LittleSnitch for Linux

Posted by pluc 23 hours ago

1251 points | 410 commentspage 4

pshirshov 15 hours ago|

Unfortunately it significantly impacts battery life, at least at my tests.

Dig1t 22 hours ago||

>The daemon (littlesnitch --daemon) is proprietary, but free to use and redistribute.

Worth noting that it is closed source. Would be worth contributing patches to OpenSnitch to bring it up to parity with Little Snitch.

https://github.com/evilsocket/opensnitch

MegagramEnjoyer 22 hours ago|

Thanks for sharing Open Snitch

Suffocate5100 9 hours ago||

I'm glad people are building stuff for Linux, but the people who actually want something like this have likely already been using Opensnitch for years. I'm certainly not going to spend $60 for something that has been doing the job for free.

brycewray 7 hours ago|

From the related blog post[0]:

> You can find Little Snitch for Linux here[1]. It is free, and it will stay that way.

[0]: https://obdev.at/blog/little-snitch-for-linux/

[1]: https://obdev.at/products/littlesnitch-linux

txrx0000 22 hours ago||

As articulated in the author's own blog post:

https://obdev.at/blog/little-snitch-for-linux/

The core issue is simple and uncomfortable: through automatic updates, a vendor can run any code, with any privileges, on your machine, at any time.

-----

If the author is serious about this, then they should make their own program completely open source, and make builds bit-for-bit reproducible.

For all I know, the proprietary Little Snitch daemon, or even the binaries they're distributing for the open source components, contain backdoors that can be remotely activated to run any code, with any privileges, on your machine, at any time.

littlesnitch 13 hours ago|

This is correct, of course. But I currently can't make the entire project Open Source. My other option would be to keep it completely private (wrote it mostly for myself in the first place).

I think it's still better to make it public and only partially Open Source so that some people can benefit from it. If you don't trust us, that's completely reasonable, just don't install it.

flexagoon 22 hours ago||

Also see Safing Port master:

https://safing.io/

winrid 19 hours ago||

Related - I'm working on launching Watch.ly[0] (human-in-the-loop for remotely approving network and file system access for agents) in the next week or so. It works similarly, via eBPF (although we can also fall back to NFQUEUE). Supporting 5.x+ linux kernels[1], osx, and windows.

Did not know about LittleSnitch, will definitely check it out.

[0] https://watch.ly/

[1] https://app.watch.ly/status/

linuxguy2 10 hours ago||

One person's (not my) take on why to skip this: https://the.unknown-universe.co.uk/privacy-security/little-s...

TL;DR it's closed source and there's open source alternatives.

digg32 16 hours ago||

Will there ever be anything like Comodo Firewall's HIPS firewall on Linux [0]? I remember when firewalls like ZoneAlarm could detect keyboard hooks from keyloggers and such. Comodo Firewall has had this for over a decade, but unfortunately they are not free anymore. For how open Linux is, it surprises me you can't handle things apps are doing on an alert by alert basis, and not just network permissions. Firewalls used to detect DLL injections, apps creating script files to run, adding stuff to start up. Now it seems firewalls only means network detection.

[0] https://help.comodo.com/uploads/Comodo%20Internet%20Security...

mrbluecoat 22 hours ago||

> The macOS version uses deep packet inspection to do this more reliably. That's not an option here.

Isn't MacOS just *nix under the hood? Genuinely curious about this difference.

firelizzard 20 hours ago||

An operating system is roughly broken into three parts: the kernel, the core system tools, and the shell (the desktop environment and/or the CLI shell). Linux: Linux kernel, GNU coreutils (usually), KDE/Gnome/etc + CLI shells. macOS: XNU, BSD userland + launchd/etc, Aqua/Cocoa. Windows: NT kernel, Win32/WinRT/etc, Windows Shell.

The systems LittleSnitch uses to do packet inspection are very much OS-specific. There's no generic standard for doing high-performance packet inspection. XNU and Linux are *very* different kernels. Linus Torvalds built Linux from scratch as a monolithic kernel because he wanted a Unix-like OS that wasn't encumbered. XNU is based on the Mach microkernel though XNU is a hybrid or monolithic kernel, not a microkernel. The point is, they have very different heritage and very different systems for... well pretty much everything. So "just *nix under the hood" is kind of true but also completely besides the point as far as packet inspection goes. And even then, while there are a lot of similarities between the core system tools of Linux and macOS, they're still quite different and unless you're limiting yourself to POSIX-standard interfaces (which are only a fraction of the system), you're not going to be able to use the same code on both systems.

manwe150 21 hours ago|||

More the opposite. macOS is a veneer of nix, but underneath it is the XNU microkernel. Lots more nuance since Apple took over and added a lot of their own performance and API improvements to

ekropotin 21 hours ago|||

From what I understand, macOS uses weird kernel implementation, which is almost open source, but not 100%

firelizzard 20 hours ago||

You're correct, but for a bit more context: The macOS kernel is XNU, which is derived from/based on the Mach kernel, but heavily modified. The kernel itself is open source but some drivers/kernel extensions are not so it's not actually usable (unless you provide your own implementations of those).

gnerd00 21 hours ago||

BSD family with fewer GPL parts each year

wolvoleo 18 hours ago|

Ohhh interesting. Little snitch is one of 2 apps I miss from when the Mac was my daily driver. The other app was pixelmator

More comments...