Leopard Firewall Breaks Applications
If you want to maintain your sanity, do not enable your Leopard firewall and add applications to the firewall’s services and applications list. It has been reported that doing so will alter the application in a way that could prevent some of them from running properly.
Last night, I tried to launch World of Warcraft and I got a “unable to validate game version” error when I tried to log in. I check the official WoW Mac support forums and see others suffering this same problem.
Here’s what Blizzard poster Tigerclaw had to say:
The game was tested against Leopard, however it was not tested in a fashion that would involve re-configuring the firewall or the parental controls, both of which are Leopard features that (we have learned) can alter the contents of the game files in a way that defeats our existing integrity checking mechanisms.
We are working on a more permanent solution so this issue can be eliminaed in future patches.
I also had problems with Skype, which I unfortunately also added to the firewall applications list. It absolutely refused to run. I was able to fix the this issue by downloading a new copy of Skype and copying it over the broken version. Adium and iChat were two applications that were able to survive this ordeal unscathed.
I would avoid using this firewall until Apple releases an update to fix this problem. Above all, do not add any programs to the firewall application list! Just make sure you’re behind a hardware firewall and everything should be ok.
Update: The 10.5.1 update has fixed this issue. Download this update ASAP before messing with any of the firewall settings.
Interested in more Apple and Japan related content? Consider subscribing to Apple Otaku. You can also subscribe by email and have new posts sent directly to your inbox.
Related posts:
I’m glad you were able to figure out what was going on though, although same on Apple for it. Hope everything else turns out well.
Nice tips – will avoid that fire wall. have you tried Little Snitch?
Danny,
I might look into Little Snitch eventually. I know them from their other great product, Launchbar.
Hopefully, Apple will get their act together with this firewall. I think Little Snitch could nicely complement a revised Apple firewall.
“I would avoid using this firewall until Apple releases an update to fix this problem. Above all, do not add any programs to the firewall application list! Just make sure you’re behind a hardware firewall and everything should be ok.”
The fascinating thing about this is that based on the description of what’s happening, the applications are at fault because they’re engaging in behavior that Apple has been warning developers against for _years_. An app that writes back to itself hasn’t been kosher on the Mac since the advent of AppleShare, and an app that does brute-force checksumming of it’s binary to check for tampering hasn’t been reliable since the release of Mac OS X. Pressuring Apple to “fix” their firewall so it doesn’t expose coding errors in a small percentage of 3rd-party apps is, IMO, the wrong direction to be going.
Greg,
That’s an interesting way of looking at this problem. I’m all for it if this problem could be solved by the third party developers.
Have you had any issues with this firewall so far?
Other than finding the config interface confusing when I first saw it, I haven’t had issues with the firewall as a user or as a developer yet.
I should clarify somewhat. I’m a Mac developer, and I’m a Mac developer because of the platform (it’s actually fun to write for) and the user base (they’re nicer to interact with than the mean on other platforms). I’m a Mac developer *despite* Apple, and I won’t go out of my way to defend them if I suspect they’re in the wrong. But I don’t think they’re in the wrong here. *If* I’m correctly understanding the situation, apps are failing because developers are relying on things that they’ve been told aren’t reliable and that have not truly been reliable in practice.
Apps that modify themselves on disk have been a no-no for literally decades. Hasn’t stopped some developers from doing it, but in the 20+ years I’ve been a Mac user I’ve never actually seen a reason for an app to modify itself post-install.
Apps that checksum themselves are a newer phenomenon and there’s an understandable incentive for security apps or MMORPGs and the like to do it. But the specific technique they’re using isn’t reliable and hasn’t been reliable since the release of OS X because there’s always in this era been a potential for an app to be modified silently by the OS. The issue is that the app developers in this case are looking for modifications to their code, but they’re checking for modifications to a binary file, as a unit, that contains other things in addition to their code. If they restricted their sanity checking to the code segment(s) for the active architecture instead of the whole binary file, it should work fine. And it’d be quicker at launch time for big, universal apps