I have been thinking about adding Little Snitch to my extensions. When reading the reviews, it is referred to as a firewall. I don't know if Adware or any other ad- stopping extension is considered a firewall but.......way back my ISP guy (small company) said that my modem or was it my router - had a firewall built in and if I put up the firewall in my Mac they could conflict. So, I never did that.

I am wondering if Little Snitch (if it is a firewall)I would conflict with the firewall in my modem more router? He also calls the modem a radio.

Little Snitch is neither an extension nor a firewall; it's an app that prevents other apps and processes from calling OUT of your MBP, as opposed to a firewall which prevents outsiders from gaining access to it.

I know virtually nothing about modems/routers with built-in firewall software, but I'd be skeptical about trusting my security to one rather than the firewall built into macOS.

Edit: I advise your NOT buying LS until you've used it in trial mode for a while to see if you like it; it's kinda wearing.

If I remember correctly, I did have the Mac firewall up and there was a problem and my ISP guy told me there could be a conflict. It's been so long ago I can't remember now. But, I'm not Leary of him at all having dealt with him several times and lots of times in person where he makes free house calls!

From what I can see, LS is free. Would you explain what you mean be "wearing?"

I'd like to hear what others have to say about your firewall conflict.

LS costs $35, but it's got a "free" mode in which you've got to restart it every three hours.


LS inundates you with connection requests, the specifics of most of which you've got no idea about, and deciding which ones to allow or disallow for now or forever will wear you down.

Yeah, I'd like to hear about the firewall issue, too. I never read anything about all the requests in LS in the reviews. They were mostly positive. Thanks for the heads up.

I'm happy with Little Snitch...glad that I bought it, but I've now got 229 allow/don't allow rules, and I still get countless requests that I allow/don't allow on a one-time basis; there may be an easier way to run it, but someone will have to point me to it.

More: LS has a "Silent" mode in which ALL connections are automatically allowed, but while it makes your life considerably easier it's purpose defeating.

Sounds to me as if your guy was fishing for an answer to a problem he did not fully understand. It is possible the one firewall might block a port the other has open, but that is not a conflict per. se. According to this Webopedia article and common wisdom(?) pairing the software firewall in your computer with the hardware firewall in your router is the ideal situation.

FWIW, I have run with the firewall on my Mac turned on and the firewall in my router turned on for a decade or more with no problems.

As to Lil Snitch, I second Artie's recommendation to try it before you buy it. Because he and others have rhapsodized about how wonderful it is so often and so long, I decided to try it. My conclusion is that it does what it works well, does what it purports to do, and could be useful; but personaly I found it intolerably annoying and deleted it.

If I am feeling extra cautious about security I will turn on VPN Unlimited and when feeling downright paranoid I switch to the TOR browser and onion routing with full hiding enabled. There are a lot of places I can't go and things I can't do in that mode, but I do feel more secure.

I think I will pass since it's so annoying. I used an anti-virus for the Mac years ago, and it was constantly saying I had a lot of viruses. I chose to put my head in the sand and got rid of it rather than worry and feel paranoid about it constantly.

OK, I will turn on my firewall. If I get a few weird problems I will turn it off and see if it makes a difference.

As I told Artie, I will probably not use LS since I don't need anymore annoyances in my life.

Regarding Tor, I use it at times. I see that they use DuckDuckGo. Is using Tor a double protection or why not just use DuckDuckGo by itself? And what is onion routing? Something like a VPN?

There should be an option in the popup to allow and remember or deny and remember, in which case it won't ask you again. It adds a rule (which you can later edit)

In reverse order:

• This Wikipedia article describes the details of Onion Routing: but in practice it is a technique of sending every communication through at least three remote servers located in countries other than the contry of origin with point to point encryption between each server as well as end to end encryption. Think of Onion Routing as a VPN on steroids to the point it is used by the NSA, USAF, USN, State Department, FBI, and a host of other super secure government agencies.
• This Wikipedia article does a good job of explaining DuckDuckGo and how it differs from Google et. al. I have changed the setting in all my browsers to make DuckDuckGo the default search engine. I have come to prefer DuckDuckGo's search results to Google often listing excellent resources on the first search page that would be so deeply buried in a Google query I would be very unlikely to ever see.

If you will pardon a homely analogy, the TOR router, Onion Routing, and DuckDuckGo are like a three legged milking stool. Each supports your privacy in a different direction and if you take any one away the stool is almost impossible to keep fully upright.

