Little Snitch 4 – Makes the invisible visible

科技动态 2017-06-25

Completely redesigned Network Monitor

  • The new map view in Network Monitor shows realtime information about all current and past network connections and their geographic location. It provides powerful filtering and selection options helping to assess particular connections based on the server’s location.
  • It’s now also possible to create and change rules with a single click right from within the Network Monitor. This is especially useful in conjunction with the new Silent Mode. You may run Silent Mode for a while, then later create rules for connections that occurred during that time (those connections are displayed with a blue Allow/Deny button).
  • An application’s connections shown in the connection list are now displayed grouped by domain, making it easier to create rules that match an entire domain instead of just a single host. But it’s still possible to drill down to the host-level of each connection.
  • The connection information is persisted across restarts of the application (i.e. logout/login or restarting the computer).
  • While the Network Monitor window is open, the app has a Dock icon and it’s shown in the Command-Tab app switcher of macOS.
  • A new “Since Timestamp” filter allows to temporarily clear the connection list, and to show only connections that occurred after the filter was turned on. The filter can be activated by choosing “Since Timestamp” from the filter menu in the search field, or by pressing Command-K.
  • You can choose between a light and a dark appearance of the Network Monitor window. The desired appearance can be selected in the View > Appearance menu in the menu bar.

Extended Research Assistant

The Research Assistant is now also accessible from Network Monitor and from Little Snitch Configuration.

Third party developers can now bundle their apps with an Internet Access Policy
file containing descriptions of all network connections that are possibly triggered by their app. Little Snitch will then display that information to users, helping them in their decision how to handle a particular connection. A description of the policy file format will be provided soon.

Redesigned Silent Mode

The new Silent Mode is now tightly integrated with the Network Monitor. It can be used as an alternative to regular connection alerts, which some users may find too intrusive, especially after a fresh installation of Little Snitch with very few filter rules in place, causing connection alerts to appear quite often.

A recommended strategy for new users is to run Little Snitch in Silent Mode for a few days, allowing all connections (same as they did before, when Little Snitch wasn’t yet installed). After that time, all the connections that would have caused a connection alert are now listed in Network Monitor. They are marked with a blue Allow/Deny button. You can then quickly review all these connections, and create a set of rules that perfectly matches your needs based on the applications you use and the connections they make.

When Silent Mode is active, a user notification is shown when a connection got silently allowed or denied (only once per application). If you prefer completely silent operation, you can turn off these notifications in System Preferences > Notifications > Little Snitch Network Monitor.

Improved Connection Alert

  • In Little Snitch Preferences > Connection Alert you can now choose the options that shall be preselected when a new connection alert is shown.
  • It’s now possible to choose if the created rule shall be effective in the current profile or in all profiles.
  • The details sections now shows code signature information for the connecting process.
  • The Connection Alert now offers an “Only local network” option if a connection attempt was made to an address in the local network.

Minimizing the Connection Alert

Another way of dealing with unwanted interruptions caused by a connection alert is the new ability to minimize the alert window. Instead of confirming a connection alert immediately, you can minimize it into a small overlay window and postpone the decision whether to allow or deny the connection.

The context menu of a minimized connection alert offers a “Keep minimized” option. Subsequent connection attempts will then also be collected in the minimized overlay window. A counter shows the number of pending connection attempts.

Once you are in the mood for dealing with these requests you can click on the overlay to reopen the connection alert.

Alternatively you can right click the minimized connection alert to reopen the alert for a particular connection attempt (in case there’s more than one) or to open the Network Monitor for handling all pending connections there instead.

The Network Monitor shows such pending connections with yellow, pulsating Allow/Deny buttons, indicating that these connections are actually stalled, waiting for you to make a decision.

Improved DNS Name Based Traffic Filtering

The network filter now performs Deep Packet Inspection
instead of the previous IP address based filtering. This results in much more precise filter matching, especially in those cases where one and the same IP address is possibly associated with multiple hostnames (e.g. vs.

Code signature secured filter rules

The code signature of the connecting processes is now taken into account. If a rule was created for a process with a valid code signature, that rule will no longer match if the signature changes or becomes invalid. This prevents malicious software from hijacking existing rules.

Each rule now provides a “Requires valid code signature” option in the rule editor sheet in Little Snitch Configuration. This option is turned on by default.

When the code signature of a connecting process is invalid, the connection alert now offers additional options for dealing with this situation. In that case the automatic confirmation of the connection alert is suppressed. Here are a few examples of possible scenarios:

  • The connecting process does not have a code signature at all.
  • The connecting process has a code signature by its developer, but it was modified either on disk or in memory.
  • A process tries to establish a connection that’s covered by an existing rule, but the code signature of the running process does not match what the rule requires.

