Dear Saad,
you wrote:
> Now, one should consider the risks he most cares about and how to
> mitigate them. Moreover, I don't believe it is up to LS to provide
> protection against this. Apple should provide a mean (activated by
> default if possible) to require authentication if any change is to be
> done on the Login Items list.
I am not convinced that waiting for Apple is a solution... if we assume
that a malicious program issues a "kill" to get rid of LittleSnitch, and
LittleSnitch is hardened against this in version 1.2.1, then this
additional effort just does not make sense when at the same time its
easy removal from the startup list is allowed taking it out.
You may install - again - a simple script (either run as startup item
during login or via cron) which acts as a sentry looking whether
LittleSnitch is running or not (VeriSnitch by xSmurf, or put an icon up
as suggested by Grant McLeod).
However, none of this changes the general situation that LittleSnitch
partly lives in the admin/root domain, partly in the user domain.
From that perspective I would rather rely on the firewall intrinsic to
OS X (ipfw) best in combination with a hardware firewall (router) also
for outgoing connections with rules for the *entire* system, to be
adapted only at admin/root level - and use LittleSnitch as add-on to
gain some application layer granularity.
I love the possibilities LittleSnitch offers with regard to applications
(similar to the Windows Kerio firewall mentioned in this thread). But,
personally, I would still want to have LittleSnitch reside entirely in
the admin/root domain as ipfw does.
This is no contradiction for single user systems vs multiuser systems. I
am the only user on my system but I am working from a simple user
account. The admin account I use for just that purpose - to administer
the system.
My 2 EURcents
Joachim
_______________________________________________
Littlesnitch-talk mailing list
[email protected]
http://at.obdev.at/mailman/listinfo/littlesnitch-talk
