it helps to understand what LS actually does and doesn't do. - SWriter

try reading this article http://www.macfixit.com/article.php?story=20071109071246293 at the sister site of version tracker which includes:

"Little Snitch starts out by being suspicious, essentially, of all outgoing signals except for certain types of signal sent by certain applications on your computer. For example, by default, all purely local network signals that don't reach the Internet (such as Bonjour) are okay; iChat signals are okay; and the main types of signal sent by Mail and Safari are okay. But apart from these and a handful of further built-in rules, Little Snitch's stance is to be suspicious and to alert you to all outgoing traffic. For example, if you use a different browser, the first time you try to view a Web page in that browser, Little Snitch will alert you. You can then say, Yes, this sort of signal (e.g. a TCP connection on port 80) from this application (e.g. FireFox) is okay from now on. That is an expected signal, but you might also encounter some unexpected signals, such as an application trying to "phone home" when you didn't know that it did that sort of thing. You might be surprised at what you learn!"

and
" the whole idea of a firewall is that it assumes that network traffic from inside your computer is good. For example, let's say you use your browser to navigate to www.macfixit.com. Your computer sends out a signal to MacFixIt's server, saying, "I'd like to see your front page, please." And MacFixIt's server obligingly sends a signal to your computer, providing the data for the MacFixIt front page that you see in your browser. How did that signal get past your firewall? Well, to put it simply, the firewall "knows" that you asked for the information in the first place. It lets the signal come in because all this started when you sent a signal out.

Thus, a firewall doesn't do anything about filtering signals to the network that emanate from inside your computer. But not all signals from inside your computer are good. How do you know that some application isn't reading your name and phone number from your Address Book - or some even more sensitive information - and sending that information out to a waiting server on the Internet? That sort of trick is how certain kinds of malware do their stuff.

If you are at all concerned with malware, therefore, or even if you are merely curious to know what signals are being sent out to the network by what processes on your computer, you need a filter that tracks outbound network traffic. And that's exactly what Little Snitch is. It intercepts all outbound network traffic and either passes it (because you've already told it that this kind of outgoing signal from such-and-such an application is okay) or blocks it (because it you've told it that this kind of outgoing signal from such-and-such an application is not okay) or alerts you (because it needs you to pass judgement on this signal). In the alert, you can permit the outgoing signal or deny it; if you permit it, you can do so on a one-time basis, or just while the sending application continues to run, or you can create a rule for all time that will allow this kind of signal from this application."

Reply to This

Thursday, January 15 2009 @ 07:56 AM PST

it helps to understand what LS actually does and doesn't do. - SWriter

try reading this article http://www.macfixit.com/article.php?story=20071109071246293 at the sister site of version tracker which includes:

"Little Snitch starts out by being suspicious, essentially, of all outgoing signals except for certain types of signal sent by certain applications on your computer. For example, by default, all purely local network signals that don't reach the Internet (such as Bonjour) are okay; iChat signals are okay; and the main types of signal sent by Mail and Safari are okay. But apart from these and a handful of further built-in rules, Little Snitch's stance is to be suspicious and to alert you to all outgoing traffic. For example, if you use a different browser, the first time you try to view a Web page in that browser, Little Snitch will alert you. You can then say, Yes, this sort of signal (e.g. a TCP connection on port 80) from this application (e.g. FireFox) is okay from now on. That is an expected signal, but you might also encounter some unexpected signals, such as an application trying to "phone home" when you didn't know that it did that sort of thing. You might be surprised at what you learn!"

and
" the whole idea of a firewall is that it assumes that network traffic from inside your computer is good. For example, let's say you use your browser to navigate to www.macfixit.com. Your computer sends out a signal to MacFixIt's server, saying, "I'd like to see your front page, please." And MacFixIt's server obligingly sends a signal to your computer, providing the data for the MacFixIt front page that you see in your browser. How did that signal get past your firewall? Well, to put it simply, the firewall "knows" that you asked for the information in the first place. It lets the signal come in because all this started when you sent a signal out.

Thus, a firewall doesn't do anything about filtering signals to the network that emanate from inside your computer. But not all signals from inside your computer are good. How do you know that some application isn't reading your name and phone number from your Address Book - or some even more sensitive information - and sending that information out to a waiting server on the Internet? That sort of trick is how certain kinds of malware do their stuff.

If you are at all concerned with malware, therefore, or even if you are merely curious to know what signals are being sent out to the network by what processes on your computer, you need a filter that tracks outbound network traffic. And that's exactly what Little Snitch is. It intercepts all outbound network traffic and either passes it (because you've already told it that this kind of outgoing signal from such-and-such an application is okay) or blocks it (because it you've told it that this kind of outgoing signal from such-and-such an application is not okay) or alerts you (because it needs you to pass judgement on this signal). In the alert, you can permit the outgoing signal or deny it; if you permit it, you can do so on a one-time basis, or just while the sending application continues to run, or you can create a rule for all time that will allow this kind of signal from this application."

Reply to This

Thursday, January 15 2009 @ 07:57 AM PST