Hi Tony,
Trojans are usually run by the user
I have a hardware firewall in my router and the apple firewall
but neither allow full control over attempted outgoing connections.
Well, actually the apple firewall (and probably also the firewall in
your router) allows you full control over outgoing connections but
only on the ISO/OSI layers 1-4 (shortly said: based on interface,
ethernet layer, IP addresses, port numbers).
The advantage of LS is that it gives you control on an Application
basis (ISO/OSI layer 7).
Compared to the apple firewall (ipfw) the disadvantage of LS is that
it uns in user space whereas ipfw runs in kernel space.
Therefore LS potentially can be "manipulated" with user permissions -
ipfw can only be manipulated with root permissions.
Another difference between ipfw and LS is that ipfw starts at boot
time while LS starts when the user logs in.
A malicious application theoretically might use the time between
booting an login in to make an attemt to change the settings of LS or
for other harmful actions.
Am I right in thinking for LS to be compromised I, as the soul user
of this Mac, have to specifically give permission and run rogue
software?
No, you are not.
You don't have to specifically give permission.
A malicious software might remove the Login Item and you wouldn't
even notice it.
Next time you log in LS won't run.
regards
martin
_______________________________________________
Littlesnitch-talk mailing list
[email protected]
http://at.obdev.at/mailman/listinfo/littlesnitch-talk
