Great post, thanks, but you didn't mention that Little Snitch also monitors calls out by Apple and 3rd party apps and system processes, not to mention the nasty stuff that inspired both it and SIP.
You're right I probably should have mentioned that Lil Snitch monitors all outgoing traffic. I focused on cookies
et al. as the traffic users are most likely to block. SIP prevents external products from modifying system files. In fact if one is changed or deleted, SIP replaces the changed or deleted file with an image of the original file. I am unclear on how that would relate to what Lil Snitch does
Little Snitch's most important function, to my mind, at least, was alerting users to outgoing calls from malware placed by bad guys in areas that can no longer be accessed because of SIP.
Thinking about it, does SIP negate the necessity for LS and the other "paranoiaware" out there, or are there still unprotected areas of vulnerability?
- Security is multi-faceted and there is no single solution that covers them all.
- SIP protects system files from modification by malware (and as an added bonus from ill-advised user actions)
- Lil Snitch monitors and can prevent applications, cookies, and (lest we forget) even system files from "phoning home" with information about the user and her/his identity and/or browsing habits.
- Unquestionably there are still vulnerabilities that can be exploited. Any protection created by the human mind can be defeated by the human mind.
- Security is not a war that can ultimately be won. As with all crime it is a running battle with constantly evolving tools and tactics on both sides.
- Absolute security is a myth
- Security demands…
- Constant vigilance
- Keeping systems and software scrupulously up to date
- Constant vigilance
- Continual re-evaluation of your protections and what is or is not working
- Constant vigilance
- Strking a balance between security and usability
- Constant vigilance
Do you detect a pattern?
Of course, but I was really asking whether, SIP notwithstanding, there are still areas of OS X/macOS in which bad guys can place the sort of malware we've seen over the years...the sort of malware that LS can intercede against?
I don't recall a single such threat having arisen since SIP was instituted.
