Sunday, July 5, 2009

"How Can I Stop Leopard From Continually Asking Me to Accept Incoming Connections for Microsoft Office Apps -- Word, PowerPoint, Excel, Entourage?"


Leopard has a different primary firewall than was offered in earlier versions of OS X. On the Firewall tab of the Security prefs pane, you get three choices for how it works:

-- Accept all incoming connections
-- Allow only essential services
-- Set access for specific services and applications

If you choose the third option, Leopard asks your permission whenever any network connection is attempted to a new app on your computer. Microsoft Office apps rely on such connections for various purposes. For instance, through Microsoft AutoUpdate, they check for updates. Through Microsoft Database Daemon, they check your local network for other open copies of any Office app that might violate your license agreement. And of course, Entourage collects email and performs a number of other functions over your network.

The problem is that Office apps are never treated by Leopard as apps you've already approved. Instead, you're asked again and again about these connections. No doubt, it's Microsoft's subtle form of sabotage to import Windows Vista's annoyingly frequent permissions requests into the Mac environment.

Just kidding. It more likely has to do with an older software design described by Apple's support document "Mac OS X 10.5 Leopard: About the Application Firewall":

"Some applications check their own integrity when they are run without using code signing. If the Application Firewall recognizes such an application it will not sign it, but then it will re-present the dialog every time the application is run. This may be avoided by upgrading to a version of the application which is signed by its developer."

I imagine this will clear up with the next version of Office. Meanwhile, the best solution for the non-geek in most cases seems to be to choose one of the other firewall modes.

If you choose "Allow only essential services," Leopard itself will decide what's allowed to come in (which apparently does not include checking for other open Office apps). This is the choice I've made for now. The only problem would be if you've turned on one of the services on the Sharing prefs pane -- file sharing, printer sharing, Internet sharing, or such. Those won't work anymore.

The other choice, "Accept all incoming connections," blocks nothing. That's another way to make sure you're never asked. Of course, if your computer is connected directly to the Internet, this would not a wise choice. But if it's connected through a router with its own firewall -- for instance, an Airport Extreme base station -- then mostly likely you are already adequately protected.

But this does not constitute medical advice, and be sure to consult your personal physician.

P.S. If you choose either "Allow only essential services" or "Set access for specific services and applications," be sure to go into the "Advanced" options and turn on Stealth Mode for extra safety.


No comments:

Post a Comment