> Have you ever wondered why a process you’ve never heard of before suddenly wants to connect to some server on the Internet? The Research Assistant helps you to find the answer. It only takes one click on the research button to anonymously request additional information for the current connection from the Research Assistant Database.
I'm so glad they built this feature.
The hardest part about using Little Snitch is trying to figure out whether processes that look like system or daemons are making legitimate connections.
Frankly, I don't think Little Snitch is usable because of this. And no, a lookup tool is not good enough. For a paid program, I would expect them to maintain a list of the "required/acceptable" connections and "unnecessary" connections for popular programs, and automate the process of approval for each app.
Perfect example: Spotify is impossible to manually whitelist without spending well over an hour accepting or denying each of the exhaustingly large number of domains it touches. I bet that nearly every user simply gives up and whitelists the entire application, which defeats the purpose of paying for and installing an app like Little Snitch in the first place.
Little Snitch should be doing that work up front for its users. One person on their end spends a day or two figuring it out for an app, and saves tens of thousands of user hours having to individually perform that task. No anti-virus out there alerts a user to every filesystem read and write - they maintain databases of known threats. The same should be true for this kind of software.
Yes, it would require constant maintenance on their part. If they needed to up the price to make such a strategy viable, so be it. As it stands, I uninstalled out of frustration after using the demo for 6 hours. The alerts and interruptions never stop.
Why are OSX applications in general so bad at telling website users which platforms they support? Like always, I have to keep digging around in the website, just to find out that it only runs on OSX...
Does anyone know a similar utility for Ubuntu/Linux systems? Paid or free, doesn't matter.
This is a prime example on how to make a landing page for a product. I understand what you are selling and why I would want it. The product looks great and I think I'll try it out after work.
It's pretty good, but I feel like the screenshots don't really convey the app's value very well. Maps wants to connect to maps.apple.com? Of course it should. Itunes wants to itunes.apple.com? Well, yeah.
I'd much rather see a screenshot of some app trying to connect to a sketchy or surprising domain. I think that would really drive home the app's purpose and make it look less like nuisance that's going to bug me every time I launch Apple Maps.
The only change I would make is to add an additional call-to-action button at the bottom. I got to the bottom and didn't know what to do next and had to scroll back to the top to find the trial/buy buttons.
Excellent product, but needs some kind of rule sharing feature. There are so many network requests from different components that it can be overwhelming knowing what to allow.
Definitely agree. I like the idea of it, but when I installed it for the first time and rebooted, it fired off so many confirmation requests for various cryptic services I had no idea what they were, I removed it just as soon as I'd managed to click through them all.
I used to use a competitor, https://www.oneperiodic.com/products/handsoff/. As far as memory serves, it had some kind of rule sharing, but I didn't like it at all (why would I trust rules made by someone else?)
One possible way to do this well would be displaying information about how many people blocked/allowed. Then maybe following the crowd if it is converged enough, e.g. ≥1k votes with ≥95% same decision. But, this might be technically and socially challenging (people who care about this level of privacy may not want to share their rules; you need to make sure that no malware developer can game the system; people need to trust in that).
Therein lies a dilemma: knowing what does what on macOS.
I just sit around watching log stream output and wonder why that JPEG is being 'processed' by Safari. But that's another story.
I tried an earlier version of this and was a bit disappointed by the (apparent?) lack of information regarding these connections from applications, since there's so much going on on OS X and it's hard to tell what's legitimate and what isn't. It would be great if we could record traffic on a per-application/process basis and display it comfortably, or even have some built-in heuristics to identify common tasks like "Firefox update check" or "iCloud authentication".
It's very similar to the venerable "Spybot S&D" on Windows (the "TeaTimer" functionality, now apparently called "Live Protection": https://www.safer-networking.org).
I noticed no one mentioned https://www.tripmode.ch/ I used to use Little Snitch before but it was to complex for what I wanted to do, allow disallow internet access to certain apps, tripmode does the trick in the simplest way I've even seen.
Please steal this idea and make a product; I'll be your first paying customer:
Data Loss Protection (DLP) for retail consumers.
DLP (see http://whatis.techtarget.com/definition/data-loss-prevention... for a definition) goes beyond what Little Snitch does and does packet inspection to ensure that credit card numbers (for example) are never sent out from your network / box. Ideally, you can add regular expressions to define other PII that shouldn't be allowed to be sent out (your name, address, etc;).
DLP products exist for corporate use, but I don't know of any lightweight + inexpensive one for personal use.
WireShark, Fiddler or Charles can incorporate this functionality, if I am not wrong. Not sure how one would MITM SSL with WireShark, though.
Not related in any way, Little Flocker[0] is a similar program but for file access. It's a little rough around the edges but has been improving steadily.
