Little snitch -should I get it?

[tigrr]

I've been using Little snitch (in demo mode) for a while now (it has a very generous 3 hour session limit. After that you just have to enter its configuration and tell it to go into demo mode again, for another 3 hours!).

It seems like a very useful tool (I've even caught some spyware this way), and since I like to keep track of which software goes online and for what purpose I think I need a "firewall" for preventing outwards traffic.
There is apparently another similar application called GlowWorm which I downloaded the demo of. I haven't had the time to look closely at it, so I really can't tell how it compares with Little Snitch, but I read some negative stuff about it -the people behind it using it to harvest email addresses or something.

In any case this has got me thinking: how can we trust software like this which is supposed to keep us safe? It's like an anti-virus program: who better to spread viruses around than the makers of anti-virus software, and who better to spy on us than the makers of any-spyware.
Just thought I'd like to hear what you guys have to say about it and if Little snitch is worth getting, or if there's something better out there?

I really liked Zone-Alarm on the PC. It was effective and uncomplicated to use. Little snitch isn't quite there yet, but I haven't found anything better..

 

[Rhisiart]

The firewall that comes with 10.5 is easy to use and in my opinion obviates the need to purchase Little Snitch or anything like it. Using a hardware firewall router for internet connections adds security.

I'm surprised that you say you have caught some spyware. What exactly did you find?

 

[Damrod]

Seriously: LittleSnitch is one of the most single useful software I've seen so far on OS X. They added a lot of interesting new features in v2.x, and it's more reliable than ever.

I for one still distrust the 10.5 firewall. I deactivated it, and configured the ipfw that was used in 10.4 using Flying Buttress. To pretty much shut up your computer you only need about three or four rules. I trust it a lot more than the new one that leaves processes running with root-privileges being accessible from the net.

 

[tigrr]

The firewall that comes with 10.5 is easy to use and in my opinion obviates the need to purchase Little Snitch or anything like it. Using a hardware firewall router for internet connections adds security.

I'm still running 10.4.11 here (frankly I don't see join the upgrade craze when it works fine as it is and I haven't taken full advantage of it yet), and as far as I know there isn't any way to prevent applications from "phoning home" in the MacOS firewall. I honestly don't know much about the MacOS firewall, but looked into its settings it seems pretty limited and restricted to me, only allowing or disallowing things in its entirety.

As I have a DSL broadband connection I also have a firewall built into the router.

I'm surprised that you say you have caught some spyware. What exactly did you find?

First of all it seems that I constantly come across software which connects to the Internet by default without asking for my consent. A lot of these have to do with update checking (personally I prefer to check this on my own if/when I see the need for it), but there are lots of unknown online connections which often don't make any sense at all as the application in question doesn't have anything to do with the Internet. One such application is Finder Cleaner which conducts has some suspicious activity. I'm not the only one who thinks so (just read the comments at that page).
I've also noticed that a few applications go online even when I've told them not to! Apple software update is one of them.


Little snitch seems like a very useful tool in preventing this sort of activity, but I just wanted to ask around to see if there was something better, or if there's any reason I shouldn't use Little Snitch before paying for it.

 

[tigrr]

Seriously: LittleSnitch is one of the most single useful software I've seen so far on OS X. They added a lot of interesting new features in v2.x, and it's more reliable than ever.

Seems like you're wholeheartedly recommending me to buy it!

I for one still distrust the 10.5 firewall. I deactivated it, and configured the ipfw that was used in 10.4 using Flying Buttress. To pretty much shut up your computer you only need about three or four rules. I trust it a lot more than the new one that leaves processes running with root-privileges being accessible from the net.

I've found the firewall to be quite complicated, but also pretty limited in its options. I wouldn't know where to start, so I've closed everything apart from the "Windows sharing" option (so I can transfer files to/from a PC connected to the same router).

So Flying buttress is a configuration program for the built in MacOS firewall? Or is it a completely different firewall altogether?
I've looked up the app's website, but I can't say I understand much about what it's for.

 

[Mikuro]

The Tiger firewall is not at all comparable to Little Snitch. Typical firewalls, including Tiger's, block incoming connections, but make no effort to block outgoing connections. And Tiger's firewall can't do anything on an app-by-app basis. Little Snitch can stop outgoing connections, and on an app-by-app basis.

Leopard's firewall is a whole new beast. I'm still on Tiger, so I don't know all the details.

I've been using Little Snitch for quite a while, and I recommend it. I haven't upgraded to 2.0 despite the fact that I own it already (thanks to the free upgrade I got from MacUpdate's bundle a while back), because even 1.x does what I want it to do. One of these days when I'm in a "let's fix what ain't broke!" kind of mood I will install 2.0.

Keep in mind that Little Snitch is not a magic bullet. There are ways apps can bypass it. For example, if a nefarious application tell Mail.app to send an email containing sensitive data, then only Mail.app will be making a network connection, and since you'd probably "always allow" Mail.app to make connections, it would go through.

I've never actually seen an example of this, but it's possible, anyway.

The bottom line is, Little Snitch is a great tool, but no tool is a subtitute for caution and vigilance.

 

[symphonix]

I would agree that Little Snitch is a very useful addition to the Mac's own firewall. It will let you know if an app is phoning home, which they do a lot more often than you would think.

