Little Snitch, ZoneAlarm, Outbound Firewalls, Blech!

On last week's Mac Geek Gab Podcast episode 208, I got into a frothy rant about Little Snitch and other applications like it. My podcasting compatriot, John F. Braun, disagreed with me "on air," and John Martellaro, esteemed writer on the TMO staff, wrote an editorial doing the same.

There are a few things to set straight because, clearly, they've both been mislead. 

For the record, I do not mean to single out Little Snitch here, though clearly he's the fall guy in all of this (and I'm sure the kind folks at Objective Development have some unkind opinions of my words!). My concern extends beyond that one app and out to the whole class of "outbound firewall" applications and system monitors that go out of their way to tell users exactly what's going on with the traffic leaving their computers. In addition to Little Snitch, these tools include components of ZoneAlarm, Norton Internet Security, and NetBarrier. My full and complete loathing of these tools comes from the fact that they are marketed to everyone despite the fact that they're really only valuable to a small subset of the computing world. Moreover, they're quite dangerous to everyone else.

What do they do?

In a nutshell, an "outbound firewall" monitors all the traffic and requests leaving your computer, allowing you to ensure that nothing malicious is happening and that no sensitive data is being sent without your approval. On the surface this sounds like a very good thing. The marketing departments at these various companies know this and capitalize on it with phrases like, "keeps your online identity safe," "protect your privacy," and "extreme security." These all sound like things I want to do, and likely so do you.

Complacency Training

The problem with these apps comes in the implementation. None of these programs truly knows what YOU define as private, sensitive, or safe. To be fair, they all in some way try to be a little intelligent about it, but they have to err on the side of caution. After all, if the application developer decides that revealing your data to Apple's servers is OK but you do not, then the application fails. So these apps have to be written to be over-protective, by default, and that's the problem.

Most casual users will buy into the marketing message, install one of these apps, and then be treated to an onslaught of notifications. For testing purposes, I installed Little Snitch this morning after which I had to reboot. When my machine came back up I was presented with twenty-two (yes, 22!) individual confirmation dialogs, most of which were quite cryptic. After about 4 of these I was ready to call it quits but I hung in there just for you. After 15, my mousing hand and fingers were trained to click "Any Connection" and "Forever" just to get the things out of my way. Very quickly, the shift was made. Instead of me training Little Snitch, it was training me... to ignore it. That's right, before I even launched my first app I learned how to get Little Snitch out of my way quickly so I could get to work.

Little Snitch Warning

The Gear's Up, and Your Coffee Is Getting Cold

In his retort, John Martellaro likened Little Snitch's alerts to the "gear still up" warning light in an aircraft. He posited that no pilot would opt to disable that warning light even if he or she never accidentally set a plane down on its belly. I agree wholeheartedly with John's presumption of every pilots' wishes in this regard. But there's a flaw with John's example that I'd like to fix. Instead of the "gear still up" light coming on just when the plane slows down and, you know, the gear's still up, let's turn it on any time the plane slows down, regardless of whether or not the gear is up. Let's also turn it on if the pilot's seatbelt isn't fastened. Oh and how about when it gets a little chilly in the back for the passengers? That sounds like a good thing for the pilot to know, as well. I also think it's important the pilot's aware if there are other planes within several miles. Let's go ahead and use the same light for that. Now we're getting closer to the behavior of Little Snitch and other outbound firewall apps. That *single* light will now come on for important and trivial purposes. If I were the pilot, I'd take the pen out of my logbook and bash the light until it went dark forever. At the very least, I would learn to ignore it.

Experience Dictates Opinion

It's my years as a computer consultant that make me very wary of apps like this. If my interaction with outbound firewalls were limited to just me using my computer, I wouldn't have as much of an issue here. I understand what each and every one of these warnings mean and, for the most part, I fully grok the subtle nuances of allowing or denying each type of traffic. But casual users, almost by definition, do not. I can't tell you how many times I was called (and how many hours I billed!) because someone was having a problem with their computer that they had caused (or allowed) due to one of these outbound firewalls. Either the user was lulled into a false sense of security just because it was installed (despite the fact that they "allowed" every bit of traffic to pass) or they had erred on the side of caution and, like the listener to our podcast that prompted all of this, unknowingly denied some activity that they actually wanted to allow, in turn causing their computer to malfunction.

If You Use It, You're On Your Own

There are definitely good reasons to use a piece of software like Little Snitch and its ilk. If you fully understand (or are willing to research to gain the understanding of) what the app is telling you and what the consquences for your choices are, Little Snitch can be an extremely valuable tool in protecting your privacy and computer security. John Martellaro and John F. Braun certainly fall into this category of user and, for them, I think Little Snitch is a good tool to use. But they're also the type of people who would rarely, if ever, solicit help for solving a problem on their computers. They are both pro-quality troubleshooters who, in almost all cases, easily have the understanding required to solve their own problems.

But if you're someone who would regularly call a consultant or knowledgeable friend for help, please do yourself and whomever you're going to call a favor and never install an application like this. It will waste your time and annoy the consultant.