Free outgoing firewall for MacOS X?

Discussion in 'macOS' started by Puqq, Apr 23, 2010.

  1. Puqq macrumors regular

    Joined:
    Oct 18, 2009
    #1
    I am looking for a free outgoing traffic firewall for SL. I used to use ZoneAlarm Free in Win and it worked fine. The Little Snitch seems to be perfect, but $30 is a bit steep.

    Are there any (simplest, but stable) alternatives of Little Snitch for MacOS X?
     
  2. Hellhammer Moderator

    Hellhammer

    Staff Member

    Joined:
    Dec 10, 2008
    Location:
    Finland
    #2
    As far as I know, no. There used to be one but it was for Tiger and the developer hasn't updated nor shared the source.

    Little Snitch is worth it as it's cheaper than Adobe CS4 :p
     
  3. Puqq thread starter macrumors regular

    Joined:
    Oct 18, 2009
    #3
    Hehe... Well, but isn't there any alternative?...
     
  4. Hal Itosis macrumors 6502a

    Hal Itosis

    Joined:
    Feb 20, 2010
    #4
    Another plug for LS here. It is one first class app.
    Something free? Nope... nothing i've heard of.
    (you'll probably "drink" $30 this weekend. :p )
     
  5. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #5
    New free outbound application firewall called TCPBlock. Three settings: block everything (including browser, etc), whitelist items to allow, or blacklist items to disallow. It does not provide prompts to aid configuration; it is manually configured using a Network Monitor run via terminal.

    The only useful setting is the whitelist option given that the whole point is to stop an unknown malicious executable from connecting outward. The blacklist option would only protect from malicious executables if you already knew they were malicious to add them to the blacklist.

    I recommend using Automator (Application > "Run shell script") to create an app to launch the Network Monitor for initial setup if using as whitelist.

    To bad the whitelist does not include signed services by default as initial setup is cumbersome.

    Also, any app that can remotely check for updates needs to be manually included as well or the apps will fail to check for updates.

    Furthermore, malware already has to be on the system to connect outward so in some ways it is already too late. An outbound firewall would reduce the efficacy of malware with user privileges that include connect-back shellcode from connecting remotely to potentially facilitate privilege escalation and further exploitation but this type of exploitation is only used in targeted attacks (Are you really going to be the focus of a targeted attack?). If the malware already has root privileges, the malware already has the capacity to disable the outbound firewall (So, what is the point?). At the moment, malware risks on OS X are low so is it worth the resources (in TCPBlocks defence, it was extremely fast with no discernible performance impact from what I could detect when i tried it out).
     

Share This Page