3 Essential Mac OS X Security Software Programs for PC Converts (Part 2: Little Snitch)

Mac OS X Leopard has a fairly decent built-in firewall, but it's an incoming firewall, protecting you from the dangers from the outside (and it's turned off by default which blows my mind). It does not prevent trojans already installed on your computer from sending all your data to a zombie computer somewhere in the cloud. You'll remember that Windows XP had the same problem, leading to the proliferation of excellent third-party products like my favorite, ZoneAlarm. Microsoft claims that Vista now offers outbound firewall protection, but as I (and I am sure many users) can attest, it's virtually worthless. Don't just take my word for it, read the article at PC World). In all fairness, I should say that OS X does have the capability to turn on an outbound firewall using ipfw, but that requires Unix coding, much too advanced for me, and most of you I'd guess. So, what software can Mac users use to plug this security hole? While there are many out there, and I've tried a bunch, my favorite by far is Little Snitch.

In essence, Little Snitch complements the inbound firewall in the Mac OS X operating system. That firewall prevents hackers from getting in. Little Snitch, meanwhile, prevents applications to send data outside your computer without being authorized. Certainly, there are many applications that will want to access the internet at any time for a variety of legitimate reasons. Many applications perform automatic updates, for example, and many others "phone home" to its developer to verify that you don't have a pirated product. But suppose, God forbid, you were infected with malware from a torrent site, for instance, or something else that occurred before you figured out you were required to turn on the OS X firewall (it's turned off by default -- come on Apple, I just don't get that). Or even something more mundane: suppose your jealous significant other has installed keyloggers and other spyware on your system (of course, he'll surely burn in hell, but that won't help you right now). Without an outbound firewall, malware could be sending just about your whole computer's contents to someone in Kazakhstan and you'd never know it. Enter Little Snitch.

The main screen of little snitch is the Configuration panel, shown above. Little Snitch is rule-based, with several rules pre-made to keep you from screwing things up on your Mac. Those rules are locked. You can unlock or lock rules at any time. The lock key just prevents accidental changes to important rules. As a new program starts to access the internet, Little Snitch interrupts is, and a pop-up screen asked you if you want to allow or deny that access, and at what degree you want to allow or deny (specific ports, domains, types of connections, etc). The configuration panel shows in red text software that has been deleted so you can delete those rules if you want. Some programs will have multiple rules, leading you to perhaps give a higher level of clearance to that program (on my computer, for example, the constant jumping around of Skype to different domains every few seconds eventually forced me to set its rule at "Allow any connection". I just hope that doesn't come back to bite me on my butt. Other programs I use have twenty rules with as many domains or IP addresses. In such cases, perhaps allowing that program access to port 80 would be sufficient.

The menu bar on the Mac OS X screen shows a Little Snitch icon that displays a popup of activity when an application tries to access the internet. It can be somewhat disconcerting to the average Mac user, since may of the program names are operating system components that could mean anything and scare people who don't know better, and because the nagging popup is nearly constantly appearing. You can, however, turn that feature off, which I have.

It's a program that can really be learned through trial and error. Rules can be changed at any time or reset to the original initial rules to start over. For the sake or privacy, and based on my knowledge and personal history with the real danger of malware and hackers, Little Snitch is worth every penny.