PDA

View Full Version : Is Little Snitch a dangerous app to have?




coqui52
Apr 27, 2009, 02:33 PM
Forgive my ignorance people, but I just installed on my Imac, Little Snitch, but really I don't trust it 100% because I am not sure if it just made my Mac vulnerable to Hackers or what not.

Anybody knows if its safe or I should worry?



gauchogolfer
Apr 27, 2009, 02:43 PM
So wait, you bought Little Snitch and installed it, but don't know what it does?

LS monitors outgoing traffic from your computer onto the network, so that you can identify programs that are trying to access the network.

In short, it's not dangerous, quite the opposite.

MikhailT
Apr 27, 2009, 02:44 PM
Little Snitch is a firewall, it helps to protect your mac from outgoing connections by prompting you if you want to allow or block each outgoing connection. (it is not just a monitoring app as the last post suggests)

It's a must have app for mac people.

Consultant
Apr 27, 2009, 02:51 PM
Note he said he installed, but he didn't say he bought it.

If you pirate it, there is a chance it could have trojans in it.

If you bought it, you are safe.

armoguy94
Apr 27, 2009, 03:12 PM
Little Snitch is a security application. It won't harm your computer if you purchase it. There are not any known trojans for pirated versions of Little Snitch, however I could see how some companies would do that, as Little Snitch is a common app for piraters

MikhailT
Apr 27, 2009, 03:32 PM
Little Snitch is a security application. It won't harm your computer if you purchase it. There are not any known trojans for pirated versions of Little Snitch, however I could see how some companies would do that, as Little Snitch is a common app for piraters

Companies don't do that at all. They'll be in far bigger trouble than the priates in this place. It's the hackers who uploads the trojan-infected pirated copies.

mikeinternet
Apr 27, 2009, 03:46 PM
Companies don't do that at all. They'll be in far bigger trouble than the priates in this place. It's the hackers who uploads the trojan-infected pirated copies.

This is going off topic. But, you don't think that companies flood the torrent sites with bad software to deter pirating?

I bet some do, and I bet all movie companies do likewise.

Tallest Skil
Apr 27, 2009, 03:47 PM
I bet some do, and I bet all movie companies do likewise.

Yeah... because you can piggyback a working trojan into a movie file... :rolleyes:

mikeinternet
Apr 27, 2009, 04:31 PM
Yeah... because you can piggyback a working trojan into a movie file... :rolleyes:

I didn't mean a trojan in regards to the movie companies. But I think they spread bad copies of stuff that won't play. Or supposedly require "additional software."

Tallest Skil
Apr 27, 2009, 04:34 PM
I didn't mean a trojan in regards to the movie companies. But I think they spread bad copies of stuff that won't play. Or supposedly require "additional software."

How is that even possible? Comments on the torrent pages from downloaders show the file's true intent, and it really isn't possible for a movie file to require "additional software". You can't just make up a format out of the blue.

smokestack
Apr 27, 2009, 04:38 PM
it's a genius program once you get past the initial setup (and being asked about every single connection).
no. it will not make you more vulnerable.

Kilamite
Apr 27, 2009, 04:41 PM
How is that even possible? Comments on the torrent pages from downloaders show the file's true intent, and it really isn't possible for a movie file to require "additional software". You can't just make up a format out of the blue.

Think he means additional software to play it... like a dodgy codec you have to download. I've seen movies on torrents that are like that.

Thing is, companies will put out fakes to try and put people off, but it'll never work properly. Uploaders of torrents have reputations, and if their username is the upload, then you can trust it is what it is. Be it a movie or software.

MikhailT
Apr 27, 2009, 05:00 PM
This is going off topic. But, you don't think that companies flood the torrent sites with bad software to deter pirating?

I bet some do, and I bet all movie companies do likewise.

It won't do anything. It'll be filtered out pretty fast. Most torrent sites comes with people comments that'll inform you if there is any malware installed or if it works or not and a lot of time it'll get deleted off torrent sites and many people are using private trackers that are usually pretty damn effective and even harder to track for those companies.

