’m disappointed to hear that Apple may be taking some of the Unix magic out of the hands of us old fogies in the course of prettying up subsystems like the firewall manager. I wouldn’t want to see quite the level of bells, whistles, and occasional frag-grenades of, say, some of the Linux GUI sysadmin tools. The princple behind those tools, however, is one that Apple would do well to emulate: provide a graphical user interface to the actual scripts and command-line / config-file changes needed to accomplish a task. Rewriting the UI as a program of its own, intertwingled with the functionality, is bad compartmentalization and should be avoided.
Speaking of firewalls, they do only protect you from stuff that is coming IN to get you, not stuff that you helpfully download and that opens up connections OUT to wreak havoc or spew spam. The emergence of Mac-targeted web trojans; is something that neither Tiger nor Leopard will prevent. It’s another class of security problem entirely, the kind that comes in via the keyboard or the mouse– what ham radio old-timers used to call “a short between the headphones”.
What I do find helpful for dodging some bullets is a the NoScript plugin for Firefox, which lets you selectively approve or deny scripts running on web pages that you are browsing. There is even some ongoing work on preventing cross-site scripting via NoScript. I find it very handy. Still, caveat clickor and all that.