After last week's column on Apple's built-in firewall, Frank Lowney asked the following question in the column's comments section:
Although, we're focused on incoming connections here, shouldn't we also be concerned about outgoing connections as well? This seems especially important where there are data caps or outrageously expensive cellular data plans being used.
We need a comprehensive and coordinated gate keeping strategy for all connections.
Frank raises an interesting and important point. While Apple's Application Level Firewall is great at putting on a good defense, monitoring your outbound traffic can be enlightening and possibly even a little disturbing. It can clue you in to which of your running applications are accessing and sending data to the Internet when you might not be expecting it to and it can help you to see if unexpected applications are sending data out when you don't want them to.
As it happens, there's an app for that: Objective Development's $35 Little Snitch, which you can download for free and use in demo mode to make sure it works exactly as you want it to.
The app's installation requires a restart, as it installs a number of its monitoring tools at a low level in your Mac's operating system. Once your Mac restarts you'll immediately see Little Snitch at work and you may be a bit surprised by what you see.
Little Snitch's default behavior is to show you Connection Alerts--messages letting you know apps are attempting to connect to the Internet--and to ask if you want that app to send out data from your Mac. You can adjust this behavior to suit your specific needs using the app's preferences.
What's surprising is just how many apps call home the moment your Mac starts up. But that little startup surprise may also act as a wakeup call. On my Macs I had to allow dozens of apps access to the Internet. Those access requests were from apps I use and want to have that access, but it is still surprising to see how many apps want to call home as your Mac starts up.
As you allow and deny connections Little Snitch learns what kinds of traffic you want to allow by how you respond to each connection request. Your responses get saved as rules that are reused every time an app attempts to make the same connection it has before. And you're not stuck with a rule once you've created it, as you can update and edit existing rules as needed.
Connection Alerts are also more than mere announcements about apps accessing the Internet, they provide detailed information about the apps trying to make that access, what ports they're using to send data, and there's a Research Assistant that gives you a more detailed look at an app from Objective Code's app databases, including whether or not the selected app has a valid code signing certificate.
Sign up for Computerworld eNewsletters.