Piracy can't be deterred, it'll always be there.

(plus we do have a database of IP addresses used by companies in order to ban them from seeding to us, most torrent clients have them now)

That's beside the point, a company is not allowed to modify its app to do damage to people's machines as part of the anti-piracy method. They can delete the app or block their own app to do something but not anything else.

thespazz
Apr 27, 2009, 07:03 PM
How is that even possible? Comments on the torrent pages from downloaders show the file's true intent, and it really isn't possible for a movie file to require "additional software". You can't just make up a format out of the blue.
Nice.

Don't torrent bro, you're the one the RIAA is targeting.

Tallest Skil
Apr 27, 2009, 07:06 PM
Nice.

Don't torrent bro, you're the one the RIAA is targeting.

I don't. They're not targeting me. If you don't know that an area of water bordered by land on three sides has comments on their pages, you're not very well versed in the Internet.

sn00pie
Apr 27, 2009, 07:11 PM
I personally just use the built-in Firewall with OS X.

It allows me to choose what programs access the internet, so it works fine and dandy for me. Plus it's free :)

MikhailT
Apr 27, 2009, 07:31 PM
I personally just use the built-in Firewall with OS X.

It allows me to choose what programs access the internet, so it works fine and dandy for me. Plus it's free :)

The firewall in Security Tab in Systems Pref or the firewall in the command line?
Cuz the firewall in security tab only works on incoming connections, you still need to block the outgoing connections somehow.

glasserp
Apr 27, 2009, 07:47 PM
Nice.

Don't torrent bro, you're the one the RIAA is targeting.

The RIAA doesn't go after people who pirate software. They mainly go after people who haven't discovered BT and still use Limewire for music.

Back to the topic. LittleSnitch is a great piece of software that lets you keep an eye on things. Highly recommend it.

Jethryn Freyman
Apr 27, 2009, 09:44 PM
The built in firewall that comes with OS X (in system preferences) is horrible. IPFW, the built in UNIX firewall, is the best you can get, but Apple sidables it by default.

Little Snitch is an outgoing firewall, and is a very very good app to have. It is very useful at stopping trojans from sending out your data, stopping apps from "phoning home", and your application serial number and registration from being sent out, should you wish to prevent it.

coqui52
Apr 28, 2009, 11:06 AM
So I guess I am in the clear. Thanks for all the usefull information, I got more out of the question than I would have expected.

Again thanks!

sn00pie
Apr 28, 2009, 01:20 PM
The built in firewall that comes with OS X (in system preferences) is horrible. IPFW, the built in UNIX firewall, is the best you can get, but Apple sidables it by default.

Little Snitch is an outgoing firewall, and is a very very good app to have. It is very useful at stopping trojans from sending out your data, stopping apps from "phoning home", and your application serial number and registration from being sent out, should you wish to prevent it.

Hmm...looks like I may have to invest in Little Snitch

one1
Apr 28, 2009, 02:04 PM
Little snitch is the mac's antivirus, in an indirect way. It disallows the CHANCE for a host to connect to you without your permission or for programs to dial out. In the coming year this will likely be a much more useful program as the virus platform for the Mac has at least started to show up; even if it is not directly executable yet, it can be with scripting and automation and most likely will be by the end of the year if someone decides it is beneficial to them to produce such a "virus" if you will. The only thing it has to get around is the Mac's input password to access program files and I'm sure anything is possible.

Be aware that certain programs still dial out around little snitch such as Adobe products. Adobe products have to have the host list edited to keep them from calling home as they walk right around little snitch through the use of specialized non monitored ports.

I told you that to tell you this.... Little Snitch may not always save you and should be considered at best a good preventative. Such as the example I gave above, some programs can still get out with LS installed. Either custom editing of the hosts in your apps, or setting up extreme rules lists in LS are needed to completely deny outgoing, which can be quite Vista like with all those nanny rules in place causing LS to constantly ask permission.

