The “always on” paradigm that is considered normal today has its disadvantages. Many applications will regularly connect to the Internet and link to data or download data that you would rather not have on your system. Even if you don’t mind applications downloading updates and data behind your back, Little Snitch will continuously watch your network for outgoing connections that you are otherwise unaware of and warn you, so you can take actions. Privacy concerns could be reason enough to have Little Snitch running.
Little Snitch 2.2.3 is a set of applications of which at least one runs continuously in the background. That’s the real snitch: the network monitor that constantly and permanently watches your network traffic for outgoing connections. The Little Snitch user interface is only there to make it easy for you to create rules.
There’s also an alert interface that kicks in whenever Little Snitch encounters an outgoing connection for which it doesn’t find a business rule in its rules definitions database. The way it works is really simple. When you install Little Snitch, a number of rules have already been defined that allow you to work with e-mail, browsing the web, etc.
In order to give you control over whether to allow or deny other connections, Little Snitch will pop up an alert window for each outgoing connection that has no rule defined. For example, when I launch Skype on my machine, I have not defined any rule that tells Little Snitch what to do with the large number of outgoing connections Skype wants to make at startup time. The Little Snitch alert dialogue therefore pops up whenever I launch Skype.
The dialogue has options to allow or deny all of Skype’s outbound connections, or to allow or deny only specific ones (based on ports or host names or IP-addresses, etc.). You can also discern between allowing or denying for this one time or for all future connection requests. And if you have turned on the advanced option, you can even allow or deny globally (for all users –and that includes applications– on your computer).
On my machine I only allow for a small number of applications to establish outgoing connections, and Skype isn’t one of them. Updaters are also not on that list. I want to know when an application goes on a virtual trip into Internet-land.
Other people may have other needs and therefore set Little Snitch to accept more or to deny more. Denying and allowing can also be semi-automated. What I mean is that Little Snitch gives you an option to automatically allow or deny a connection when you don’t take an action within a defined number of seconds after the alert dialogue has popped up. On my system, the default action to be taken after 30 seconds of silence on my behalf is Deny!
All actions Little Snitch takes as a result of you clicking on the Allow or Deny button in the alert dialogue only for one session, create temporary rules. You can convert these rules into permanent ones by going into the Little Snitch Configuration screen. Here you can also create rules from scratch.
The great thing about Little Snitch is that you really don’t need to know much about writing rules as the interface is very straightforward and self-explanatory. Of course, you do need to know if what you’re allowing or denying is the smart thing to do…
Creating a rule from scratch is equally easy and simple, but is rarely necessary in my experience.
One very important usage for Little Snitch in my opinion, is for blocking software calls to home when you suspect the connection only serves to relay information about you and your system to the software vendor. As I see it –and this certainly holds true if you don’t use pirated software– software vendors have no business knowing what’s on my system and where I am. I care for my privacy out of principle.
Another very important use for Little Snitch is to stop outbound traffic that could be coming from malware. Although not common on Mac OS X, malware for the Mac does exist and Little Snitch can be a first line of defense to block connections from it.
In the “Always On” world of the Internet, Little Snitch should be on everybody’s Mac. At 30.00 EUR for one seat, it’s dirt cheap. It doesn’t consume CPU power, nor does it devour memory. It sits in a small corner, silently watching outbound network traffic and only allowing what you explicitly want to go out. And that’s how it should be.