Little Snitch first impressions

Posted by on February 6th, 2015 | 0 Comments »



I started using Little Snitch (version 3.5.1) a couple of weeks ago. It’s software firewall for the Mac, with a primary focus on outbound connections. This is also known as a reverse firewall. There are many thorough reviews of Little Snitch available on the web, so I’ll just add my impressions:

  • This is not a product for the casual Mac user. It will likely only cause frustration. I’d only recommend Little Snitch to techie users.
  • If you’re of the paranoid mindset (which most security practitioners are), it’s a must-have product.
  • It took me about five days of fiddling with the rules until my work wasn’t interrupted by Little Snitch “connection alert” dialog boxes. I believe the initial pain was worth it, as an alert will now generally indicate unexpected network behavior. Of course when I add new applications, I’ll need to add new rules.
  • Little Snitch includes a really nice network monitor panel, accessible from the menu bar. It’s extremely easy to perform a network capture (in standard pcap format) for any running process.
  • Even if Little Snitch never intercepts malware on your Mac, it’s a great educational tool. You’ll definitely be surprised how chatty your apps are.
  • There’s a somewhat hidden research assistant available to give guidance on the legitimacy of a intercepted process. To access this information, click on the question mark in the lower left-hand corner of the connection alert.
Little Snitch connection alert and research assistant

Little Snitch connection alert and research assistant

« FaceTime microphone input bug
iCloud Keychain vs. 1Password »

No Comments