So yes it is 99% of the time an exceptional program, but there are SOME holes that products like Adobe take advantage of when calling home. A quick hosts edit solves that if you don't want any background traffic from your apps.

WPB2
Apr 28, 2009, 02:12 PM
I think the name just throught the OP off. I too thought "Little Snitch" was a shady name. Pretty catchy though.

mikeinternet
Apr 28, 2009, 06:12 PM
Think he means additional software to play it... like a dodgy codec you have to download. I've seen movies on torrents that are like that.

Thing is, companies will put out fakes to try and put people off, but it'll never work properly. Uploaders of torrents have reputations, and if their username is the upload, then you can trust it is what it is. Be it a movie or software.

That is what I meant.

It won't do anything. It'll be filtered out pretty fast. Most torrent sites comes with people comments that'll inform you if there is any malware installed or if it works or not and a lot of time it'll get deleted off torrent sites and many people are using private trackers that are usually pretty damn effective and even harder to track for those companies.

Piracy can't be deterred, it'll always be there.

(plus we do have a database of IP addresses used by companies in order to ban them from seeding to us, most torrent clients have them now)
...

I know comments point out fakes. That is how I know there are tons of fakes out there. The fact that you have a database of company IPs means they do post fakes. That was all I was trying to say and I suspect that goes on.

...That's beside the point, a company is not allowed to modify its app to do damage to people's machines as part of the anti-piracy method. They can delete the app or block their own app to do something but not anything else.

That makes sense that they wouldn't be allowed to spread bad software no one is. But it happens. Just like people are allowed to download software they didn't pay for.
I'm not accusing software companies, I'm just pointing out that they have a motive.

Jethryn Freyman
Apr 28, 2009, 06:34 PM
=It disallows the CHANCE for a host to connect to you without your permission or for programs to dial out.

Little Snitch only stops outgoing connections.

Be aware that certain programs still dial out around little snitch such as Adobe products. Adobe products have to have the host list edited to keep them from calling home as they walk right around little snitch through the use of specialized non monitored ports.

I haven't seen this, I've got plenty of Adobe apps installed, and Little Snitch has blocked them fine. My hosts list is also fine. Do you have a link to an example of this happening?

armoguy94
Apr 28, 2009, 06:42 PM
Companies don't do that at all. They'll be in far bigger trouble than the priates in this place. It's the hackers who uploads the trojan-infected pirated copies.Aka the antivirus companies that get almost no revenue cause they only sell mac AV.

one1
Apr 28, 2009, 06:43 PM
Little Snitch only stops outgoing connections.

Several websites will try to connect to your computer and LS will ask for permission. It is not just for apps.


I haven't seen this, I've got plenty of Adobe apps installed, and Little Snitch has blocked them fine. My hosts list is also fine. Do you have a link to an example of this happening?
You don't need me to find it for you, it's out there.

Jethryn Freyman
Apr 29, 2009, 01:08 AM
Several websites will try to connect to your computer and LS will ask for permission. It is not just for apps.

This is wrong, Little Snitch is only for outgoing questions.

GimmeSlack12
Apr 29, 2009, 01:14 AM
I didn't mean a trojan in regards to the movie companies. But I think they spread bad copies of stuff that won't play. Or supposedly require "additional software."

Dude, this doesn't make sense. Torrent-ers are smart, and we communicate. If something doesn't work it gets ignored faster than a fat chick in a bikini.

And for the record, the iWork 08 is the only torrent to ever have a trojan in it. The only one.
Let's not over-generalize here that it has happened more than once.

one1
May 2, 2009, 01:36 AM
This is wrong, Little Snitch is only for outgoing questions.

I don't think you're wrapping your head around this so I'll explain it. When a website wants to connect to your computer it will attempt, and for the computer to answer it BACK it has to go through little snitch. Several servers like dyn.optiline.net which is used for occasional google adsense and other image hosting will attempt to serve the image on your computer and trigger the LS warning "Safari wants to connect to" {approve/deny}. When you hit DENY, you are stopping an outgoing connection, but you are also denying an incoming request.

