Mac OS X features its own firewall, which resides in System Preferences. While it is effective, it does not manage all connections to and from a Mac. Little Snitch is a $29.95 third-party firewall that covers everything the built-in one does not.
Although Macs are inherently more secure than Windows PCs, that does not mean they are invincible. That’s why turning on Mac OS X’s integrated firewall is a good idea. Tiger’s firewall is located in System Preferences > Sharing, while Leopard’s firewall can be found at System Preferences > Security. The problem, even though it works well, is that it can only block incoming connections to your computer. What if there’s already something installed on your computer that’s trying to make a questionable connection to the internet? That qualifies as an outgoing connection, which is where Little Snitch comes in.
From Objective Development Software GmbH, Little Snitch is a $29.95 application that gives Mac users (running 10.4 or later) more control over the internet traffic originating from their computer. Many applications nowadays periodically “phone home” or check in with their creators’ servers to exchange information. This is typically done for legitimate reasons like checking for software updates or validating serial numbers to prevent piracy. In other cases, programs may be transmitting technical information about a computer for marketing & research purposes. What we really want to avoid is a malicious piece of software stealing your personal information and sending it off to someone else without your knowledge. Little Snitch puts you in the driver’s seat by telling you when outgoing connections are attempted – leaving the choice of whether to allow or deny them entirely up to you.
When Little Snitch catches an outgoing connection, a window pops up with details about the what, where, and how. The “what” is which application is trying to connect to the internet, represented by its large icon. The “where” is the address or website the program is trying to contact. And the “how” is the port it’s using to make the connection. Little Snitch offers a number of options for users to choose from, depending on the situation. You can choose to allow or deny a connection just once, every time until the given application quits, or forever. Connections can also be allowed or denied based on the port alone, the address alone, or the combination of both of them together.
Once a connection is allowed or denied, a rule is created in the Little Snitch Configuration utility. There is a collection of pre-defined rules for common Mac programs like Mail, iChat, and Safari by default. Dealing with Little Snitch’s notifications are bothersome at first, but as more rules are created for third-party applications a lengthy list will accumulate and less intrusions will be made. The great thing is that rules can be edited or deleted at any time, so mistakes can easily be corrected.
While Little Snitch is a quality utility, it is admittedly only for experienced and knowledgeable Mac users. Casual users will likely become annoyed or confused by the frequent notifications that pop up when rules are first created. It does get better over time, but some folks may not have the patience to wait that long. However, there’s no denying that Little Snitch is the best application in its category. Considering all that it does, it is well made and incredibly easy to use. Not to mention the fact that it doesn’t hog a ton of system resources like other software tends to do. It’s an essential tool for security geeks and those who like to run a tight ship. Combined with Mac OS X’s built-in incoming firewall, Little Snitch’s outgoing firewall offers users complete control over all of their Mac’s internet connections.
Win a free copy of Little Snitch!
Mac enthusiasts are in for a treat! The developers of Little Snitch (regularly $29.95) have been nice enough to offer a free software license to one lucky MacYourself reader! To enter, please leave a comment below, along with a valid email address (this is how we will contact you). In order to avoid spam filter issues, please type a coherent sentence saying you’d like a chance to win and whether Mac OS X’s built-in firewall is currently enabled on your computer. Your answer won’t factor into your chances of winning. Think of it as an informal poll just for kicks. Multiple entries will be deleted, so please only add one comment per person. And finally, don’t worry if your comment doesn’t appear on the site immediately — it might be awaiting moderation and will show up shortly.
A winner will be chosen at random based on the comment number they happen to be. The lucky guy or girl will be announced on this page, so bookmark this article and be sure to check back later. All entries must be made by August 22, 2009 at 11:59pm eastern U.S. time. In the meantime, download a free trial of Little Snitch to try it out for yourself. Note that the trial is limited to running for 3 hours at a time before it shuts itself off. Good luck!
UPDATE – August 24, 2009:
Congratulations to our winner Dennis! His comment number was chosen from a random number generator and he has been given a free copy of Little Snitch! Thanks to everyone who entered and remember to consider purchasing a copy of Little Snitch yourself to keep an eye on your Mac’s internet connections.