So it adds a rule to keep others out or what? If it does the job without me doing anything that's great. Otherwise what's the point?

Your analogy made it clear! Thank you.

There's a "Forever" option in the pop-up; I use it with extreme frequency.

It's the volume of pop-ups, "Forever" notwithstanding, that's the problem.

Keeping others out is a firewall's job; Little Snitch is, so to speak, a reverse firewall that keeps others IN by not allowing them to call out...if you so choose.

It can't do its job without you doing anything, because it doesn't know which outgoing calls are acceptable to you and which aren't; you've got to make the determination on an instance by instance basis.

Although many of us have endorsed Little Snitch, I don't recall anybody ever having professed feelings about it that even approached rhapsodizing.

I wonder if you installed version 2 or 3, the latter being considerably more annoying than the former was.

My biggest problem with v 3 (I posted about it a while back.) was that it presented me with an absurd number of connection requests from every website I visited, which I ultimately realized resulted from the devs having dropped the v 2 default rules that allowed all connection requests from WebKit to either port 80 (http) or port 443 (https); restoring those rules made my life considerably easier.

My remaining big problem with v 3 is that it pops-up an awful lot of requests from system processes, which I suspect is because of the devs having dropped additional v 2 default rules.

From where I stand, there's no purpose to the volume of connection requests that LS makes me deal with, particularly because the dev's database has got mostly non-specific, generic reasons for them...when it's got any reasons at all, and, accordingly, I've got no way to evaluate the requests on which I'm being asked to pass judgement.

Perhaps the devs would consider this "dummy mode", but I'd be an awful lot happier with LS if it offered a pref to allow, forever, all call-out requests from system processes, except those related to location services, and all requests from Apple installed apps with the exception of Mail and Safari.

And by bizarre coincidence, LS's dev team just this second responded to my feature request for "an option in Little Snitch to allow, by default, any request to call out by OS X/macOS system functions and Apple apps other than Safari and Mail" with "We will provide such managed rules with the forthcoming major release Little Snitch version 4." (There's a public beta of v 4 which I may try.)

By the way, I fully understand your having deleted LS, particularly if it was v 3 which requires an awful lot of user interaction to defend against an almost non-existent threat. Had I know in advance what its installation was going to entail I probably wouldn't have paid for the upgrade, and I just might ditch it altogether rather than pay for v 4.

Paranoia is a phenomenal sales tool!

Oh it's so much more than that, it's a wonderful tool for manipulating people in general !

("Think of the Children" probably wins the lifetime achievement award)

OK. My mail is definitely acting wonky. All of a sudden I had something in my trash which I never put there. I knew b/c I had a number above my mail icon. I checked and it was definitely trash. I emptied it and it also emptied my inbox which had all my fine tuned Mac stuff which I hadn't responded to yet! Damn it! AppleCare will be getting a call soon but sometimes they just don't know what to do.

I don't know what you mean by keeping them in and not calling out. I thought it was a utility letting you know who was trying to get in and giving me the choice to say "no"! I use ghostery which, I believe, keeps all of the ones they catch out. It lists all the sites that are trying to see what I am doing on a popup window.

Lil Snitch does not stop anything from being installed or appearing on your browser. For the internet to work and especially for eCommerce it is essential that your browser send a LOT of data to various web sites. Marketers (and others) take advantage of that to install cookies and code in web sites that “phone home” and report all of your internet activity even when you are not logged onto the originating web site. Lil Snitch monitors and filters that outgoing traffic. Ghostery purports to do much the same job, but is not as thorough and lacks the pinpoint discrimination provided by Lil Snitch. Although there is some duplication of effort Ghostery and similar apps strike me as a scattershot approach compared to Lil Snitch’s as a precision sniper approach. Of course the sniper approach requires the user to do a lot of target selection – a huge lot of target selection, and it never seems to quit needing further refinement. That’s what drove me crazy and eventually brought me to the conclusion it wasn’t worth the effort I was having to put into it.

Requiring target selection may be refined if they actually take Artie's advice for the next version like they said they would. I would like to know when that happens and then maybe download it.

"Manipulating" and "selling" are almost synonymous.

Uhhh... Like WOW!

That makes absolutely no sense to me. Are you running any Mail plugins or anything else that affects Mail's behavior?

You're going to have an awful hard time explaining your problems to AppleCare without showing them hard evidence, so if the same thing happens again, call before you do anything else.

