Improving Little Snitch

Sunday
2 September
2007

The folks at Objective Development have announced the public beta of Little Snitch 2.0 a clever little program that turns the concept of firewalls inside-out. While Mac OS X has a decent firewall in place that prevents most incoming traffic by default there are few ways to monitor your outgoing traffic - this is where Little Snitch steps in preventing applications from “phoning home” with information you’d rather not have sent across open networks.

They say “Perfect paranoia is perfect awareness.” while my paranoia has not quite reached nirvana the little I do know about computers and networks has lead me to have a degree of interest in products of this sort. A while back I installed and tried Little Snitch but unfortunately it felt a bit too much like an invasion of the Windows Vista programmers.

Screenshot: Little Snitch 2.0 As I was reading about the latest release of Little Snitch I recognized a number of improvements that will help ease the pain of having to respond to all these interruptions but unfortunately very little that will reduce their number. I wondered, however, if Little Snitch couldn’t be treated as more of an open framework (à la Growl). It may be more of a challenge to convince developers to embrace a closed source framework than an open one like Growl but the reward would be great for users (through increased security and transparency) and possibly for developers as well (through increased trust).

At first launch of a new LS enabled application it would register with Little Snitch giving it a list of all the types of communication it would like permissions for. It would list the reason for each connection and the types of data that would be sent. This “privacy bill” would then be presented to the user with the ability to set preferences for each individual data type: always allow, never allow, ask each time.

Another possibility is a central privacy bill repository (participation would obviously be optional). Each time a common application initiates a new type of outgoing data transfer the details of that transaction (i.e. destination IP, data types: string, number, etc) are sent to the repository (without actual data) as an update. This up-to-date repository of privacy bills could then be accessed every time a new application is launched that Little Snitch hasn’t seen run on my system before.

While the central repository has some serious downsides (including a whole lot of irony) it could also be used as an interesting early-warning system for abusive software. While malware is nowhere near as pervasive on Mac OS X as it is on Windows (if it were I might be a whole lot closer to paranoiac nirvana than I am today) it would be nice to know there’s a central system in place to warn us when they finally do show up.

I wish I could install Little Snitch on my laptop but until there’s a solution for the constant barrage of minor decisions it necessitates I’ll have to take my chances.

Tags:

, , , , , ,