I should clarify somewhat. I’m a Mac developer, and I’m a Mac developer because of the platform (it’s actually fun to write for) and the user base (they’re nicer to interact with than the mean on other platforms). I’m a Mac developer *despite* Apple, and I won’t go out of my way to defend them if I suspect they’re in the wrong. But I don’t think they’re in the wrong here. *If* I’m correctly understanding the situation, apps are failing because developers are relying on things that they’ve been told aren’t reliable and that have not truly been reliable in practice.

Apps that modify themselves on disk have been a no-no for literally decades. Hasn’t stopped some developers from doing it, but in the 20+ years I’ve been a Mac user I’ve never actually seen a reason for an app to modify itself post-install.

Apps that checksum themselves are a newer phenomenon and there’s an understandable incentive for security apps or MMORPGs and the like to do it. But the specific technique they’re using isn’t reliable and hasn’t been reliable since the release of OS X because there’s always in this era been a potential for an app to be modified silently by the OS. The issue is that the app developers in this case are looking for modifications to their code, but they’re checking for modifications to a binary file, as a unit, that contains other things in addition to their code. If they restricted their sanity checking to the code segment(s) for the active architecture instead of the whole binary file, it should work fine. And it’d be quicker at launch time for big, universal apps

That’s an interesting way of looking at this problem. I’m all for it if this problem could be solved by the third party developers.

Have you had any issues with this firewall so far?

The fascinating thing about this is that based on the description of what’s happening, the applications are at fault because they’re engaging in behavior that Apple has been warning developers against for _years_. An app that writes back to itself hasn’t been kosher on the Mac since the advent of AppleShare, and an app that does brute-force checksumming of it’s binary to check for tampering hasn’t been reliable since the release of Mac OS X. Pressuring Apple to “fix” their firewall so it doesn’t expose coding errors in a small percentage of 3rd-party apps is, IMO, the wrong direction to be going.

I might look into Little Snitch eventually. I know them from their other great product, Launchbar.

Hopefully, Apple will get their act together with this firewall. I think Little Snitch could nicely complement a revised Apple firewall.