May 08, 2008 Even more critical, Little Snitch has the capability to warn you if an uninvited program, such as a virus or Trojan horse, tries to make network-related mischief. Default Action — When you join a network not yet known to Little Snitch, it shows a New Network Alert. This may be annoying if you are traveling a lot, connecting to new networks often. With this option, you can set a default action which is performed instead of showing an alert.
| Ⅰ | This article along with all titles and tags are the original content of AppNee. All rights reserved. To repost or reproduce, you must add an explicit footnote along with the URL to this article! |
| Ⅱ | Any manual or automated whole-website collecting/crawling behaviors are strictly prohibited. |
| Ⅲ | Any resources shared on AppNee are limited to personal study and research only, any form of commercial behaviors are strictly prohibited. Otherwise, you may receive a variety of copyright complaints and have to deal with them by yourself. |
| Ⅳ | Before using (especially downloading) any resources shared by AppNee, please first go to read our F.A.Q. page more or less. Otherwise, please bear all the consequences by yourself. |
| This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. |
When your Mac computer is connected to the Internet, countless connections will be quietly built in the background. Once some application connects to the Internet, it can send any information that it wants to send to any place in the world. In order to monitor these connections, better maintain our privacy security, and especially withstand the tracking software, Trojans, or other types of malware, we usually have to use the boring and difficult to use firewall software. Even worse, the inbuilt firewall program of Mac OS is only able to control incoming connections, has no monitoring and controlling capabilities for outgoing connections.
Little Snitch is an excellent, easy-to-use and trustworthy personal firewall software for Mac, developed by Objective Development Software from Austria, written in Objective-C. It can be used to monitor and prevent any network connection (both inbound and outbound) generated by the specified software. For example, when you launch some software, Little Snitch will remind users to allow it to connect to Internet or not. If you have a lot of confidential data stored on your Mac, it’s very necessary to install a user friendly firewall like Little Snitch. It reminds you of all inbound/outbound network connection requests in real time, so as to protect the safety of user’s computer effectively, and prevent applications from secretly accessing the network and sending data to the outside.
Once you connect to the Internet, the application may optionally send any thing they want. In most cases, they will bring you a lot of benefits. But for some software, what they do to us is opposite, such like tracking software, Trojan, or other malicious software. The trouble is that you didn’t notice anything about what and how they are doing, because all of this is conducted secretly. This case, Little Snitch can make any network/Internet connections sleep with the lights on (from invisible to visually visible), and enables you to control everything!
// Key Features //
| Feature | Description |
| Real-time Traffic Diagram | A detailed traffic history of the last hour provides a powerful tool for analyzing individual data connections. |
| Corresponding rule | Figure out quickly why a particular connection was allowed or denied. |
| Snapshots | Save a snapshot of the current status of all connections for later analysis. |
| Simplified connection list | Connections are grouped by domain (e.g. apple.com or google.com) for easy navigation. |
| Dark or light appearance | Choose the appearance that best matches your personal taste. |
| Statistics | Discover processes and servers creating the highest data volume and much more. |
| Improved inspector | Now with integrated Research Assistant, code signature check and geographic information. |
| Quick filters and location search | Search for specific locations, or focus on all denied connections using the filters menu. |
| Data volumes and bandwidth | Observe the data volume and bandwidth per process, domain or server. |
// System Requirements //
- macOS 10.11+
// Universal Serial Number //
| Serial Number (not verified) |
| 32R37B1240-722M9-JZ39DNXFAM |
// Edition Statement //
AppNee provides the Little Snitch multilingual Pre-Activated versions for Mac.
// Tips //
- You can selectively let familiar software free access the Internet, and limit the activities of applications that don’t need Internet connection or you don’t know what they are and where they are from to local (i.e.: offline use). Thus, you will be able to turn passive defense into active defense even in the face of all sorts of known or unknown Trojans or viruses.
- Look at it another way, you can also use a firewall program to organize and control the license network verification mechanism of many software, in order to assist the software cracking process.
// Download URLs //
| License | Version | Download | Size |
| Pre-Activated | v3.7.2 | reserved | n/a |
| v4.0.3 | 45.1 MB |
(Homepage)
| If some download link is missing, and you do need it, just please send an email (along with post link and missing link) to remind us to reupload the missing file for you. And, give us some time to respond. |
| If there is a password for an archive, it should be 'appnee.com'. |
| Most of the reserved downloads (including the 32-bit version) can be requested to reupload via email. |
This release contains changes in the following areas:
Little Snitch Mac
Improved detection of program modification
Little Snitch has a security mechanism that ensures rules are only applied to programs for which they were originally created. This is to prevent malware from hijacking existing rules for legitimate programs. To do that, Little Snitch must be able to detect whether a program was modified. How Little Snitch does that changes with this version.
Previous versions required a program to have a valid code signature in order to be able to detect illegitimate modifications later on. Programs without a code signature could not be validated and Little Snitch warned accordingly. The focus was therefore on a program’s code signature.
Beginning with version 4.3, Little Snitch can always check whether a program has been tampered with, even if it’s not code signed at all. The focus is now on checking for modifications with the best means available. That is usually still the code signature but for programs that are not code signed, Little Snitch now computes a secure hash over the program’s executable. (There’s still a warning if a process is not signed, but only to inform you about a possible anomaly.)
