As with Tiger (Mac OS X 10.4), the firewall software Apple provides with Leopard (Mac OS X 10.5) is designed to screen incoming network traffic—attempts to access your computer over its network ports. Such incoming traffic can be “safe”; for example, instant messages from a friend, visits to Web pages you’ve published using Web Sharing, or your own file-sharing connections when you’re away from your desk. But other incoming connection attempts may be unwanted, and that’s what a firewall is designed to protect against.
By contrast, most outbound network connections originate with software running on your computer, such as when you send e-mail or an instant message, when you visit a Web site, or when you print a document to a shared printer.
If all outbound connections were so obvious, there’d be no cause for concern, but more and more software is designed to quietly make outgoing connections without our knowledge. In a world with more and more concerns about privacy, not to mention worries about malware and viruses, many of us prefer to make our own decisions about what outgoing connections are OK, rather than have them made for us.
Enter Little Snitch, which watches for outgoing network connections and clears them with the user before allowing them to proceed. The developers have pre-configured Little Snitch to recognize and allow several sorts of connections that assumed to be safe, such as Safari attempting to connect to any remote server on port 80 (the TCP/IP port commonly used for Web connections) and Mail attempting to send and receive email. But new, unrecognized types of connections will generate an onscreen warning and—just as important—a request for the user’s intervention.
When a questionable outgoing connection is detected, Little Snitch presents you with a dialog asking you whether or not you want to allow that connection. You can allow or deny the connection just this one time, until the program quits, or forever; and you can specify whether the program should be allowed to make any connection, any connections on this particular port, any connections to this IP address or domain name, or just this specific connection—on this port to this address. Little Snitch’s 2’s warning dialog, which displays a large icon of the program trying to make a connection, as well as larger type, is an improvement over the previous version’s and makes it especially easy to tell what you’re approving (or disallowing).