Little Snitch

A newer version of Little Snitch is available.

Or, Learn More About Little Snitch
Average User Rating stars

out of 146 user reviews

Back to product review

Full user review

  • 5.0 stars

    "The Best 'Reverse Firewall' Available. Now 64-bit."

    September 25, 2012  |   By zunipus


    Little Snitch continues to be the best 'reverse firewall' available. This major upgrade also adds further refinement and control to all out-going Internet calls. It is well worth the $16.95 upgrade price.


    NOT for newbies.

    The complexity of understanding and controlling out-going Internet calls by browsers and apps these days has reached the point of being often incomprehensible. It requires research to know exactly what is going on. Power users may well find themselves devoting more time than they like keeping up with WHOIS-ing the obscure addresses and ports being called these days. This is no fault of Little Snitch.

    I wish Little Snitch had a quick and easy WHOIS service built into each message box. Little Snitch looks up the names of sites being called via reverse DNS. But that's no longer good enough when there is no name associated with an IP address. I want the details quickly at hand.


    Little Snitch is now 64-bit, like nearly all of OS X at this point. This version refines control of out-going calls over the Internet. The $16.95 upgrade price is nice. It is well worth buying for any geek level Mac user. I appreciate all the new details that have been added in this version. The developer has put a lot of time into pushing Little Snitch even further in functionality.

    The interface of Little Snitch Configuration has become much more complex. Getting used to it will take patience, but provides fairly swift comprehension if you're already used to Little Snitch. Newbies will be overwhelmed, not question about it. Dive in, learn one thing at a time, gradually get the hang of it. Do NOT give up and turn on automatic approval! Keep working on it as this is a valuable tool for many reasons.

    I want a full WHOIS service built into every Little Snitch popup box. The app will use reverse-DNS to look up the names of IP services, but frequently there is no server name available. So give me MORE information about the IP address! I want to know who owns the IP address. That can tell me all I need to know. If there really is no data on an IP address, I want to know that as well. I do NOT want to have to keep running a 3rd party WHOIS all the time on obscure IP addresses! It would be entirely easy to add a WHOIS button into the Little Snitch boxes that trigger the WHOIS service built into OS X already. If we've already got a highly complex reverse firewall, which we do in Little Snitch v3.0, then lets get the essential bells and whistles up front and available as well. It is entirely pointless trying to make Little Snitch into an easy basic user application. So let's geek it out to the max if the further details are critical. For me, WHOIS for obscure IP addresses is critical.

    One nice feature that appeared immediately when I first ran the upgrade was a notice about redundant settings. You get little Caution symbols listed for the stuff that can be potentially removed, and little diamond symbols for the more general rules that encompass the detailed redundant rules. I don't know where the redundancy came from, but expect it was due to Little Snitch itself adding the basic rules. That's fine. I went through the long list, made sure all the basic rules made sense of each app (which often requires looking up the service and understanding what it does) and tossed out all the redundant rules that were not needed. The result is a nice cleaning.

    The big whopping danger with all the complexity of controlling out-going calls is missing that one service you don't recognize, or may be using a copy-cat name, and approving it to call out. There is no doubt that we are going to be 'social engineered' at some point, after an infection has already occurred, to approve a bad service. Therefore, vigilance is required.

    This is the sort of stuff that goes right over Granny's head. She'll end up auto-approving everything just to shut up Little Snitch. Therefore, this is Geek software, and very nice Geek software. I suspect that with time and need there will be more easily accessible white and black lists on the net to assist reverse firewalls know what to do without consulting the user every little time. But until then, Little Snitch remains a confusing hassle to anyone who doesn't know what they're doing with it and who doesn't actually WANT its full functionality.

    I continue to enjoy having Little Snitch and appreciate the developer's work on it. I look forward to other people's reviews and insights.

    Reply to this review

    Was this review helpful? (4) (0)

1 reply to this review

  • Reply by MikeMuma on February 3, 2013

    Yes, this is a potential time sink or (fear generator) for non-Geeks. As someone half way between Granny and Geek -- and importantly with plenty else to do apart from chasing up probably low risk call out sites -- I'd like to see 2 or 3 profile options that I could pick from so that I can pick a reasonable balance between assurance and control. Perhaps something like the Do Not Track Me + profile.

    I'm not a good judge of which site safety rankings are reliable, but would happily take the LS developers word for it if they gave me the option of auto-approving sites ranked as safe by reliable ranking services. Similarly I can't judge if call outs appearing when I go to a new site are reasonable or not, but would take LS's word for it. For me it's risk management, not 100% security, and if LS provided a couple of risk management profiles I'd happily relax and get on with my life & work.

Submit your reply


The posting of advertisements, profanity, or personal attacks is prohibited.
Click here to review our site terms of use.


Add Your Review

Log in or create an account to post a review.
You are logged in as . Please submit your review for Little Snitch 3.0
Add Your Review

The posting of advertisements, profanity, or personal attacks is prohibited.
Click here to review our site terms of use.

E-mail this review

Submit cancel

Report offensive content

If you believe this comment is offensive or violates the CNET's Site Terms of Use, you can report it below (this will not automatically remove the comment). Once reported, our staff will be notified and the comment will be reviewed.

Select type of offense:

Offensive: Sexually explicit or offensive language
Spam: Advertisements or commercial links
Disruptive posting: Flaming or offending other users
Illegal activities: Promote cracked software, or other illegal content
Submit cancel




If you think this is an error, please contact CNET TechTracker Support for further assistance.


Running Request



Smart Install Software


CNET TechTracker will now automatically install software without requiring further action by you. (Note: This feature automatically accepts associated EULAs and third party applications on your behalf.)

You have selected the following software to Smart Install:

CNET TechTracker will attempt to install this software without interrupting you again. If an application requires manual installation, CNET TechTracker will download the installer and prompt you to take further action.

Proceed with Smart Install?

Confirm Standard Install Cancel