The only thing I'd add is that if you are using Little Snitch and you enjoy playing online games (eg: Quake, Unreal, etc) then add them to Little Snitch's trusted list before launching the game, as the pop-up message usually isn't visible from inside the game when in full screen, meaning Little Snitch will block network traffic for that game. It took me days to work out why I wasn't getting any servers on UT2004.

 

[fryke]

LittleSnitch is very useful and works fine. I recommend it.

 

[Randy Singer]

Little Snitch is a reverse firewall. It blocks outgoing connections. Regular firewalls only handle incoming connections.

Little Snitch might be worth having if you don't like applications "phoning home." However, I've rarely heard of any applications doing so for nafarious purposes. Generally applications phone home for such innocuous purposes as checking for updates, making sure that you are registered, checking for other copies of the software on your network, etc.

Generally, the only people who find Little Snitch to be really useful are people who are pirating software. Otherwise its probably just a waste of money.

 

[fryke]

A little paranoia can be helpful. Sometimes it's interesting to find out what apps want to connect and when (and maybe why).

 

[Satcomer]

With Little Snitch I am continually surprised about how many Applications call home even when I did not tell them to check for updates.

Plus to be extra safe/paranoid I turn on Stealth mode on my wireless Apple Airport Extreme. I figure doing this is just a LEVEL of security. Security is a changing landscape and one has to keep a wary eye on the latest techniques used by the bad guys and the counterpoint protection routines.

 

[Curiosity]

The only thing I'd add is that if you are using Little Snitch and you enjoy playing online games (eg: Quake, Unreal, etc) then add them to Little Snitch's trusted list before launching the game, as the pop-up message usually isn't visible from inside the game when in full screen, meaning Little Snitch will block network traffic for that game. It took me days to work out why I wasn't getting any servers on UT2004.

I do not quite understand why a game like Prey wants to communicate with the Internet, though. The scenario does not lend itself to group play. Whenever I start Prey, I get a synthesized voice message telling me that Little Snitch has prevented Prey from communicating with something online.

 

[Curiosity]

I like Little Snitch. It adds the outgoing component that the OS firewall lacks. I tried GlowWorm, but it is not as good.

 

[Rhisiart]

I am happy to defer to the wisdom of others.

Pre-Leopard I used Intego's Netbarrier including its Anti-Spyware facility (doing pretty much the same thing as Little Snitch).

Perhaps I was naive in thinking that Leopard's upgraded firewall would obviate the need for such additional software. If root commands can still be maliciously accessed despite Leopard's firewall then what is it there for?

I am also inclined to agree with Mikuro. If a deviant wanted to access my computer I am sure s/he could get round programmes like Little Snitch via mail or other commonly used Internet connections.

 

[tigrr]

I registered my copy of Little snitch earlier today, before reading these last postings (I'm still waiting for the key code though), but reading about Netbarrier I started wondering if I should have gotten that instead, even if it's more expensive.
Netbarrier seems to have a lot more advanced features, judging by their website. But are these really just hyped up features most of us don't need?

 

[barhar]

'Little snitch - should I get it?' - yes.

Particularly, to determine and manage applications / processes which 'phone home'.

 

[Rhisiart]

I registered my copy of Little snitch earlier today, before reading these last postings (I'm still waiting for the key code though), but reading about Netbarrier I started wondering if I should have gotten that instead, even if it's more expensive.
Netbarrier seems to have a lot more advanced features, judging by their website. But are these really just hyped up features most of us don't need?

Possibly. I'd say that a hard router firewall combined with Little Snitch should suffice.

I'm not against Little Snitch and I can see why others like it. I was just hoping that Leopard's upgraded firewall would suffice.

 

[jursamaj]

Little Snitch is a reverse firewall. It blocks outgoing connections. Regular firewalls only handle incoming connections.

Little Snitch might be worth having if you don't like applications "phoning home." However, I've rarely heard of any applications doing so for nafarious purposes. Generally applications phone home for such innocuous purposes as checking for updates, making sure that you are registered, checking for other copies of the software on your network, etc.

Generally, the only people who find Little Snitch to be really useful are people who are pirating software. Otherwise its probably just a waste of money.

Pirates like it, of course, but it's useful for anybody.

Many freeware apps ut there install things along with want you want. If you read the entire user agreement, it *might* mention them, but might not. When they attempt to phone home, Little Snitch snitches.

And some apps don't even *ask* if you want to check for updates. The ones that do, I turn off, because I can handle that all on my own, thanks.

For instance, Adobe Reader 8: every single time I start it, it wants to phone home. Nowhere in it's preferences is there an option not to check for updates. Only by accident did I find that to shut off update checks, you have to manually select Help->Check For Updates...

A) Why would I check for updates in order to not check for updates.
B) Auto check is shut off, and it *STILL* wants to phone home every time started. Why?

There may be a perfectly reasonable explanation for this behavior, but I have a healthy distrust of corporations. By definition, they only serve *my* interests to the extent that it makes them money.

 

[VirtualTracy]

There are reports about that any program that installs its own Kernal Extension can "Phone Home" unbeknownst to Little Snitch.

Virtualisation programs are the type to install their own kext file and FileMaker Pro is another app that will circumvent the security measure Little Snitch puts in place. FlexNet, Macrovision's Software Protection System seems to be another one to get around Little Snitch.

 

[Rhisiart]

Just a simple question (apologies if I seem dumb), but if Little Snitch detects an app phoning home, how can one know what info it is obtaining from your mac to allow or disallow it?