Little Snitch 2.0.3

When I reviewed Objective Development Software GmbH’s Little Snitch 1.2 for Macworld two years ago, it helpfully filled a gap in the ipfw firewall software Apple provides with Mac OS X. The built-in firewall monitored, and blocked, only incoming network traffic, and Little Snitch was one of the available options for dealing with outbound network traffic. With Little Snitch 2 ( ; $25), Objective Development has delivered a worthy successor, with more-informative alerts to the user, more ways of seeing what traffic is coming from your Mac, and more pre-configured rules for common types of network traffic.

As with Tiger (Mac OS X 10.4), the firewall software Apple provides with Leopard (Mac OS X 10.5) is designed to screen incoming network traffic—attempts to access your computer over its network ports. Such incoming traffic can be “safe”; for example, instant messages from a friend, visits to Web pages you’ve published using Web Sharing, or your own file-sharing connections when you’re away from your desk. But other incoming connection attempts may be unwanted, and that’s what a firewall is designed to protect against.

By contrast, most outbound network connections originate with software running on your computer, such as when you send e-mail or an instant message, when you visit a Web site, or when you print a document to a shared printer.

If all outbound connections were so obvious, there’d be no cause for concern, but more and more software is designed to quietly make outgoing connections without our knowledge. In a world with more and more concerns about privacy, not to mention worries about malware and viruses, many of us prefer to make our own decisions about what outgoing connections are OK, rather than have them made for us.

Enter Little Snitch, which watches for outgoing network connections and clears them with the user before allowing them to proceed. The developers have pre-configured Little Snitch to recognize and allow several sorts of connections that assumed to be safe, such as Safari attempting to connect to any remote server on port 80 (the TCP/IP port commonly used for Web connections) and Mail attempting to send and receive email. But new, unrecognized types of connections will generate an onscreen warning and—just as important—a request for the user’s intervention.

When a questionable outgoing connection is detected, Little Snitch presents you with a dialog asking you whether or not you want to allow that connection. You can allow or deny the connection just this one time, until the program quits, or forever; and you can specify whether the program should be allowed to make any connection, any connections on this particular port, any connections to this IP address or domain name, or just this specific connection—on this port to this address. Little Snitch’s 2’s warning dialog, which displays a large icon of the program trying to make a connection, as well as larger type, is an improvement over the previous version’s and makes it especially easy to tell what you’re approving (or disallowing).

Most of the time, you’ll want to allow programs you regularly use to make their typical connections “forever.” For example, I want Meteorologist to always be allowed to retrieve weather updates from weather.com. But the above screenshot shows the second alert for Meteorologist—after I’d already approved connections to weather.com—as the program attempted to connect to sourceforge.net. My guess is that Meteorologist is trying to “phone home,” a general term used to describe programs trying to communicate with their own developers.

Such connections are usually perfectly innocent; for example, many software titles these days can automatically check the developer’s server for new versions and then notify you when an updated version is available. However, I prefer when programs let me make that decision, rather than making it for me. In other cases, developers may be collecting information about your computer, so they can tell, for example, how many people are running their software on Tiger vs. Leopard, or on a PowerPC vs. an Intel Mac. Even if such intentions are innocent, or even desirable, I’d like to know, and I’d like to decide whether or not to allow such actions. What’s more, in some environments—government, military, or some businesses—there may be other security concerns that dictate whether or not such actions can occur.

Even more critical, Little Snitch has the capability to warn you if an uninvited program, such as a virus or Trojan horse, tries to make network-related mischief. This is a good reason to be conservative about what you “allow forever;” you should err on the side of approving only the types of connections you know a program needs to make, and only to the sites it needs to connect to.

Little Snitch has a number of rules—the conditions under which it allows or prevents outgoing network connections—for common scenarios built in. In addition, each time you make a decision in a Little Snitch warning dialog, a rule is created for that scenario. But those rules aren’t set in stone; using Little Snitch 2’s Rules window (shown above), you can easily review, modify, and, if necessary, delete both built-in and custom rules.

In addition, Little Snitch 2 offers a new feature, the Network Monitor window, which lets you keep an eye on all network traffic. This window lists all programs accessing your network interface(s) and displays when each is sending or receiving network traffic. This window can be left visible all the time if you’ve got enough screen real estate, or can be set to appear only when there’s traffic. There’s also an option for a tiny menu-bar version, whose green and red bars bring to mind the network activity LEDs of days (and network interface cards) gone by. Mousing over the menu-bar display brings up the monitor window, so you can always satisfy your curiosity if there’s a sudden burst of traffic you weren’t expecting. I use this approach on my laptop, as I don’t generally want the Network Monitor taking up space on the screen.

I don’t always jump at the latest version of each program—I still have Photoshop 7 installed on my laptop—but Little Snitch 2 marks such a dramatic improvement in user interface and functionality that I can unreservedly recommend the affordable upgrade, or an initial purchase, for those whose computers are always online, or are often online in public places.

Little Snitch 2.0.3 requires Mac OS X 10.4 or later.