One Mac app I’ve heard about for years but never used is Little Snitch ($45) from Objective Development, designed to keep an eye on network connections to and from your computer. That’s a big task; your Mac is constantly sending and receiving information over the internet, and most of the connections that are made are benign. Occasionally your Mac might pick up something you wouldn’t ordinarily know about — malware, perhaps a keyboard sniffer, maybe a trojan of some sort. Little Snitch 4 is designed as a fast and reliable gatekeeper to help you protect your Mac from unexpected and undesirable network traffic.
The app provides a free trial so you can decide whether it’s right for you or not. Once installed, the user makes a choice on whether to run the app in Alert Mode or Silent Mode. In Alert Mode, Little Snitch displays a connection alert whenever an incoming or outgoing connection is made and asks you to allow or deny the connection. In Silent Mode, you can silence all notifications for a while and then make the decision at a later point on which connections to allow or deny. If you’re unsure of which mode to use, the developers suggest Silent Mode, as the constant alerts can befuddle a new user.
Most of the time, you’ll see Little Snitch working behind the scenes as a Menu Bar item, showing incoming and outgoing traffic and displaying a small color dot that shows which mode the app is currently in. When you want more detail, get a notification about a new connection, or otherwise want to keep an eye on what’s happening, you can open up the Network Monitor.
This window displays a constantly updating monitor of the connections your Mac is making. On the left side, a pane shows a list of apps and processes that are sending and receiving data. For any one of those connections, a click on the disclosure triangle shows which servers are communicating with your Mac. For example, I noticed that there was a lot of traffic with a process called bztransmit — a quick look shows that it is talking to the backblaze.com domain, and sure enough that process is backing up my Mac to the Backblaze online backup service.
In Silent Mode, Little Snitch will “approve” connections to servers that it knows are safe. A good example are things like Backblaze, Dropbox, and the many services that work with Apple.
Want to know more about a connection? Just click on the server or domain name and the pane on the right side of the window displays the “Research Assistant”. Click “Enable” and you’re provided with information from an online database showing exactly what that connection provides. You can also see things like exactly what storage pod you’re talking to at Backblaze, the IP addresses you’re communicating with, and geographic information — where the server is located.
That last bit of info can be displayed on a map that constantly shows connections —green for incoming and red for outgoing — to different parts of the world. I became a little concerned when I saw a connection to Russia over Safari, as the country is notorious for hosting malicious hackers. With a click I found out that Safari was connecting to Yandex.com, which is essentially “Russia’s Google”.
This is most likely a benign connection, but if I wanted to, I could block all outgoing and incoming network activity to and from Yandex. That’s the power of Little Snitch in action. Most of the time it’s working quietly in the background letting you know what’s going on, but when you really want to see what’s happening with any connection, you can drill into the data as deep as you want.
I’ve only had Little Snitch in operation on my Mac for a few days now, but as far as I’m concerned, it’s a keeper. Knowing what connections are made by my Mac as it is toiling away is a great addition to my peace of mind.