I am concerned that smurf seems to trolling for ways to circumvent
LittleSnitch as much as trying to harden the app.
Not at all, I do like littlesnitch and have been using it for a long
time now, not that I don't use other tools such as those you
mentioned)...
Why did you not send your concerns directly to the developer
instead of publishing it one the net?
But ObDev seams to have been very closed to users concerns (at least
for LS, I can't say for the other apps) from what I have been reading
in the mailing list. On top of that, as I previously mentioned, they
had been warned about the security issue. The Opener story got
featured on many sites, from computer security to mega blogs
(ie: /.). Why have they not fixed the problem? They had plenty of
time to do it (over a year now). Why weren't these issues at least
told to the users? I don't believe security by obscurity is the way
to do things. I am much happier running LittleSnitch (yes I still run
it happily) knowing it runs in user space, and treating it like it
does and not like it runs as root when it isn't. I understand that a
big portion of LittleSnitch's user base are probably not all tech
savvy geeks, but why should they be kept in the dark? I'm sure they
can decide if they can live with only one lock on their door or if
they need more. For all these reasons I believe it is appropriate to
let the readers of this mailing list know.
I do admit that I not very pleased that obdev's LS dude is not here
to defend himself. I wish I could hear his side of the medal.
xSmurf
P.S. Sorry for repeating some of what has been said, I read Arno and
Tim's post after writing this.
_______________________________________________
Littlesnitch-talk mailing list
[email protected]
http://at.obdev.at/mailman/listinfo/littlesnitch-talk