Depending on the severity of the issue, the connection alert only shows a warning but lets you create rules as usual, or it shows a detailed description of what is going on, explains what you can do about it and only lets you create a new rule – or modify existing rules, if appropriate – after an additional confirmation.

Creating and inspecting rules in Little Snitch Configuration is also improved in regard to code signature. The info sidebar shows whether a rule requires a valid code signature and a new suggestions filter lists all rules that could require a code signature from their processes but currently don’t.

Improved Working With Profiles

The connection alert now provides an option to specify whether a rule shall be created in the current profile or if it shall be effective in all profiles.

The new Automatic Silent Mode Switching
option (configurable in Little Snitch Configuration) now lets you associate a profile with a particular Silent Mode. Whenever the profile gets activated, the corresponding Silent Mode Switching
is performed.

For example, you might create a “Presentation” profile (for being used while making a Keynote presentation) that automatically turns on Silent Mode in order to prevent connection alerts from appearing during the presentation.

Improved UI for managing profiles in Little Snitch Configuration. Profiles are now created and edited in a modal editor sheet. In this sheet you can assign networks for Automatic Profile Switching
, configure Silent Mode Switching
, rename and activate the profile.

Priority Rules

In Little Snitch 3, the priority of a rule was implicitly raised when the rule was moved to a profile.

In Little Snitch 4 a rule’s priority can now be defined separately for each individual rule, independent from its profile.

The priority of a rule can be changed in Little Snitch Configuration by choosing Increase/Decrease Priority
from the rule’s contextual menu. Rules with increased priority are indicated with bold text.

As a general rule of thumb it’s recommended to use priority rules only sparingly, in those cases where it’s absolutely necessary in order to make a rule win against other competing rules.

In most cases, the automatic precedence ordering of rules (where more specific rules take precedence over more general ones) is sufficient for achieving the desired rule matching behavior — for example, if you have a more general rule that allows all connections to an entire domain, and another, more specific rule, that denies connections to a particular host within that domain.

An existing ruleset from Little Snitch 3 will be automatically converted. Rules that are associated with a profile (which had an implicitly raised priority before) will get the new high priority option set automatically, but only in those cases where that’s actually necessary.

  • Automatic ruleset analysis detects rules whose priority has been unnecessarily increased. This helps to figure out, if a rule’s priority has actually an effect on its overall precedence in relationship to other rules — in other words, if raising its priority is necessary at all.
  • Rules with an unnecessary priority are marked with a blue or gray exclamation mark triangle. The blue triangle indicates that the priority is completely unnecessary and can be removed. The gray triangle indicates that the priority will become unnecessary as soon as the unnecessary priority of other rules got removed.
  • When a priority rule is selected, rules that are affected by the priority of this rule are marked with a light blue background color. If no such affected rule exists, the priority of this rule is unnecessary and the rule marked with a blue triangle.

Managed Rules

To avoid a vast numbers of connection alerts from appearing when using common macOS and iCloud services, Little Snitch now provides preconfigured rulesets for these usage areas. They can be turned on in Little Snitch Configuration > General. These rules will we be kept up to date with future updates of Little Snitch.


How To Type Indian Rupee Sign (₹) In Linux The other day, I needed to type “Indian Rupee Sign (₹)” while I was quoting about Indian economy in a comment. My keyboard has rupee symbol on it, bu...
User space 与 Kernel space 学习 Linux 时,经常可以看到两个词:User space(用户空间)和 Kernel space(内核空间)。 简单说,Kernel space 是 Linux 内核的运行空间,User space 是用户程序的运行空间。为了安全,它们是隔离的,即使用户的程序崩溃了,内核也不受影响。 ...
What You Missed at the Diversity Empowerment Summi... "If you're not being actively inclusive then you're being exclusive," said Swarna Podila at the Diversity Empowerment Summit , a day of talks on i...
Linux设备模型(1)_基本概念 1. 前言 在“Linux内核的整体架构”中,蜗蜗有提到,由于Linux支持世界上几乎所有的、不同功能的硬件设备(这是Linux的优点),导致Linux内核中有一半的代码是设备驱动,而且随着硬件的快速升级换代,设备驱动的代码量也在快速增长。个人意见,这种现象打破了“简洁就是美”的理念,是丑陋的。...
Windows for Linux Nerds Saturday, September 9, 2017 I recently started a job at Microsoft. In my first week I have already learned so much about Windows, I figured I would ...
Hacker News

责编内容来自:Hacker News (本文源链)
本站遵循[CC BY-NC-SA 4.0]。如您有版权、意见投诉等问题,请通过eMail联系我们处理。