Little Snitch 6.0 Released
obdev.atBeware that Little Snitch and other similar network filter extensions leak your IP address to the remote server even if there's an explicit block for that server.
I emailed the dev and they responded by pointing me to this post and explaining that this was because of a design decision by Apple and not something they are able to fix. https://www.obdev.at/blog/three-way-handshake-bypassing-litt...
Perhaps just VPN + little snitch is your best bet if you're still worried
The blog post is mentioned in the first linked article. Needless to say I fundamentally disagree with Apple's decision* - If I explicitly install a firewall, I want it to actually function like a firewall and not let some packets through. The overhead explanation seems a bit like a stretch.
* It's actually not clear whether this is a feature or a bug. Apple never responded to the bug report (FB12088655).
Yeah it seems going to https://feedbackassistant.apple.com/feedback/12088655 the report doesn't even exist anymore.
Would be good to get an official answer from Apple if this is won't fix or coming as a fix in a future release.
> Yeah it seems going to https://feedbackassistant.apple.com/feedback/12088655 the report doesn't even exist anymore.
That link is for Apple engineers. Feedback reports are not public. They're only accessible by the reporter and Apple.
Yep. It's not/wasn't a VPN or DNS proxy but more of an host-side application firewall specifically to control apps' use of outbound connections. If you need pristine infosec, then you need something else and probably public WiFi too.
I used to use LuLu and Little Snitch but LuLu nondeterministically dropped packets and connections causing ssh to drop and navigation problems in the browser, so I had to remove LuLu.
Is this solved by the new set of dns encryption features?
I wouldn't think so, as the issue mentioned doesn't have anything to do with dns.
Instant purchase. This is one of the first apps I install on a new machine.
€39 to upgrade from 5.0.
From 3.0 to 4.0 and then to 5.0 were €25 each. This is a 56% uptick in price.
The price of the app at that time was $45, not $59, if my records are correct.
But price of upgrade went up higher comparing change to the app pricing.
No longer using MacOSX, but this was definitely one of most useful and usable security tools ever created. Especially in a time, where more than half of all the anti-virus or firewalls you would get were just snake-oil.
I even got a nice bug bounty, because I discovered that a popular program pulled it's updates via HTTP and executed the downloaded executable directly thereafter.
I love the inclusion of DNS here, as that was a major pain point on version 5. Currently on MacOS you can only use a single network filter, which Little Snitch is, so you couldn't use an encrypted DNS service easily in addition to Little Snitch. This made it an instant purchase for me (and it works).
When on public networks, I use dnscrypt-proxy with a captive-portal compatible workaround.
When at home, I point the router to DoT non-logging servers and clients use the router for all domain resolution.
One of most useful utilities for the Mac.
Which begs the question: is there anything similar for a Windows machine? Or for a Linux-based one?
I seem to recall the past paid upgrades being timed to release with new macOS versions, but this one comes out ahead of WWDC in June, where presumably a new version will be unveiled. Is this related to the network filter extensions, so there's no longer the same risk of OS version incompatibilities?
An issue that's not unique to this developer, is that I'm having trouble determining what their update policy will be regarding the now previous version. Based on their past procedure, I'm not expecting it'll work with the next major macOS version, but it would be wonderful with clearer expectations on what types of bugs or security issues (if any) they commit themselves to fixing after the new version is out.
Mac apps are just so beautiful when built by devs who build fully on the platform.