Aka the antivirus companies that get almost no revenue cause they only sell mac AV.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Is Little Snitch a dangerous app to have?
- Thread starter coqui52
- Start date
- Sort by reaction score
Several websites will try to connect to your computer and LS will ask for permission. It is not just for apps.
You don't need me to find it for you, it's out there.
Dude, this doesn't make sense. Torrent-ers are smart, and we communicate. If something doesn't work it gets ignored faster than a fat chick in a bikini.
And for the record, the iWork 08 is the only torrent to ever have a trojan in it. The only one.
Let's not over-generalize here that it has happened more than once.
I don't think you're wrapping your head around this so I'll explain it. When a website wants to connect to your computer it will attempt, and for the computer to answer it BACK it has to go through little snitch. Several servers like dyn.optiline.net which is used for occasional google adsense and other image hosting will attempt to serve the image on your computer and trigger the LS warning "Safari wants to connect to" {approve/deny}. When you hit DENY, you are stopping an outgoing connection, but you are also denying an incoming request.
To be fair... if anything... little snitch is a safety measure... there is nothing bad about it!!!
I use it... and it was annoying to start off with... but once it gets some rules learnt... it can become quite good!!
J
I use it... and it was annoying to start off with... but once it gets some rules learnt... it can become quite good!!
J
download
I think you can download a free trial version direct from the developer's website, and buy it later to get a serial number which unlocks all of its features.
I think you can download a free trial version direct from the developer's website, and buy it later to get a serial number which unlocks all of its features.
Well... what problem do you have with it "Phoning Home" the only reason that you might not want that is if you pirate software and don't want the serials blacklisting...
What it actually means is that the application is programmed to connect back to the developer to verify serials and whatnot... You can block this thru little snitch...
I use it for privacy.... but what you use it for is for you to know and me to not ask...
J
Well... what problem do you have with it "Phoning Home" the only reason that you might not want that is if you pirate software and don't want the serials blacklisting...
What it actually means is that the application is programmed to connect back to the developer to verify serials and whatnot... You can block this thru little snitch...
I use it for privacy.... but what you use it for is for you to know and me to not ask...
J
Well, the reason I asked about it was because I had just read this review http://www.macworld.com/article/133363/2008/05/littlesnitch2.html , where the reviewer also mentioned that he prefers to be warned by LS each time an app tries to "phone home".
What about other "suspicious" connections - is there a way to tell the malicious or potentially malicious connections apart from the safe ones?
Well... what problem do you have with it "Phoning Home" the only reason that you might not want that is if you pirate software and don't want the serials blacklisting...
What it actually means is that the application is programmed to connect back to the developer to verify serials and whatnot... You can block this thru little snitch...
I use it for privacy.... but what you use it for is for you to know and me to not ask...
J
No, there's other legit uses for it as well. Depending on just how slow your connection is, you might not want anything phoning home because there are situations where every kbps counts.
Little Snitch monitors your Macs outgoing network traffic. It also allows you to block an applications outgoing network traffic.
So it can actually protect your Mac.
So it can actually protect your Mac.
Well... what problem do you have with it "Phoning Home" the only reason that you might not want that is if you pirate software and don't want the serials blacklisting...
What it actually means is that the application is programmed to connect back to the developer to verify serials and whatnot... You can block this thru little snitch...
I use it for privacy.... but what you use it for is for you to know and me to not ask...
J
Phoning home is a major security risk, not just a sign of somebody trying to block the "registration".
No Applications should be phoning home without asking the user first but unfortunately even if the Application is already informing the user, we still can't trust those applications. It could've easily been infected and the malware could piggyback on the trusted connection. Unless it was digitally signed in the first place but I don't see OS X verifying the digital signature except for storing passwords.
It is much better to have a secure firewall informing the user what is happening rather than the application telling the user what is happening.
Imagine if there is an application that you use that actually uses your Mac address book to do something. Would you trust that application not to phone home those data?
Phoning home is just a term for describing the application connecting back to the company's server. It can be for any purposes, serial check, update check, and so on.
So yes, you are blocking the app's ability to check back to the server for update info.
You can allow the update connection to go through but block every other connections which is what I do for a few app that gets constantly updated (1Password and Firefox nighty) but any other apps I will not allow. I will temporary disable the rule and allow the app to check for update, once that is done, I reenable the rule. It's an annoying task but I got used to doing this, especially with my education in security field.
But how would I be able to tell which one is the update connection in particular?
If an application tries to make a connection to a location you don't already have a rule for, a notification will pop up asking what you want to do, and will list the port and server the application is trying to connect to.
Right. What I do is check for the update manually. Usually Little Snitch will prompt immediately right after that, I assume it is the update connection based on the destination and port. I allow specifically for that destination/port only. After that, I create a rule to block any other connection. I usually double check by checking for update again, if it works than the rules are working.
Actually that's not true. There was a adobe installer that also installed the same trojan, and that was before iWork 09 got it.
Hugh