MAC-PRO-DEMON
May 2, 2009, 09:48 AM
To be fair... if anything... little snitch is a safety measure... there is nothing bad about it!!!

I use it... and it was annoying to start off with... but once it gets some rules learnt... it can become quite good!!

J

jon08
May 2, 2009, 10:25 AM
So is is safe to download it off of Macupdate.com then?

MAC-PRO-DEMON
May 2, 2009, 10:35 AM
So is is safe to download it off of Macupdate.com then?

Er... is that a retorical question??

J

dbwie
May 2, 2009, 10:36 AM
So is is safe to download it off of Macupdate.com then?

I think you can download a free trial version direct from the developer's website, and buy it later to get a serial number which unlocks all of its features.

MAC-PRO-DEMON
May 2, 2009, 10:42 AM
Here's a direct link...

Download Link (http://www.obdev.com/downloads/LittleSnitch/LittleSnitch_2_0_5.dmg)

And it really isn't that expensive...
http://www.quicksnapper.com/files/9050/193756588649FC69CDD9CCF_m.png

jon08
May 2, 2009, 11:08 AM
^^ Thanks, I might give it a try. However, considering that I'm not too familiar with all this outgoing connections stuff, how can I tell when an app is trying to "phone home" and things like that?

MAC-PRO-DEMON
May 2, 2009, 11:18 AM
^^ Thanks, I might give it a try. However, considering that I'm not too familiar with all this outgoing connections stuff, how can I tell when an app is trying to "phone home" and things like that?

Well... what problem do you have with it "Phoning Home" the only reason that you might not want that is if you pirate software and don't want the serials blacklisting...

What it actually means is that the application is programmed to connect back to the developer to verify serials and whatnot... You can block this thru little snitch...

I use it for privacy.... but what you use it for is for you to know and me to not ask... :cool:

J

jon08
May 2, 2009, 11:23 AM
Well... what problem do you have with it "Phoning Home" the only reason that you might not want that is if you pirate software and don't want the serials blacklisting...

What it actually means is that the application is programmed to connect back to the developer to verify serials and whatnot... You can block this thru little snitch...

I use it for privacy.... but what you use it for is for you to know and me to not ask... :cool:

J

Well, the reason I asked about it was because I had just read this review http://www.macworld.com/article/133363/2008/05/littlesnitch2.html , where the reviewer also mentioned that he prefers to be warned by LS each time an app tries to "phone home".

What about other "suspicious" connections - is there a way to tell the malicious or potentially malicious connections apart from the safe ones?

Signal-11
May 2, 2009, 02:39 PM
Well... what problem do you have with it "Phoning Home" the only reason that you might not want that is if you pirate software and don't want the serials blacklisting...

What it actually means is that the application is programmed to connect back to the developer to verify serials and whatnot... You can block this thru little snitch...

I use it for privacy.... but what you use it for is for you to know and me to not ask... :cool:

J

No, there's other legit uses for it as well. Depending on just how slow your connection is, you might not want anything phoning home because there are situations where every kbps counts.

macuser154
May 2, 2009, 03:44 PM
Little Snitch monitors your Macs outgoing network traffic. It also allows you to block an applications outgoing network traffic.

So it can actually protect your Mac.

MikhailT
May 2, 2009, 03:57 PM
Well... what problem do you have with it "Phoning Home" the only reason that you might not want that is if you pirate software and don't want the serials blacklisting...

What it actually means is that the application is programmed to connect back to the developer to verify serials and whatnot... You can block this thru little snitch...

I use it for privacy.... but what you use it for is for you to know and me to not ask... :cool:

J

Phoning home is a major security risk, not just a sign of somebody trying to block the "registration".

No Applications should be phoning home without asking the user first but unfortunately even if the Application is already informing the user, we still can't trust those applications. It could've easily been infected and the malware could piggyback on the trusted connection. Unless it was digitally signed in the first place but I don't see OS X verifying the digital signature except for storing passwords.