I’ve been using this happily for a long time. For those taken back by the endless prompts on the first run: that’s only for the start. Select “forever” for connections you trust and you’ll soon have much less prompts.
On a side note: the developers also have Micro Snitch, an app that warns when the camera or the microphone on your mac is in use.
Yes - anything that doesn't need to be accessing the internet. Plus Google things that phone home. It's fun to watch them get frustrated and light up red in the activity monitor as they desperately try to send back metrics.
I have blocked everything Adobe Lightroom and its little cloud friends try to do, except on install to validate key. And a bunch of other apps / Apple services. If it wasn't for Little Snitch I wouldn't feel at ease running Mac instead of Linux. For me MacOS is a decent compromise between privacy and convenience because of Little Snitch. (Except that I implicitly add to the problem by accepting Mac in my life, leading by example and all that. Still struggling with that. But I tell myself I have bigger fish to fry.)
I have used Little Snitch for quite a while, then switched to Hands Off because I liked its interface a bit better and the ability to set a rule that would clear at reboot was a win. I regularly block outgoing connections; tracking attempts by Google, Apple & Microsoft (no PowerPoint, you don't need to check in to Skype at each launch...), limiting a lot of apps to loopback connections rather than full outgoing connectivity, etc.
Another benefit is that once I get over the initial rule configuration hump (and it is a real PITA for the first week or two) what I end up seeing are the anomalies and so I can pay closer attention to what has changed or where something is trying to connect that I might want to think about.
People do it for pirated copies of Adobe software because of how much it phones home. Do a quick google search and you'll find many sn/crack/warez (do people still use that word?) instructions talk about editing hosts files or installing Little Snitch.
Little Snitch is at once both great and horrifying. If you watch the day to day stuff that happens on MacOS, you'll see that Apple's reputation for security and user privacy is a pretty low bar. Aside from the constantly pinging Apple defaults, so many third party apps are just all the time phoning home to corporate servers when they're not even in use. Chrome can really just look for updates when I open it, not check in with Google about god knows what every thirty minutes.
Serious question: Can I use only profiles (e.g. no connection until VPN is connected) and the rest of the time Little Snitch should behave like it's not installed? I'm not a big fan of watching every connection... have done this in the distant past with Zone Alarm and Windows and it was more bothering than anything else. I also doubt it increases my personal security a lot.... especially when I think about my normal Android phone which is sitting beside my PC.
Yes, I used to use it and had it set up like this. You create one profile which basically allows only the VPN negotiation daemon to access the network, and then another profile where there is no alerting or blocking.
Your Mac will be very unhappy when on the first profile though - seemingly everything will constantly attempt to call out because it can see an active connection.
I ended up removing Little Snitch because I felt that it was causing instability. I could never pinpoint the issue, but things seemed much more flaky when it was running. YMMV, and I was using it a major release ago so things might be better now.
I think this is not possible by design (every app can go online). Adguard (which is an adblocker, runs without root) is installing a local VPN where you can add rules but I think (but not sure) you cannot distinguish between which program makes this request. So with this local VPN approach you can block certain domains/IPs with rules system wide.
Little Snitch is a fantastic way for people to shoot themselves in the foot.
Most people using it have no clue what they are doing, block random things, and prevent software from working as expected. Not only this can make things less secure by breaking features such as automatic updates, it also makes developer's life miserable by having to provide support to people running their software in a half broken environment.
[+] [-] tedmiston|9 years ago|reply
> Have you ever wondered why a process you’ve never heard of before suddenly wants to connect to some server on the Internet? The Research Assistant helps you to find the answer. It only takes one click on the research button to anonymously request additional information for the current connection from the Research Assistant Database.
I'm so glad they built this feature.
The hardest part about using Little Snitch is trying to figure out whether processes that look like system or daemons are making legitimate connections.
[+] [-] developer2|9 years ago|reply
Perfect example: Spotify is impossible to manually whitelist without spending well over an hour accepting or denying each of the exhaustingly large number of domains it touches. I bet that nearly every user simply gives up and whitelists the entire application, which defeats the purpose of paying for and installing an app like Little Snitch in the first place.
Little Snitch should be doing that work up front for its users. One person on their end spends a day or two figuring it out for an app, and saves tens of thousands of user hours having to individually perform that task. No anti-virus out there alerts a user to every filesystem read and write - they maintain databases of known threats. The same should be true for this kind of software.
Yes, it would require constant maintenance on their part. If they needed to up the price to make such a strategy viable, so be it. As it stands, I uninstalled out of frustration after using the demo for 6 hours. The alerts and interruptions never stop.
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] elastic_church|9 years ago|reply
[+] [-] yduuz|9 years ago|reply
[deleted]
[+] [-] diggan|9 years ago|reply
Does anyone know a similar utility for Ubuntu/Linux systems? Paid or free, doesn't matter.