Great post, thanks, but you didn't mention that Little Snitch also monitors calls out by Apple and 3rd party apps and system processes, not to mention the nasty stuff that inspired both it and SIP.

Thinking about it, does SIP negate the necessity for LS and the other "paranoiaware" out there, or are there still unprotected areas of vulnerability?

My Mail.app seems to have become unreliable also. Just last night I moved a message from my inbox to a folder. It did not appear in the folder, and most definitely left the inbox. Search could no longer find it. Fortunately it was easily resent. Never did find the original. I've experienced other weirdness also, I was trying to move an item and the highlight on the folder was not appearing. Relaunch of Mail seems to restore normal behavior. I relaunch mail a lot lately it seems...

You're right I probably should have mentioned that Lil Snitch monitors all outgoing traffic. I focused on cookies et al. as the traffic users are most likely to block. SIP prevents external products from modifying system files. In fact if one is changed or deleted, SIP replaces the changed or deleted file with an image of the original file. I am unclear on how that would relate to what Lil Snitch does

1. Security is multi-faceted and there is no single solution that covers them all.
   1. SIP protects system files from modification by malware (and as an added bonus from ill-advised user actions)
   2. Lil Snitch monitors and can prevent applications, cookies, and (lest we forget) even system files from "phoning home" with information about the user and her/his identity and/or browsing habits.
2. Unquestionably there are still vulnerabilities that can be exploited. Any protection created by the human mind can be defeated by the human mind.
3. Security is not a war that can ultimately be won. As with all crime it is a running battle with constantly evolving tools and tactics on both sides.
4. Absolute security is a myth
5. Security demands…
   1. Constant vigilance
   2. Keeping systems and software scrupulously up to date
   3. Constant vigilance
   4. Continual re-evaluation of your protections and what is or is not working
   5. Constant vigilance
   6. Strking a balance between security and usability
   7. Constant vigilance

Do you detect a pattern?

I plan on calling AppleCare after I get my wireless headset so I can be hand free when I talk to them. I can show them some stuff in my mail that doesn't look right anyway. It's great that they can share the screen. It saves a lot of explanation and misunderstandings.

Luckily, the inbox messages that disappeared when I deleted that one message in the trash folder were still on the Yahoo server and I retrieved them and put them in a different folder.

I will be able to show them in real time how I trash an item and it never ends up in the trash. I know they will want to see my prefs, but they will that I have it set up correctly unless there is s something I am just to seeing. Time will tell.

I'm sorry you are having that problem, but then again, I know now that it's not just me. I've been looking for an alternative mail program without much luck. I want it to be free and very easy to use.

I tried Thunderbird and didn't care for it. I tried Opera yesterday and things weren't working there either.

Okay, from the top:

A firewall is a program or a piece of hardware that stops programs or computers on the Internet from connecting to your computer.

Your ISP guy is correct. Every modern router and cable modem/router combo has a built-in firewall, called a "NAT firewall." This is an extremely robust firewall that, for the most part, makes software firewalls like the one built into macOS redundant. And indeed, multiple firewalls can conflict, if you want another computer to connect to you. You must configure both firewalls to permit this.

When do you want another computer to connect to you? Any time you want someone to be able to reach you over the Internet. Why might you want that? Because you're hosting a game, because you're running a file server so that you can access your files at home when you are on the road, because you want to be able to use Find My Mac or Back To My Mac, because you want to be able to control your computer when you're on the road, and so on.

Little Snitch is not a firewall. Little Snitch stops programs on your computer from talking to the Internet.

Examples of programs on your computer that talk to the Internet include:

Your email program.
Your Web browser.
Apple Software Update.
Video games.
FTP programs.
Skype.
Messenger.
Chat software.
Any program that uses an automatic updater.
Adobe software (Photoshop, Lightroom, Indesign, and so on).

Basically, most modern programs talk to the Internet. Little Snitch blocks them unless you allow then to connect.

Little Snitch won't conflict with firewalls, because they do different things.

Also, your router is indeed a radio. When you connect by WiFi, your computer is talking to your router with radio waves.

Great explanation, tacit!

But, like joemike, you didn't mention the myriad OS X/macOS processes that - literally - inundate you with Little Snitch pop-ups. I invariably allow them forever with the exception of anything that sounds like it deals with location, which I invariably deny forever (even with Location Services turned off). (As per LS's devs, v 4 will have an option to allow system calls by default.)

