Little Snitch Support wrote:
Dear Little Snitch users!
I would like to give some explanations regarding questions that where
discussed in the littlesnitch-talk list lately.
1. Regarding the "Code Injection Alert"
The term "Code Injection" refers to a technique that uses a Mac OS X
security flaw to "inject" program code from one application into
another. The consequence of this is, that if you allow application A
to communicate with the internet, application B, who is not allowed to
do so, could simply "inject" some code into application A and
communicate "under app A's name", thus undermining Little Snitch.
This security flaw has been addressed by Apple in the current release
of Mac OS X for Intel processors. Apple restricted the possibilities
of "code injection" and so made the system more secure. Unfortunately
the PowerPC version of Mac OS X was not adopted now and still suffers
from this security flaw.
That's why we added functionality to Little Snitch in this current
beta to intercept these attempts of "code injection". This makes the
PowerPC platform more secure during the transition period, until Apple
aligns the Mac OS versions for PowerPC and Intel processors. The new
"Code Injection Alert" is an alert panel that allows the user to
decide, whether he/she want's to allow app A to inject code into app B.
During the first beta period we received response regarding several
application that are using this "code injection" technique for their
normal operation. Although these applications will not be able to do
this that way in future Mac OS versions (or already now in Intel
machines) and will have to be adopted anyway, we didn't want to make
them unusable with our new "Code Injection Alert" now.
That's why we decided to add a preference setting for it. In the
current beta you can decide whether you want your system to behave the
"new" way (only letting special applications do "code injection" and
let Little Snitch warn for all others) or whether you want it to
behave the "old" way (allowing "code injection" for every application).
To change this setting, go to the Little Snitch Preference Pane, click
the lock icon to authenticate and choose "Preferences" from the gear
wheel menu. In the panel appearing you will find the "Enable Code
Injection Alert". If you enable it, the system will behave the "new"
way. If you do not enable it, the system will behave the old way.
Little Snitch will then not warn you and all applications using the
"code injection" technique will work as always.
As far as we know by now, the applications that are using code
injection are:
Application Enhancer from Unsanity (and thus all haxies)
ASM
Codetek Virtual Desktop
Default Folder X
FinderPop
Sticky Windows
Stuffit AVR
The haxies are a special case, because Application Enhancer uses a
process with "root" privileges to inject its code into others. This
will be allowed also in future versions of Mac OS and thus Little
Snitch also allows this, no matter how you set the "Enable Code
Injection Alert" preference setting.
But for all other apps listed above you need to disable the Code
Injection Alert to use them unhindered.
2. Regarding IP addresses and DNS lookups
When Little Snitch shows its popup panel regarding some communication
attempt, it currently uses a technique called "reverse DNS lookup" to
translate the IP address of the targeted host into a name (e.g.
"17.112.152.32" into "eg-www.apple.com") to make it more meaningful
for the user.
Unfortunately not all IP addresses can be translated that way. That's
why we are adding more techniques (forward DNS lookup caching and also
WHOIS lookups) in coming releases of Little Snitch.
Regards
Johannes Tiefenbrunner
--Little Snitch Support
[EMAIL PROTECTED]
_______________________________________________
Littlesnitch-talk mailing list
Littlesnitch-talk@obdev.at
http://at.obdev.at/mailman/listinfo/littlesnitch-talk
Johannes Tiefenbrunner,
Thanks for the info/explanation.
In regards to turning on or off "Code Injection Alert" : is there any
possibility that you could programme to allow me to "allow" programmes
that I already have are not trouble makers ?
The repeated security alerts. no matter how many times I allowed them,
came from programmes that are connected somehow or other to Default Folder.
So if I could preauthorize LittleSnitch to allow ( or exclude ) "my"
programmes that would make the new feature of LS more meaningful to me
rather then disable that feature. For example in my Unsanity haxies I
can set programmes to be excluded from the haxie such as FruitMenu,
Windowshade.
Just my thought for improving LS.
Walter
_______________________________________________
Littlesnitch-talk mailing list
Littlesnitch-talk@obdev.at
http://at.obdev.at/mailman/listinfo/littlesnitch-talk
