Little Snitch first impressions
I started using Little Snitch (version 3.5.1) a couple of weeks ago. It’s software firewall for the Mac, with a primary focus on outbound connections. This is also known as a reverse firewall. There are many thorough reviews of Little Snitch available on the web, so I’ll just add my impressions:
- This is not a product for the casual Mac user. It will likely only cause frustration. I’d only recommend Little Snitch to techie users.
- If you’re of the paranoid mindset (which most security practitioners are), it’s a must-have product.
- It took me about five days of fiddling with the rules until my work wasn’t interrupted by Little Snitch “connection alert” dialog boxes. I believe the initial pain was worth it, as an alert will now generally indicate unexpected network behavior. Of course when I add new applications, I’ll need to add new rules.
- Little Snitch includes a really nice network monitor panel, accessible from the menu bar. It’s extremely easy to perform a network capture (in standard pcap format) for any running process.
- Even if Little Snitch never intercepts malware on your Mac, it’s a great educational tool. You’ll definitely be surprised how chatty your apps are.
- There’s a somewhat hidden research assistant available to give guidance on the legitimacy of a intercepted process. To access this information, click on the question mark in the lower left-hand corner of the connection alert.