Little Snitch keeps an eye on your Mac's Internet connections

Those access requests were from I apps I use and want to have that access, but it is still surprising to see how many apps want to call home as your Mac starts up.

Those access requests were from I apps I use and want to have that access, but it is still surprising to see how many apps want to call home as your Mac starts up.

After last week's column on Apple's built-in firewall, Frank Lowney asked the following question in the column's comments section:

Although, we're focused on incoming connections here, shouldn't we also be concerned about outgoing connections as well? This seems especially important where there are data caps or outrageously expensive cellular data plans being used.

We need a comprehensive and coordinated gate keeping strategy for all connections.

Frank raises an interesting and important point. While Apple's Application Level Firewall is great at putting on a good defense, monitoring your outbound traffic can be enlightening and possibly even a little disturbing. It can clue you in to which of your running applications are accessing and sending data to the Internet when you might not be expecting it to and it can help you to see if unexpected applications are sending data out when you don't want them to.

As it happens, there's an app for that: Objective Development's $35 Little Snitch, which you can download for free and use in demo mode to make sure it works exactly as you want it to.

The app's installation requires a restart, as it installs a number of its monitoring tools at a low level in your Mac's operating system. Once your Mac restarts you'll immediately see Little Snitch at work and you may be a bit surprised by what you see.

Little Snitch's default behavior is to show you Connection Alerts--messages letting you know apps are attempting to connect to the Internet--and to ask if you want that app to send out data from your Mac. You can adjust this behavior to suit your specific needs using the app's preferences.

What's surprising is just how many apps call home the moment your Mac starts up. But that little startup surprise may also act as a wakeup call. On my Macs I had to allow dozens of apps access to the Internet. Those access requests were from apps I use and want to have that access, but it is still surprising to see how many apps want to call home as your Mac starts up.

As you allow and deny connections Little Snitch learns what kinds of traffic you want to allow by how you respond to each connection request. Your responses get saved as rules that are reused every time an app attempts to make the same connection it has before. And you're not stuck with a rule once you've created it, as you can update and edit existing rules as needed.

Connection Alerts are also more than mere announcements about apps accessing the Internet, they provide detailed information about the apps trying to make that access, what ports they're using to send data, and there's a Research Assistant that gives you a more detailed look at an app from Objective Code's app databases, including whether or not the selected app has a valid code signing certificate.

Little Snitch lets you create profiles for different networks, which means you can create a "Trusted" profile for networks you know are safe, such as your office, an "Untrusted" profile for times when you're connecting to networks you're not sure about, and even a "Cellular Hotspot" setting that is stricter about which applications can send and receive data so you don't blow through your entire data plan with a single accidental download.

One of my favorite features is the Little Snitch Network Monitor, which provides a realtime view of the applications accessing the Internet and which you can use to create new network access rules on the fly.

It's important to note that Little Snitch is also a firewall for incoming traffic. So if you're using this app, you don't need to use Apple's firewall at the same time. But keep in mind that Little Snitch isn't as simple a solution as Apple's built-in firewall. That's not bad, it's just important to understand that the onus is on you to know which traffic should be allowed through your firewall and which shouldn't. While Little Snitch is a fantastic app, may also offer more power than you really want or need.

But, hey, it's free to try, so give it a go.

So, Frank, here's your "gatekeeper" with a complete collection of tools for handling everything you hoped for. Thanks for asking! Hope this was the answer you were looking for.

Join the CSO newsletter!

Error: Please check your email address.

Tags AppleNetworkingsecurityobjective

More about AppleMacs

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeffery Battersby

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place