Little Snitch 2 released

Objective Development has released version 2 of its Little Snitch utility.

Little Snitch is an absolutely essential utility that we here at MacFixIt wouldn't be without. What does it do? Well, you probably know that Mac OS X comes with a software firewall, and if you're using a router as part of the network that connects you to the Internet, you're probably also behind a hardware firewall. And you probably know that this has something to do with security. The idea is that if your computer is connected to the Internet, then other computers elsewhere on the Internet can potentially see your computer and can do things to it. The firewall prevents this sort of intrusion from the outside. (A good recent discussion is this TidBITS article.)

On the other hand, the whole idea of a firewall is that it assumes that network traffic from inside your computer is good. For example, let's say you use your browser to navigate to www.macfixit.com. Your computer sends out a signal to MacFixIt's server, saying, "I'd like to see your front page, please." And MacFixIt's server obligingly sends a signal to your computer, providing the data for the MacFixIt front page that you see in your browser. How did that signal get past your firewall? Well, to put it simply, the firewall "knows" that you asked for the information in the first place. It lets the signal come in because all this started when you sent a signal out.

Thus, a firewall doesn't do anything about filtering signals to the network that emanate from inside your computer. But not all signals from inside your computer are good. How do you know that some application isn't reading your name and phone number from your Address Book - or some even more sensitive information - and sending that information out to a waiting server on the Internet? That sort of trick is how certain kinds of malware do their stuff.

If you are at all concerned with malware, therefore, or even if you are merely curious to know what signals are being sent out to the network by what processes on your computer, you need a filter that tracks outbound network traffic. And that's exactly what Little Snitch is. It intercepts all outbound network traffic and either passes it (because you've already told it that this kind of outgoing signal from such-and-such an application is okay) or blocks it (because it you've told it that this kind of outgoing signal from such-and-such an application is not okay) or alerts you (because it needs you to pass judgement on this signal). In the alert, you can permit the outgoing signal or deny it; if you permit it, you can do so on a one-time basis, or just while the sending application continues to run, or you can create a rule for all time that will allow this kind of signal from this application.

Little Snitch starts out by being suspicious, essentially, of all outgoing signals except for certain types of signal sent by certain applications on your computer. For example, by default, all purely local network signals that don't reach the Internet (such as Bonjour) are okay; iChat signals are okay; and the main types of signal sent by Mail and Safari are okay. But apart from these and a handful of further built-in rules, Little Snitch's stance is to be suspicious and to alert you to all outgoing traffic. For example, if you use a different browser, the first time you try to view a Web page in that browser, Little Snitch will alert you. You can then say, Yes, this sort of signal (e.g. a TCP connection on port 80) from this application (e.g. FireFox) is okay from now on. That is an expected signal, but you might also encounter some unexpected signals, such as an application trying to "phone home" when you didn't know that it did that sort of thing. You might be surprised at what you learn!

This version of Little Snitch brings many improvements. Besides being compatible with Leopard, it has many technical improvements, along with a much easier, more pleasant interface than the previous version. Also, Little Snitch is no longer a preference pane and a login item; instead, it uses the launchd mechanism and files installed in /Library/LaunchDaemons and /Library/LaunchAgents to automatically start up a daemon process (lsd) and two background-only applications, plus there's a normal application that provides a GUI for your configuration rules and preferences. (If you want a utility to track your launchd agents and daemons, you need Lingon.) An optional menu status item lets you summon a window that monitors all your network traffic, as well as giving access to the configuration application. All of this makes Little Snitch slicker, clearer, and more fun to use than ever before.

You can try Little Snitch for free; a license is $24.95 (or $12.95 to upgrade from the previous version).

Resources