Little Snitch 5, Big Sur’s preferred network filter and firewall

Little Snitch, the firewall and network filter that tells you which macOS apps leak data to servers outside your local network, has been upgraded to version 5. Little Snitch 5 now works on macOS Big Sur and has never been better. It has been given a stunning new design, more elaborate, less technical explanation of connection alerts, improved traffic statistics, a brand new command line interface and the seamless compatibility with macOS Big Sur.

OK, first things first: Little Snitch is beyond comparison with other network filters. It simply is the only one worthy of that name that has all the advantages macOS users seek in an app. It’s beautifully designed, tells you in terms even I — and, while I am not network illiterate, I sure am not a network whiz kid — can understand what the connection an app wants to make entails, and works silently in the background, taking up very little of your Mac’s resources. Alerts integrate with Internet Access Policy, another, free app by Objective Development.

The company that developed Little Snitch, Objective Development in Austria, says the main focus in the development of Little Snitch 5 was the integration of new network filter technologies introduced by Apple in macOS Big Sur. The underlying filter engine was re-built from the ground up to replace the previous kernel extension based approach which is no longer supported by macOS.

In Big Sur 11.1, which I am running now, the network filter is circumvented by Apple as has been stated time and again since Big Sur’s introduction on other Apple focused sites like this one. In the upcoming update, Little Snitch will once more work as it used to be, with no circumvention possible unless you’re a really good hacker.

Little Snitch 5 is, of course, totally integrated with the new, and admittedly, likeable design of Big Sur. There’s a prominent search bar with direct access to often used search terms like “Country” to search for traffic coming in and going out from/to a specific country and a newly structured sidebar that make using the app very efficient and pleasurable.

What will first hit you, though, is the fact that installing Little Snitch no longer requires you to restart the Mac. The next thing that hit me, is the new Network Monitor. That was beautiful in the previous version but is now gorgeous and with a more efficient interface. Better yet, Little Snitch 5 captures connection information in the background — without enlarging its memory or CPU footprint, by the way — and no longer requires the Network Monitor application to be running in order to collect this information. That means you can call up the Network Monitor and quit it as need dictates. I don’t know if it’s a subjective impression, but I had the feeling the Network Monitor is much snappier too, despite my copy/version of Big Sur not exactly at risk of winning performance awards on my 27inch i5 iMac mid-2017.

Impressive is that the new monitoring system is capable of holding traffic information from up to a whole year (!), instead of only the last hour as with Little Snitch 4.

I didn’t try this one out, but new also is that system administrators now have the ability to configure a variety of program settings via a CLI (command line interface), making Little Snitch scriptable for the very first time. This interface now also offers the possibility to report network connections in a log-based format for detailed and versatile traffic analysis.