Almost two years ago now, one of our most significant blog entries was entitled “The Leopard built-in firewall.” Referencing what many others were saying, it provided details of the many serious problems with the new OS’s new firewall model.

At the time we said “Long term, [the new firewall model] has potential. Short term, it just hasn’t worked well at all.” A quick security update addressed some of the Leopard firewall’s fundamental problems, but many of them have remained.

Snow Leopard’s firewall changes, like many of its other changes, are a “fine-tuning” attempt to implement more of that potential. And they do seem to represent minor improvements. We’ve put up a Web page on our site with screenshots detailing some of the changes:

1. •It’s now obvious how to turn the firewall on and off
   

2. •You can "Automatically allow signed software to receive incoming connections" (or not, which is a safer option -- more on this later)
   

3. •You can block almost all incoming connections, even to built-in services like File Sharing. There’s still no way to block certain services that Apple considers essential (which probably are in many, but not all circumstances).
   

These three new options add important flexibility. Removed was the option to turn on and off logging, which seems to now be always on. There’s no real need to ever turn it off, so this simplification is a good one. More important, the log now includes one critical item we’ve flagged as missing for two years: the destination port on access attempts. The firewall still, however, does not seem to log all access attempts, so the log is only slightly more useful than before.

All-in-all, Snow Leopard’s built-in firewall is a definite improvement on Leopard’s, just as Snow Leopard in general seems to be an improvement on Leopard itself. But it still has a long way to go before it realizes its full potential.