We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Disk tools/Optimisation software Reviews
15,670 Reviews

Little Snitch review

Free to try; £18.73 to buy

Manufacturer: Objective Development

Our Rating: We rate this 4.5 out of 5

Little Snitch is a small piece of software for Macs that snitches on misbehaving apps. Read our Little Snitch review to find out more.

Our Macs can be chatty even when we wish they weren’t. Apps, and even the OS itself, regularly reach out to the rest of your local network and to the Internet to probe, query, and blab. Little Snitch 3 intercepts these requests and presents them to you for inspection and approval. The latest update to the software addsinbound-connection management, too. Little Snitch has graduated from being a sort of outbound-only firewall with notifications to being a full-fledged firewall product with a friendly interface that informs you about any network-related activities. See all Mac apps.

OS X’s built-in firewall, when enabled, functions based on services and applications, allowing only inbound connections aimed at particular pieces of software—for example, a connection to iPhoto’s shared-library service. But the OS X firewall can’t be configured to allow a connection from a particular Internet protocol (IP) address. Little Snitch offers this type of functionality, but it reveals this power in stages, allowing a simple approach for those who want security without fuss, while using configurable rules to provide levels of deeper and deeper access for those who want more-precise control. See also Things 2.0 review.

Little Snitch reviewAs in previous versions, Little Snitch’s most obvious use is in alerting you to the network activity of applications and low-level software. For instance, launch Google Chrome, and Little Snitch warns you that the browser is attempting to connect to www.google.com (to check for updates, ostensibly). Should Little Snitch let it proceed, and, if so, for how long and with what limits? The utility even differentiates between IP addresses and ports. (An IP address is a destination, like an apartment building; a port is like a specific apartment within the building.) Take a look at Desktop Tidy - Light Pillar.

Little Snitch comes configured to allow common activities—for example, Safari requesting data from port 80 (standard Web pages) and port 443 (https-secured pages)—to pass through without notice. Many OS X system daemons, autonomous bits of low-level software, also get preapproved. But even these passes are explicitly allowed via rules that you can view, with descriptions, in the Little Snitch Configuration app.

For previously unknown connections, Little Snitch presents a dialog box that shows you the requesting app’s icon, its name, and what it’s attempting to do. Using the previous example, you might see an alert that Google Chrome is trying to connect, using port 80, to www.google.com. Click Details to get even-more-detailed information. Clicking Allow or Deny adds a rule to Little Snitch’s configuration, bypassing this dialog in the future for varying degrees of specificity and periods of time.

For any particular connection, the program lets you choose how specific your Allow or Deny rule should be: Any Connection for all outbound traffic, a port number for all outbound traffic over that port, a domain name (or IP address) for any traffic to that domain, or, the most specific, a domain name (or IP address) paired with a port.

Little SnitchYou also control how long your rule remains in effect. Obviously, the Forever button makes it a permanent rule (which can be deleted or modified using the configuration program). But the duration pop-up menu to the right, which has expanded its range of choices since Little Snitch 2, lets you set the rule to expire after the affected program quits, after you log out, when the Mac is restarted, or for a specific length of time.

Assuming the affected app is one you use frequently and you want to allow to do its thing, you’ll likely choose Allow and Forever—most programs engage in benign activity to specific domains. But when you see an alert that doesn’t pass the smell test, that’s when you’ll want to limit the connection (for a period of time or Until Quit are usually good choices) or deny it altogether.

For example, some programs make it their business to send back information about your usage, and you just don’t want them to do so. Others sniff or broadcast over the local network to determine if multiple copies of an app are running or for more-nefarious information-gathering purposes. I say, “Deny!” In some environments—government, military, or legal, medical, or financial businesses—there may be other security concerns that dictate whether or not you should allow such connections.

As you approve and deny connections, thus creating the appropriate rules, you train the software over time, receiving warnings about communications you want to keep an eye on—or for software that has no business calling outbound. If you use many apps every day, the initial setup period can feel laborious as you teach Little Snitch how to handle each app. Things soon settle down.

