Q&A: Little Snitch v malware

Q I have been recommended to use Little Snitch to protect against malware. Is that a good move?

A Little Snitch is a wonderful product that does one important thing: it sits in wait for any software that tries to send packets out to your network, hence the Internet, blocking and reporting them as you wish. Rather than being direct protection against any type of malware, it should be considered more as an app-specific firewall.

Its developers consider its primary purpose is to protect your privacy, by preventing the leaking of personal data back to other software vendors. However, it is considerably more versatile, and does have value in ensuring the security of your Mac, as was demonstrated a few years ago when Flashback malware started exploiting Java vulnerabilities.

Flashback was unusual in that during its installation process, it looked for any of a wide range of security products, even the freeware ClamXav, and Apple’s Xcode SDK (although only if you had it installed in its traditional location, not the revised path). If it found any of those, it deleted itself. Normally malware will try to circumvent any protection instead of chickening out.

Indeed to protect against Flashback all you had to do was place an AppleScript application named ‘ClamXav.app’ in your Applications folder. That is no form of protection from downloading and installing malware, just a stroke of luck. Other malware is not be as magnanimous.

So if you want to install and use it for its privacy and related benefits, then you should do so. If you are looking for effective protection from modern malware, visit Objective-See in the first instance.

Updated from the original, which was first published in MacUser volume 28 issue 17, 2012.