Little Snitch 6.0 Released (opens in new tab)

(obdev.at)

31 pointsbashy1y ago17 comments

17 comments

Beware that Little Snitch and other similar network filter extensions leak your IP address to the remote server even if there's an explicit block for that server.

https://lapcatsoftware.com/articles/2023/6/3.html

unifer11y ago

I emailed the dev and they responded by pointing me to this post and explaining that this was because of a design decision by Apple and not something they are able to fix. https://www.obdev.at/blog/three-way-handshake-bypassing-litt...

Perhaps just VPN + little snitch is your best bet if you're still worried

frankjr1y ago

The blog post is mentioned in the first linked article. Needless to say I fundamentally disagree with Apple's decision* - If I explicitly install a firewall, I want it to actually function like a firewall and not let some packets through. The overhead explanation seems a bit like a stretch.

* It's actually not clear whether this is a feature or a bug. Apple never responded to the bug report (FB12088655).

1 more reply

hi-v-rocknroll1y ago

Yep. It's not/wasn't a VPN or DNS proxy but more of an host-side application firewall specifically to control apps' use of outbound connections. If you need pristine infosec, then you need something else and probably public WiFi too.

I used to use LuLu and Little Snitch but LuLu nondeterministically dropped packets and connections causing ssh to drop and navigation problems in the browser, so I had to remove LuLu.

unifer11y ago

Is this solved by the new set of dns encryption features?

SushiHippie1y ago

I wouldn't think so, as the issue mentioned doesn't have anything to do with dns.

hjuutilainen1y ago

Instant purchase. This is one of the first apps I install on a new machine.

cassianoleal1y ago

€39 to upgrade from 5.0.

From 3.0 to 4.0 and then to 5.0 were €25 each. This is a 56% uptick in price.

sashk1y ago

The price of the app at that time was $45, not $59, if my records are correct.

But price of upgrade went up higher comparing change to the app pricing.

WhatsName1y ago

No longer using MacOSX, but this was definitely one of most useful and usable security tools ever created. Especially in a time, where more than half of all the anti-virus or firewalls you would get were just snake-oil.

I even got a nice bug bounty, because I discovered that a popular program pulled it's updates via HTTP and executed the downloaded executable directly thereafter.

bunnyfoofoo1y ago

I love the inclusion of DNS here, as that was a major pain point on version 5. Currently on MacOS you can only use a single network filter, which Little Snitch is, so you couldn't use an encrypted DNS service easily in addition to Little Snitch. This made it an instant purchase for me (and it works).

hi-v-rocknroll1y ago

When on public networks, I use dnscrypt-proxy with a captive-portal compatible workaround.

When at home, I point the router to DoT non-logging servers and clients use the router for all domain resolution.

zvr1y ago

One of most useful utilities for the Mac.

Which begs the question: is there anything similar for a Windows machine? Or for a Linux-based one?

andresen1y ago

I seem to recall the past paid upgrades being timed to release with new macOS versions, but this one comes out ahead of WWDC in June, where presumably a new version will be unveiled. Is this related to the network filter extensions, so there's no longer the same risk of OS version incompatibilities?

An issue that's not unique to this developer, is that I'm having trouble determining what their update policy will be regarding the now previous version. Based on their past procedure, I'm not expecting it'll work with the next major macOS version, but it would be wonderful with clearer expectations on what types of bugs or security issues (if any) they commit themselves to fixing after the new version is out.

ilrwbwrkhv1y ago

Mac apps are just so beautiful when built by devs who build fully on the platform.

j / k navigate · click thread line to collapse

17 comments

frankjr1y ago

Beware that Little Snitch and other similar network filter extensions leak your IP address to the remote server even if there's an explicit block for that server.

https://lapcatsoftware.com/articles/2023/6/3.html

unifer11y ago

Perhaps just VPN + little snitch is your best bet if you're still worried

frankjr1y ago

* It's actually not clear whether this is a feature or a bug. Apple never responded to the bug report (FB12088655).

1 more reply

hi-v-rocknroll1y ago

I used to use LuLu and Little Snitch but LuLu nondeterministically dropped packets and connections causing ssh to drop and navigation problems in the browser, so I had to remove LuLu.

unifer11y ago

Is this solved by the new set of dns encryption features?

SushiHippie1y ago

I wouldn't think so, as the issue mentioned doesn't have anything to do with dns.

hjuutilainen1y ago

Instant purchase. This is one of the first apps I install on a new machine.

cassianoleal1y ago

€39 to upgrade from 5.0.

From 3.0 to 4.0 and then to 5.0 were €25 each. This is a 56% uptick in price.

sashk1y ago

The price of the app at that time was $45, not $59, if my records are correct.

But price of upgrade went up higher comparing change to the app pricing.

WhatsName1y ago

I even got a nice bug bounty, because I discovered that a popular program pulled it's updates via HTTP and executed the downloaded executable directly thereafter.

bunnyfoofoo1y ago

hi-v-rocknroll1y ago

When on public networks, I use dnscrypt-proxy with a captive-portal compatible workaround.

When at home, I point the router to DoT non-logging servers and clients use the router for all domain resolution.

zvr1y ago

One of most useful utilities for the Mac.

Which begs the question: is there anything similar for a Windows machine? Or for a Linux-based one?

andresen1y ago

ilrwbwrkhv1y ago

Mac apps are just so beautiful when built by devs who build fully on the platform.

j / k navigate · click thread line to collapse