Our Macs are relatively secure from outsiders breaking in. How about those “insiders” already on your Mac? You’d be surprised how many Mac applications “phone home” and send who knows what to outsiders.
What got this started was a simple glance at my Mac’s switch while running Synchonize Pro! Lights were blinking that shouldn’t be blinking. I wasn’t running email or a browser.
That got me to thinking—“is there an application on my Mac that’s trying to connect OUT?” So, I stopped Sync Pro! and started it again. More network activity.
A quick search of MacUpdate and I came up with Little Snitch. If you suspect there’s applications on your Mac that are connecting back to a remote location (probably) without your permission, then you’ll like Little Snitch.
You see, your Mac has a decent firewall built in, and Apple closes most of the communications ports (unlike Windows) by default. Your Mac is relatively secure from outside penetration.
However, the firewall doesn’t do anything to prevent an application that’s already on your Mac from “phoning home” or connecting to a remote location. In fact, it would be relatively easy for a developer to create an application that could send sensitive or important information from your Mac.
Little Snitch prevents that, or, at least lets you know something’s going on.
Does this kind of “phoning home” happen very often? Yep. Every day, for most of us. For example, you start up an application and a dialog box pops up to tell you there’s a newer version ready for download (even Apple’s software update does that).
How did the application know about that newer version? It “phoned home” and connected to the company server and exchanged data. You didn’t even know.
Little Snitch is a System Preference that prevents Mac applications from phoning home, protects you from select trojans, worms, and other network parasites.
Importantly, Little Snitch “snitches” on the misbehaving application and alerts you when an application is about to send information over the Internet.
Plus, if you’re paranoid about such things, you get an extra level of security that tracks activity “leaving” your Mac, rather than just incoming activity.
That’s pretty slick. Which applications are phoning home these days? I found over two dozen applications on my Mac that were either connecting to a remote server or scanning my network (possibly for duplicate copies of the same application using the same serial number).
Synchronize Pro!, Backup Simplicity, Software Update, BBEdit, Microsoft Office, Apple’s “Pro” applications (like Final Cut Pro), and many, many others.
Is Little Snitch worth $25? Yes. I was very disappointed at how many Mac applications residing on my hard drive would try to connect or scan my local network. All it takes is one application and whole files could be sent “out” and you’d never know it.
Now, Little Snitch “catches” the application in the act, lets me know with a pop up dialog box, and I have the choice to flag that application or allow it.
Mac users have it good. No viruses, no trojan horses, no worms—all things our Windows friends deal with every day. But security remains an issue, both from intruders and from applications sending information from your Mac.
I’m also taking a look at HenWen. It’s a network security package that sets up and runs SNORT (a free unix NIDS—Network Intrustion Detection System).
HenWen scans incoming network traffic for undesirable traffic that your firewall may not block. I’ll report on HenWen at a later date.
What’s your experience? Any network intrusion problems on your Mac (Mac OSX; OS 9.x was very secure)? How about those phoning home applications? Do you have some not on my list? Share yours and your experience with other Mac users and click the Comments link below.