It is much better to have a secure firewall informing the user what is happening rather than the application telling the user what is happening.


Imagine if there is an application that you use that actually uses your Mac address book to do something. Would you trust that application not to phone home those data?

jon08
May 2, 2009, 04:39 PM
So basically, if an App has the option of 'checking for updates on each start up' and you block that App with LS for phoning home, you are consequently as well disabling the update option?

MikhailT
May 2, 2009, 05:04 PM
So basically, if an App has the option of 'checking for updates on each start up' and you block that App with LS for phoning home, you are consequently as well disabling the update option?

Phoning home is just a term for describing the application connecting back to the company's server. It can be for any purposes, serial check, update check, and so on.

So yes, you are blocking the app's ability to check back to the server for update info.

You can allow the update connection to go through but block every other connections which is what I do for a few app that gets constantly updated (1Password and Firefox nighty) but any other apps I will not allow. I will temporary disable the rule and allow the app to check for update, once that is done, I reenable the rule. It's an annoying task but I got used to doing this, especially with my education in security field.

jon08
May 2, 2009, 05:06 PM
Phoning home is just a term for describing the application connecting back to the company's server. It can be for any purposes, serial check, update check, and so on.

So yes, you are blocking the app's ability to check back to the server for update info.

You can allow the update connection to go through but block every other connections which is what I do.

But how would I be able to tell which one is the update connection in particular?

Jethryn Freyman
May 2, 2009, 06:07 PM
But how would I be able to tell which one is the update connection in particular?

If an application tries to make a connection to a location you don't already have a rule for, a notification will pop up asking what you want to do, and will list the port and server the application is trying to connect to.

MikhailT
May 2, 2009, 06:29 PM
If an application tries to make a connection to a location you don't already have a rule for, a notification will pop up asking what you want to do, and will list the port and server the application is trying to connect to.


Right. What I do is check for the update manually. Usually Little Snitch will prompt immediately right after that, I assume it is the update connection based on the destination and port. I allow specifically for that destination/port only. After that, I create a rule to block any other connection. I usually double check by checking for update again, if it works than the rules are working.

Jethryn Freyman
May 2, 2009, 06:58 PM
Right. What I do is check for the update manually. Usually Little Snitch will prompt immediately right after that, I assume it is the update connection based on the destination and port. I allow specifically for that destination/port only. After that, I create a rule to block any other connection. I usually double check by checking for update again, if it works than the rules are working.

That's right.

jon08
May 3, 2009, 02:57 PM
^^ I see... That sounds like a plan. I'll probably give it a try in the near future when I have some more time. I'm still a bit worried about how will I be distinguishing other connections tho - which ones to block and which ones not...

MAC-PRO-DEMON
May 3, 2009, 03:57 PM
^^ I see... That sounds like a plan. I'll probably give it a try in the near future when I have some more time. I'm still a bit worried about how will I be distinguishing other connections tho - which ones to block and which ones not...

You can always change the rules later..
:rolleyes:
J

Hugh
May 4, 2009, 02:42 PM
Dude, this doesn't make sense. Torrent-ers are smart, and we communicate. If something doesn't work it gets ignored faster than a fat chick in a bikini.

And for the record, the iWork 08 is the only torrent to ever have a trojan in it. The only one.
Let's not over-generalize here that it has happened more than once.

Actually that's not true. There was a adobe installer that also installed the same trojan, and that was before iWork 09 got it.

Hugh

MAC-PRO-DEMON
May 4, 2009, 03:00 PM
Actually that's not true. There was a adobe installer that also installed the same trojan, and that was before iWork 09 got it.

Hugh

I thought that it was after... :confused:

J

jon08
May 4, 2009, 04:24 PM
Huh? What adobe installer? :confused:

Jethryn Freyman
May 4, 2009, 06:14 PM
There was a adobe installer that also installed the same trojan
I think it was in the "keygen" included with the torrent.

Keygens are one of the most dangerous pieces of softwar to use, since most of the time they are either simple random number generators or trojans.