Little snitch -should I get it?

tigrr · #1 December 14th, 2007, 08:00 PM

I've been using Little snitch (in demo mode) for a while now (it has a very generous 3 hour session limit. After that you just have to enter its configuration and tell it to go into demo mode again, for another 3 hours!).

It seems like a very useful tool (I've even caught some spyware this way), and since I like to keep track of which software goes online and for what purpose I think I need a "firewall" for preventing outwards traffic.
There is apparently another similar application called GlowWorm which I downloaded the demo of. I haven't had the time to look closely at it, so I really can't tell how it compares with Little Snitch, but I read some negative stuff about it -the people behind it using it to harvest email addresses or something.

In any case this has got me thinking: how can we trust software like this which is supposed to keep us safe? It's like an anti-virus program: who better to spread viruses around than the makers of anti-virus software, and who better to spy on us than the makers of any-spyware.
Just thought I'd like to hear what you guys have to say about it and if Little snitch is worth getting, or if there's something better out there?

I really liked Zone-Alarm on the PC. It was effective and uncomplicated to use. Little snitch isn't quite there yet, but I haven't found anything better..

Rhisiart · #2 December 16th, 2007, 05:28 AM

The firewall that comes with 10.5 is easy to use and in my opinion obviates the need to purchase Little Snitch or anything like it. Using a hardware firewall router for internet connections adds security.

I'm surprised that you say you have caught some spyware. What exactly did you find?

Damrod · #3 December 16th, 2007, 07:46 AM

Seriously: LittleSnitch is one of the most single useful software I've seen so far on OS X. They added a lot of interesting new features in v2.x, and it's more reliable than ever.

I for one still distrust the 10.5 firewall. I deactivated it, and configured the ipfw that was used in 10.4 using Flying Buttress. To pretty much shut up your computer you only need about three or four rules. I trust it a lot more than the new one that leaves processes running with root-privileges being accessible from the net.

tigrr · #4 December 16th, 2007, 09:18 AM

Quote:

Originally Posted by rhisiart

The firewall that comes with 10.5 is easy to use and in my opinion obviates the need to purchase Little Snitch or anything like it. Using a hardware firewall router for internet connections adds security.

I'm still running 10.4.11 here (frankly I don't see join the upgrade craze when it works fine as it is and I haven't taken full advantage of it yet), and as far as I know there isn't any way to prevent applications from "phoning home" in the MacOS firewall. I honestly don't know much about the MacOS firewall, but looked into its settings it seems pretty limited and restricted to me, only allowing or disallowing things in its entirety.

As I have a DSL broadband connection I also have a firewall built into the router.

Quote:

I'm surprised that you say you have caught some spyware. What exactly did you find?

First of all it seems that I constantly come across software which connects to the Internet by default without asking for my consent. A lot of these have to do with update checking (personally I prefer to check this on my own if/when I see the need for it), but there are lots of unknown online connections which often don't make any sense at all as the application in question doesn't have anything to do with the Internet. One such application is Finder Cleaner which conducts has some suspicious activity. I'm not the only one who thinks so (just read the comments at that page).
I've also noticed that a few applications go online even when I've told them not to! Apple software update is one of them.

Little snitch seems like a very useful tool in preventing this sort of activity, but I just wanted to ask around to see if there was something better, or if there's any reason I shouldn't use Little Snitch before paying for it.

tigrr · #5 December 16th, 2007, 09:35 AM

Quote:

Originally Posted by Damrod

Seriously: LittleSnitch is one of the most single useful software I've seen so far on OS X. They added a lot of interesting new features in v2.x, and it's more reliable than ever.

Seems like you're wholeheartedly recommending me to buy it!

Quote:

I for one still distrust the 10.5 firewall. I deactivated it, and configured the ipfw that was used in 10.4 using Flying Buttress. To pretty much shut up your computer you only need about three or four rules. I trust it a lot more than the new one that leaves processes running with root-privileges being accessible from the net.

I've found the firewall to be quite complicated, but also pretty limited in its options. I wouldn't know where to start, so I've closed everything apart from the "Windows sharing" option (so I can transfer files to/from a PC connected to the same router).

So Flying buttress is a configuration program for the built in MacOS firewall? Or is it a completely different firewall altogether?
I've looked up the app's website, but I can't say I understand much about what it's for.

Mikuro · #6 December 16th, 2007, 10:41 AM

The Tiger firewall is not at all comparable to Little Snitch. Typical firewalls, including Tiger's, block incoming connections, but make no effort to block outgoing connections. And Tiger's firewall can't do anything on an app-by-app basis. Little Snitch can stop outgoing connections, and on an app-by-app basis.

Leopard's firewall is a whole new beast. I'm still on Tiger, so I don't know all the details.

I've been using Little Snitch for quite a while, and I recommend it. I haven't upgraded to 2.0 despite the fact that I own it already (thanks to the free upgrade I got from MacUpdate's bundle a while back), because even 1.x does what I want it to do. One of these days when I'm in a "let's fix what ain't broke!" kind of mood I will install 2.0.

Keep in mind that Little Snitch is not a magic bullet. There are ways apps can bypass it. For example, if a nefarious application tell Mail.app to send an email containing sensitive data, then only Mail.app will be making a network connection, and since you'd probably "always allow" Mail.app to make connections, it would go through.

I've never actually seen an example of this, but it's possible, anyway.

The bottom line is, Little Snitch is a great tool, but no tool is a subtitute for caution and vigilance.

symphonix · #7 December 16th, 2007, 04:42 PM

I would agree that Little Snitch is a very useful addition to the Mac's own firewall. It will let you know if an app is phoning home, which they do a lot more often than you would think.

The only thing I'd add is that if you are using Little Snitch and you enjoy playing online games (eg: Quake, Unreal, etc) then add them to Little Snitch's trusted list before launching the game, as the pop-up message usually isn't visible from inside the game when in full screen, meaning Little Snitch will block network traffic for that game. It took me days to work out why I wasn't getting any servers on UT2004.

**fryke** · #8 December 16th, 2007, 04:57 PM

LittleSnitch is very useful and works fine. I recommend it.