For keeping track of what apps are currently being monitored by Little Snitch and what they’re doing, Little Snitch’s already useful Network Monitor window has become more sophisticated in version 3. The window shows every recently active program, a gauge of recent bandwidth consumption, and all the host/domain combinations to which each program has connected. Click any app to view a historical bandwidth-usage graph; you can adjust the time period shown. Right-click (or Control-click) an app’s main entry or any server, and you can create a new rule based on that selection. Double-click a graph, and Little Snitch offers exceedingly detailed connection information, including total traffic and the most-recent time data was sent.

Little Snitch for macPrevious releases of Little Snitch could block only outbound traffic, warning you only when programs and low-level software attempted to make a connection outside your computer. Little Snitch 3 allows control of incoming connections, too. Internet criminals and vandals are constantly probing for open connections to servers and individual computers, such as attempting to create a terminal session via SSH (Secure Shell) using common account names and passwords. Blocking access reduces your window of exposure, and offers more peace of mind, too.

(While it’s true that the focus of most security software has largely shifted to detecting malicious programs loaded onto Web pages, blocking inbound traffic remains a way to keep your computer protected from potential new threats before they’re known and patched. Most home users are behind routers that use Network Address Translation, which effectively blocks direct connections from the Internet. Businesses, and even coffeeshops, however, are more likely to have Internet-routable addresses, and the IPv6 network-addressing rollout finally underway can expose computers to new threats by making them directly reachable, too. Little Snitch helps in all these scenarios, as it doesn’t differentiate from where traffic is coming and going. It just identifies and alerts you to new connections—or lets those connections pass if they meet existing rules.)

Little Snitch Expert Verdict »
File size: 11.8MB
  • Overall: We give this item 9 of 10 overall

Little Snitch is the only security software that I recommend wholeheartedly to an entire range of users, from beginner to super sophisticated. It provides network—and privacy—protection while being easy to use and train, and it’s powerful enough for demanding users.

There are currently no price comparisons for this product.
  • Windows 7 Firewall Control Free review

    Windows 7 Firewall Control Free

    Want fine-grained control over the firewall built into Windows 7 and Windows Vista - especially the way it blocks outbound connections? Windows 7 Firewall Control Free solves the problem for you in both Windows Vista and Windows 7.

  • Draytek VigorPro 5500 network-security device

    Draytek VigorPro 5500 network-security device

    No longer is a firewall enough to keep the bad guys from your network; security devices such as the Draytek VigorPro 5500 now have to offer Unified Threat Management – a one-stop shop that provides firewall protection plus antispam, antivirus (AV), anti-intrusion, virtual private network (VPN) support and web-content filtering.

  • Windows Vista: Security Center

    Following years of criticism about Windows security, Microsoft had promised that Vista would be the most secure OS it had produced. This goal seems to have been met – at some cost to the user. The User Account Control has been lambasted as the most annoying feature ever to appear in Windows.

  • CustomMenu Mac app review

    CustomMenu Mac app

    CustomMenu provides quick access to your favorite apps, files, and folders. Read our CustomMenu Mac app review to find out more.

  • Windows Vista: bundled applications

    Simply opening and closing windows and tweaking your system gets dull after a while. Windows Vista includes far more built-in applications than Windows XP while stalwarts such as Notepad, WordPad and Paint are pretty much unchanged. The following are the high (and low) points of the most notable new apps.


IDG UK Sites

Where to buy iPhone 6 and iPhone 6 Plus in the UK: Launch day price, deals and contracts

IDG UK Sites

Is Apple losing confidence in itself?

IDG UK Sites

Professional photo and video techniques for perfect colours

IDG UK Sites

How (and where) to buy an iPhone 6 or iPhone 6 Plus in the UK. Plus: What to do if you pre-ordered...