The only calls out that concern me are those from

• Safari
• Mail, and
• malware,

the latter having been my impetus to install LS in the first place, but hasn't the risk of malware declined significantly, if it hasn't disappeared altogether, since the advent of SIP?

And as for Safari, I haven't seen many LS pop-ups at all since I established blanket "allow" rules for ports 80 and 443.

Which leaves Mail, which has never been a malware conduit on the Mac platform, but which pops up endless requests to connect to images.

Bottom line is that unless there are avenues that malware can exploit in the presence of SIP, it seems to me like Little Snitch has had its day...that it lives on only because of paranoia.

It may include functionality that's useful, if not necessary, on the enterprise level, but for those of us here...it looks dead to me.

(OK, yes, there are people who d/l stuff from spurious sources who should run LS, but that's not paranoia, it's reality.)

And YES! I just turned LS off; it'll be nice to work without having to deal with endless "boy who cried wolf" pop-ups.

Thank you. You're a good teacher.

Little Snitch's most important function, to my mind, at least, was alerting users to outgoing calls from malware placed by bad guys in areas that can no longer be accessed because of SIP.


Of course, but I was really asking whether, SIP notwithstanding, there are still areas of OS X/macOS in which bad guys can place the sort of malware we've seen over the years...the sort of malware that LS can intercede against?

I don't recall a single such threat having arisen since SIP was instituted.

When was SIP instituted? Because a couple of years ago on my mid-1012 MBP I downloaded an open source office suite. I can't remember now whose it was. After that my Mac went to a slow crawl. I still had AppleCare at the time and was told to download Malwarebytes. It found it immediately and tossed it. Whew! Everything sped up. It hasn't found anything since then, though. They supposedly keep it updated, but I am sure they don't have all the malware in their bag of tricks.


Of course, but I was really asking whether, SIP notwithstanding, there are still areas of OS X/macOS in which bad guys can place the sort of malware we've seen over the years...the sort of malware that LS can intercede against?

I don't recall a single such threat having arisen since SIP was instituted. [/quote]

I reiterate: Anything the human mind can create the human mind can defeat — eventually. SIP is an excellent safeguard and as you point out is working very well but it is no panacea. All it takes is one malware developer discovering a hitherto unknown or unexpected vulnerability and as Sherlock Holmes would say, "The game is afoot".

For the average user the biggest security venerability is their own ignorance of the threats. For the more technically aware it is complacence. With that in mind each person must strike their own balance among the competing elements of security, convenience, and usability. I am trying to encourage you to avoid the trap of complacency.

That's far from the first time you've made that point, and I always appreciate it; it's right on the mark! :thumbs up: (I hate emojis!)

But you've made it in the general sense, not in the much narrower context of "do I really need Little Snitch", and in that sense, I think that running LS almost solely against the possibility of some bad guy finding a back door into macOS sometime in the future and exploiting it with a new piece of malware with which LS will interfere is overkill in view of the very annoying nature of the beast and the demands it makes (and you apparently reached a similar, if not identical, conclusion).

In fairness, though, I'll install the LS v 4 public beta and see if it's easier to live with.

(I invited LS tech support to participate in this thread, but I guess it's not going to happen.)

SIP was instituted in El Cap in Sept. 2015.

I'm confused, though, because your symptoms sound more the product of poorly written software than like any kind of malware I've ever heard of.

My recent experience has been that embedded graphics are being sent, but not delivered unless I package them in folders.

Is there a way to get graphics in emails without having to go back to the source website like Yahoo? Lately I've been getting emails with just squares and no pics.


My recent experience has been that embedded graphics are being sent, but not delivered unless I package them in folders. [/quote]

I don't know what my daughters are seeing on the other side, but now that you've mentioned empty squares I'll ask.

When they tell me that they didn't receive, for instance, a screenshot I resend it in a folder.

I don't get a lot of graphics from friends and family but the commercial ones aren't showing up for sure.

Well, AppleCare thought it was malware and the malware program removed it immediately and my computer sped up!

Big squares in place of graphics often indicate that the graphics are blocked by the ISP, usually to speed up download of the e-mail or because it thinks it is junk mail. You should see something along the lines of "load remote images" you can click on to make them appear. Also, on the ISP's web site for their mail you may find a setting that controls the display of embedded graphics; change the setting to your liking.

Thanks, Ira. The next time it happens I will try one or both of those approaches, depending if it works right off the bat or not.