[+] [-] zitterbewegung|9 years ago|reply
[+] [-] skyo|9 years ago|reply
I'd much rather see a screenshot of some app trying to connect to a sketchy or surprising domain. I think that would really drive home the app's purpose and make it look less like nuisance that's going to bug me every time I launch Apple Maps.
[+] [-] Periodic|9 years ago|reply
[+] [-] pryelluw|9 years ago|reply
[+] [-] noja|9 years ago|reply
[+] [-] mattkevan|9 years ago|reply
[+] [-] manmal|9 years ago|reply
[+] [-] lrem|9 years ago|reply
One possible way to do this well would be displaying information about how many people blocked/allowed. Then maybe following the crowd if it is converged enough, e.g. ≥1k votes with ≥95% same decision. But, this might be technically and socially challenging (people who care about this level of privacy may not want to share their rules; you need to make sure that no malware developer can game the system; people need to trust in that).
[+] [-] khana|9 years ago|reply
[+] [-] lazyjones|9 years ago|reply
It's very similar to the venerable "Spybot S&D" on Windows (the "TeaTimer" functionality, now apparently called "Live Protection": https://www.safer-networking.org).
[+] [-] Hernanpm|9 years ago|reply
[+] [-] kilroy123|9 years ago|reply
[+] [-] salzig|9 years ago|reply
Wow, that's amazing. Apple should buy them and make this feature default :-)
[+] [-] chmars|9 years ago|reply
[+] [-] vijucat|9 years ago|reply
Data Loss Protection (DLP) for retail consumers.
DLP (see http://whatis.techtarget.com/definition/data-loss-prevention... for a definition) goes beyond what Little Snitch does and does packet inspection to ensure that credit card numbers (for example) are never sent out from your network / box. Ideally, you can add regular expressions to define other PII that shouldn't be allowed to be sent out (your name, address, etc;).
DLP products exist for corporate use, but I don't know of any lightweight + inexpensive one for personal use.
WireShark, Fiddler or Charles can incorporate this functionality, if I am not wrong. Not sure how one would MITM SSL with WireShark, though.
[+] [-] rbritton|9 years ago|reply
[0]: https://www.littleflocker.com
[+] [-] bsmartt|9 years ago|reply
[+] [-] jstoja|9 years ago|reply
A firewall? No kidding, a firewall is not supposed to only block incoming traffic...
[+] [-] tedmiston|9 years ago|reply
https://support.apple.com/en-us/HT201642
[+] [-] mostafah|9 years ago|reply
On a side note: the developers also have Micro Snitch, an app that warns when the camera or the microphone on your mac is in use.
[+] [-] mellamoyo|9 years ago|reply
[+] [-] koolba|9 years ago|reply
[+] [-] coldtea|9 years ago|reply
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] nosuchthing|9 years ago|reply
[+] [-] iends|9 years ago|reply
[+] [-] pidg|9 years ago|reply
[+] [-] jacobush|9 years ago|reply
[+] [-] evgen|9 years ago|reply
Another benefit is that once I get over the initial rule configuration hump (and it is a real PITA for the first week or two) what I end up seeing are the anomalies and so I can pay closer attention to what has changed or where something is trying to connect that I might want to think about.
[+] [-] BugsJustFindMe|9 years ago|reply
[+] [-] konceptz|9 years ago|reply
[+] [-] alphonsegaston|9 years ago|reply
[+] [-] therealmarv|9 years ago|reply
[+] [-] herghost|9 years ago|reply
Your Mac will be very unhappy when on the first profile though - seemingly everything will constantly attempt to call out because it can see an active connection.
I ended up removing Little Snitch because I felt that it was causing instability. I could never pinpoint the issue, but things seemed much more flaky when it was running. YMMV, and I was using it a major release ago so things might be better now.
[+] [-] rwinn|9 years ago|reply
And the ability to do per-application captures and open them in wireshark is excellent for debugging.
[+] [-] libeclipse|9 years ago|reply
It'd be great if it was for non-root too, but I'm not sure if it's possible.
[+] [-] ChrisGranger|9 years ago|reply
[1] https://play.google.com/store/apps/details?id=app.greyshirts...
[+] [-] Couto|9 years ago|reply
[1] https://github.com/ukanth/afwall
[+] [-] therealmarv|9 years ago|reply
[+] [-] therealmarv|9 years ago|reply
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] jedisct1|9 years ago|reply
Most people using it have no clue what they are doing, block random things, and prevent software from working as expected. Not only this can make things less secure by breaking features such as automatic updates, it also makes developer's life miserable by having to provide support to people running their software in a half broken environment.
[+] [-] andrenotgiant|9 years ago|reply
[+] [-] ComodoHacker|9 years ago|reply