This change leads to a different terminology. When editing a rule, Little Snitch Configuration no longer shows a checkbox titled “requires valid code signature” but instead one that is titled “check process identity” (or if the rule is for any process: “apply to trusted processes only”).
Instead of a “code signature mismatch”, Little Snitch’s connection alert now informs that “the program has been modified”.
In cases where Little Snitch detects such a modification, it now also better explains the possible underlying cause and the potential consequences.
For more information see the chapter Code identity checks in the online help.
Configuration File Compatibility
This version uses a new format with speed and size improvements for the configuration file in which the current rule set and the preferences are stored. This new file format is not compatible with older versions of Little Snitch, though.When updating to Little Snitch 4.3, the old configuration file is left untouched in case you want to downgrade to a previous version of Little Snitch. All changes made in Little Snitch 4.3 or later are not included in the old file, of course.Note that backup files created using File > Create Backup… in Little Snitch Configuration use the old file format and are therefore backward-compatible with previous versions of Little Snitch.
Improved Support for macOS Mojave
- Improved appearance in Dark Mode.
- Fixed backup restore from Time Machine not working in Little Snitch Configuration due to the new “Full Disk Access” security mechanism.
- Fixed creating Diagnostics Reports for non-admin users (on macOS High Sierra and later). When you contact our tech support, we sometimes ask you to create these reports.
Performance Improvements
- Improved overall performance for large rule sets.
- Reduced CPU load of Little Snitch Daemon during DNS lookups.
- Reduced CPU load of Network Monitor while inactive.
- Improved performance of rule sorting in Little Snitch Configuration, which leads to better overall performance.
- Fixed Little Snitch Daemon hanging while updating a rule group subscription that contains many rules.
- Fixed a memory leak that occurred when closing a snapshot window in Network Monitor.
Internet Access Policy
- Fixed an issue causing an app’s Internet Access Policy not being shown if that app was running in App Translocation.
- Fixed clickable links not working in the “Deny Consequences” popover when creating rules in connection alert or Network Monitor.
- Internet Access Policy file: Fixed large values for a connection’s “Port” being rejected.
Process Identity and Code Signature Check Improvements
- Added support for detecting revoked code signing certificates when checking a process’ code signature. The connection alert and Network Monitor now treat such processes like processes without a valid code signature and show relevant information. Also, rules created will use an appropriate identity check (based on the executable’s checksum, not based on the code signature).
- When showing a connection alert for a process that has no valid code signature, Little Snitch now tries to find out if loading a shared library may have caused the issue with the code signature. If so, this is pointed out in the connection alert.
- Fixed handling of app updates while the app is still running: Previous versions of Little Snitch would complain that the code signature could not be checked if the running app was replaced on disk, e.g. during an update.
- Fixed an issue where connection alerts would erroneously contain a warning that an application’s code signing certificate was unacceptable. This mainly happened when a process’ first connection was an incoming connection.
Improved Handling of Connection Denials and Override Rules
- Improved handling of override deny-rules that were created as a consequence of a suspicious program modification (“Connection Denials”). In Network Monitor, these rules are now marked with a dedicated symbol. Clicking that symbol allows to remove that override rule, if the modification is confirmed to be legitimate.
- Changed override deny-rules created for failed code identity checks to not be editable or deletable. Instead, double-clicking such a rule allows you to fix the underlying issue, which then automatically deletes the override rule.
Little Snitch Warning Signs
UI and UX Improvements
Little Snitch Warnings
- Automatically combine rules: For improved handling of large rule sets with many similar rules that only differ in host or domain names. This is common when subscribing to blocklists, which may contain thousands of similar, individual rules denying connections to various servers. The new “Automatically combine rules” option in Little Snitch Configuration (on by default) now combines such similar rules into a single row, making it much easier to keep track of large lists of rules.
- Improved appearance when Accessibility option 'Increase contrast' is active.
- Improved floating window mode in Network Monitor.
- When choosing File > Restore from Backup in Little Snitch Configuration, the list showing possible backup files now includes backups that Little Snitch created automatically.
- Improved the map shown in the “Known Networks” window in Little Snitch Configuration.
- Improved the legibility of traffic rates in the status menu on Retina displays.
- Fixed data rates shown in Network Monitor to match the values shown in the status menu.
- Fixed the “Duration” setting in Preferences > Alert > Preselected Options not being respected.
- Fixed an issue with “undo” when unsubscribing from a rule group or when deleting a profile.
- Fixed an issue in Little Snitch Configuration where the “Turn into global rule” action did not work.
- Fixed an issue where an error that occurred in the course of a previous rule group subscription update was still displayed, even though the problem no longer existed.
Other Improvements and Bug Fixes
- Increased the maximum number of host names allowed in a rule group subscription to 200.000.
- Fixed an issue causing XPC services inside bundled frameworks to not be recognized as XPC. This resulted in connection alerts to be shown for the XPC services themselves instead of for the app the service belongs to.
- Fixed an issue causing Time Machine backups to Samba servers to stop working under some circumstances.
- Fixed an issue related to VPN connections with Split DNS configuration that caused only the server’s IP address to be displayed instead of its hostname.
- Reduced the snap length in PCAP files, allowing them to be analyzed not only with Wireshark but also with “tcpdump”.