Little Snitch (aka LS) should be in any serious mac-user's staple of must-have applications. For newbies it helps to understand what Little Snitch is all about -- it's about protecting you, your computer (and identity) security and your privacy first and foremost. Little Snitch's popups take some getting used to for new users in the beginning as you get the hang of 'training' it by setting rules. When LS pops up, someone/something is trying to retrieve something from your computer in some fashion -- whether it's serious or potentially harmful is up to you to find out. LS is just warning you that something potentially harmful is happening or about to happen in the form of outgoing extrusion from your computer (which might result in triggering an incoming intrusion too).

Sometimes you will deny something and then have to go back and allow it otherwise you won't be able to access a site or page or feature such as http on port 80 or 8080 or https on port 443.

Some possibly useful tips: If you're going to allow something that you're not sure about, while using your browser, choose the "allow until quit tab".

In preferences:
Alert > Check the Confirm Connection Alert Automatically.
Pull down the deny connection attempts as the default. Give yourself more time by telling it 'after 30 or 60 or .... seconds' or more to give yourself time to look up the IP location and process id.

Check the smart rule suggestion so you'll know what program triggers the alert and connection.
Prevent Editing

Advanced> Check "Mark New Rules as Unapproved" so you can more easily identify the ones you've customized in the list of rules as opposed to the defaults. It helps you analyze them better.

Security > Check "Prevent Editing" and click the lock to prevent further changes if you don't want other users making changes outside of the admin account, (and theoretically to prevent other apps to override rules or malware rewrites, although this is not always failsafe as some apps have apparently developed secret outgoing extrusions around the LS barrier).

It helps to use the mac Network Utility or other tools such as Who is, traceroute and Look up so you can learn who is trying to intrude into and extrude away from your computer. [One rapid learning strategy is to use the mac-optimized versions of Firefox, download the NetCraft.com Toolbar and use it in conjunction with the Noscript and flagfox add-ons. The netcraft toolbar and Flagfox are among those that can tell you the location/country and risk level of any site that you visit.) However, there are no 100% failsafe security strategies for most users. Little Snitch helps tip the balance a little more in your favor IF you take the time to learn how to effectively use it.

Allowing browsers to connect to ports 80 and 443 are pretty standard. Allowing FTP apps to connect to port 21 is pretty standard. Allowing mail to connect to 995 is pretty standard .... (but you have to choose carefully) ... It's usually all those other ports and warnings re other processes and applications that people have to learn about and be concerned about. Increasingly more than ever.

if you want just one good reason for using Little Snitch, Try to do a little reading at the New York Times technology / business / internet sections and blogs (or search the Security blog at the Washington Post and other consumer sites) about privacy, piracy, hijacking, computer, and browser security issues including how much data about you is being collected by google and other mega-corporations including your ISP.


try reading this article http://www.macfixit.com/article.php?story=20071109071246293 at the sister site of version tracker which includes:

"Little Snitch starts out by being suspicious, essentially, of all outgoing signals except for certain types of signal sent by certain applications on your computer. For example, by default, all purely local network signals that don't reach the Internet (such as Bonjour) are okay; iChat signals are okay; and the main types of signal sent by Mail and Safari are okay. But apart from these and a handful of further built-in rules, Little Snitch's stance is to be suspicious and to alert you to all outgoing traffic. For example, if you use a different browser, the first time you try to view a Web page in that browser, Little Snitch will alert you. You can then say, Yes, this sort of signal (e.g. a TCP connection on port 80) from this application (e.g. FireFox) is okay from now on. That is an expected signal, but you might also encounter some unexpected signals, such as an application trying to "phone home" when you didn't know that it did that sort of thing. You might be surprised at what you learn!"

and
" the whole idea of a firewall is that it assumes that network traffic from inside your computer is good. For example, let's say you use your browser to navigate to www.macfixit.com. Your computer sends out a signal to MacFixIt's server, saying, "I'd like to see your front page, please." And MacFixIt's server obligingly sends a signal to your computer, providing the data for the MacFixIt front page that you see in your browser. How did that signal get past your firewall? Well, to put it simply, the firewall "knows" that you asked for the information in the first place. It lets the signal come in because all this started when you sent a signal out.

Thus, a firewall doesn't do anything about filtering signals to the network that emanate from inside your computer. But not all signals from inside your computer are good. How do you know that some application isn't reading your name and phone number from your Address Book - or some even more sensitive information - and sending that information out to a waiting server on the Internet? That sort of trick is how certain kinds of malware do their stuff.

If you are at all concerned with malware, therefore, or even if you are merely curious to know what signals are being sent out to the network by what processes on your computer, you need a filter that tracks outbound network traffic. And that's exactly what Little Snitch is. It intercepts all outbound network traffic and either passes it (because you've already told it that this kind of outgoing signal from such-and-such an application is okay) or blocks it (because it you've told it that this kind of outgoing signal from such-and-such an application is not okay) or alerts you (because it needs you to pass judgement on this signal). In the alert, you can permit the outgoing signal or deny it; if you permit it, you can do so on a one-time basis, or just while the sending application continues to run, or you can create a rule for all time that will allow this kind of signal from this application."

Again, for anyone halfway concerned about privacy, hacking, identity protection, computer and family security, Little Snitch is more than worth the investment.

If you are hyper ADD-oriented or want mindless computing where you don't have the patience to learn anything new or be detail-oriented (even for a little while) and don't care about your privacy or computer security, it's not for you.

LittleSnitch does have a learning curve and takes some effort on the user's part. However, it's worth it to protect yourself, your kids, your family, computer, security....isn't it?


PS be sure to let other users of your computer know that you've installed it -- if you set it up correctly, only an administrator-privileged user can modify it. So do a little learning and experimentation early on ... allow for some frustration and confusion in the beginning. If you have multiple users, you might assign one person to become the LS expert.