Security

Protect your privacy with Little Snitch for Mac

Vincent Danen describes the privacy-protecting software called Little Snitch for Mac OS X, which helps you keep track of outgoing connections and includes a network monitor.

Vincent Danen describes the privacy-protecting software called Little Snitch for Mac OS X, which helps you keep track of outgoing connections and includes a network monitor.

---------------------------------------------------------------------------------------

Everyone knows the value of a good firewall. Firewalls are a first line of defense against malicious people that will attempt to hijack a computer for their own nefarious needs. Firewalls are by no means a silver bullet, but they are one of many tools to protect networks and individual systems. Running a computer or network without a good firewall these days is more than just foolish -- it is plain old negligent.

So unsolicited connections coming at the computer are covered, but what about the other way around? Outbound connections can be just as problematic, particularly when viruses, trojans, and other malware abound. You can download some malware yourself, which gets it in past the firewall, and accidentally run it. The firewall won't protect you from a rogue process connecting to a remote machine when the connection is originating from your own system. If a connection is established from the inside heading out, most firewalls will assume it is a legitimate connection. It won't be able to distinguish whether the connection is from Safari, an email client, or a piece of malware.

Luckily, OS X users can use a program called Little Snitch to inform them of outgoing connections. Little Snitch is not free software but the $30 USD it costs is a small price to pay for the security and confidence Little Snitch provides.

Little Snitch comes with a very restrictive default set of rules. Almost everything on the system will be unknown, so as you use your applications, Little Snitch popups will occur. When they do, you are given a choice of allowing the outbound connection: you can allow the program to establish one connection until the program terminates; allow it forever; or deny it. You can also get specific: allow any connection the program makes; allow it to the specific port it is attempting to connect to; allow blanket connections to the host it is attempting to connect to; or only allow to the specific host and port.

This kind of flexibility is wonderful. For instance, if you are uncomfortable with a program "phoning home," you can deny all connections to the program's Web site, but allow connections to every other host.

As new programs are installed, Little Snitch checks with you first as to whether the connection should be allowed or not. If you start seeing connection attempts from a program you do not recognize, however, then it's time to pay attention to what Little Snitch is telling you. There is a Show Details link in the popup that you can click to see exactly what is happening. This information is invaluable in determining what is going on if you don't recognize the software trying to make a connection, or if a popup appears when you're doing something completely different (i.e., this is from a program you did not tell to activate). The information provided includes the IP address (if the connection is to a hostname), the reverse DNS name, the full path of the program attempting to establish the connection, as well as the program's process ID and its running user ID, as in Figure A.

Little Snitch is an invaluable piece of software. It is one of the first programs I install when setting up a new computer or upgrading to a new version of OS X. Even the Network Monitor that it provides (viewable via the menu bar icon) is useful, as it shows in real-time what applications are making connections and to where. The rule editor is easy to use and gives an overview of what rules are in place, and even tells you if rules exist for programs that are no longer installed.

All told, Little Snitch is probably one of the most vital pieces of software on my computer. I would not want to run OS X without it.

About

Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.

5 comments
lucasm007
lucasm007

Everything Microshaft has done has been copied off a MAC/LINUX/UNIX system. Why cause they do not know how to think. They just copy for the open source community and they advertise ... I thought of that.. NO you stole it. Also, Little Snitch is a very good product but if you have some security knowledge (IPTABLES) you can do the same. I however, prefer Little Snitch for the exact reason this article has stated. If Little Snitch had an easy button then it would say... "THAT WAS EASY"

The 'G-Man.'
The 'G-Man.'

only you need to pay for it. Is there not a free one that is just as good?

vdanen
vdanen

You need to know ipfw if you want to do the same thing on a mac, not iptables. I also don't think ipfw lets you build the outbound firewalls as-you-go (it's possible there is a GUI for this but I've not seen it). I'm also not sure about the Windows 7 firewall. I've never seen a popup on Windows asking if Firefox is allowed to go out on port 80. Do I need to do something special to turn that on (because if that ability is baked into Win7, I want to use it). You're right.. Little Snitch is dead easy. And for what it does, it isn't that expensive. I've been using it for years; for the length of time I've used it, it's been a nominal investment and it prevents so much from getting out that I don't want to get out. All these apps that "phone home" no longer get to (sure, they say they're looking for version updates, but without having access to the source, how do I know for sure?).

treerod1
treerod1

Simple answer, "no." Okay, okay there are programs out there that claim to do the same thing as Little Snitch, but as yet I've haven't found one that does what Little Snitch does half as well. I've been using Little Snitch for almost four years now and I've come to rely on it to protect my privacy from software companies, nosy network administrators, etc. ... so for $30, you get a program with at least 4 years of experience and tweaking that has many potential bugs worked out.

bboyd
bboyd

yeah right. How would SJ get his cut then?