During Tuesday's Mac Geek Gab #208, Dave Hamilton and John Braun got into a discussion of Little Snitch from Objective Development. Mr. Hamilton pointed out that the app can be confusing and restrictive in its behavior for newbies and needs to be fully understood before it's toyed with. However, I'm siding with John Braun and suggesting that it's an essential app, one that could benefit many users at different levels.
We grow with our Macs over time. New technologies press us further and further, and whether we like it or not, learning, growth, and adaptability are key to an enlightened, prosperous Mac life. That means that for every Mac user, whether a switcher, a newbie to computing, or someone who wants to become more accomplished, there are certain rituals that one must go through.
Gotta know WHEN to blow that whistle
One of those rituals is being more aware of what the Mac is doing. We have firewalls and (hopefully) secure browsers to make sure that what comes into our Macs is safe. But, in every day use, we have no way of knowing what's leaving our Macs, outbound information that could compromise our security and privacy.
Little Snitch from Objective Development provides that function. It's been developed by white hat good guys in Austria. The app installs a kernel extension (kext) that allows the app to monitor and block, if desired, outbound connections initiated by an application.
Why do those of us who use Little Snitch, like our John Braun and me, love it? It's because we develop a mind map of what's going on with our Macs. Over time, we get to know our app environment, what each app and process is doing and why.
In most cases, an app spills the beans to the mother ship about the version and, sometimes with opt-in, anonymous details of the Mac's configuration to aid the developer. The Mac's Software Update, for example, tells Apple what version of iLife you have so it knows whether to offer you an update. In time, we get to know our environment and that prepares us for something unexpected or suspicious. Getting to know the app territory and customary behavior is a Good Thing.
Mr. Hamilton mentioned that a user casually installed Little Snitch to play with it, then forgot about it, and later had a problem with the proper function of an app. He was probably alarmed and frustrated, and that was viewed as a problem, a failure of Little Snitch. I claim that it's akin to losing your car keys, then blaming it on the car manufacturer.
The trick to Little Snitch is to come to know and love its preference page shown below.
Little Snitch Configuration
Seeing how Little Snitch is going to behave before hand is vital to living with this app. Also, after time, one learns how to go ahead and let a trusted app have outbound access forever. That's encoded into the preferences, and can make life with Little Snitch easier: many fewer popup alerts.
Mr. Hamilton asked Mr. Braun how many times it's formally saved him. The answer was never, but that's not a condemnation of the app. It's like asking a pilot how many times his "gear still up" warning light saved him from a bad landing. Even if the answer is "zero," the pilot wouldn't opt to have that alert disabled.
Living with a Mac is all about norms, experience, and oddities. Flying blind doesn't help that process. Little Snitch is a gentle, friendly app if you take the time, ten minutes, to learn how it works and play with its prefs. Some day, a nasty animal will leak in through Safari, and an unknown app or process will try to divulge some personal information to a bad guy. With years of experience seeing how Little Snitch works with you, you'll catch it and block it. Your actions will seem like second nature to you instead of a reaction to an alarming, mysterious event.
Consider it part of your growth, learning to pilot the Mac. So there, Mr. Hamilton. What say you now?