X
Home & Office

Little Snitch tattles on trojans

In case you missed it, your Mac may be under attack. Especially if you have a taste for downloading Mac software that isn't exactly, ahem, legal.
Written by Jason D. O'Grady, Contributor

Network MonitorIn case you missed it, your Mac may be under attack. Especially if you have a taste for downloading Mac software that isn't exactly, ahem, legal.

Last week I reported that a trojan horse called "iWorkServices" has was found in a pirated version of iWork '09 floating around on BitTorrent. Yesterday it came to light that another trojan has been found in a pirated version of Photoshop CS4.

Whether you play fast and loose with your software licenses is on your conscience (I certainly don't recommend it) but one way to keep tabs on software that likes to call home is with Objective Development's Little Snitch 2.0 ($29.95). I hadn't used it since version 1 and the recent rash of Mac trojans gave me a prefect excuse to try v.2.

Little Snitch informs you whenever a program attempts to establish an outgoing Internet connection. You can then choose to allow or deny this connection, or define a rule how to handle similar, future connection attempts. This reliably prevents private data from being sent out without your knowledge. Little Snitch runs inconspicuously in the background and it can also detect network related activity of viruses, trojans and other malware.

Once installed you'll be amazed at all the things on your Mac that connect to the Internet in the background. Most of them probably have your approval, like all the apps that you allowed to "check for updates at startup?" and things like Software Update, dotmacsyncclient and Bonjour's mDNSresponder. Those ones are safe to "allow" but if Little Snitch asks for approval for something unknown, deny the request then Google the name to see if it's kosher.

Be warned though, the first time you install Little Snitch, you'll be inundated with allow/deny requests and it can be exhaustive. (Hint: you can confirm an alert with Command-Return, Control-Return and Return-Escape). Clicking the Forever button helps you ignore approved outbound connections and it's a small price to pay to be able to keep tabs on potentially malicious code.

A new Network Monitor feature (pictured) has been added in version 2 which alone is worth the price of admission. The beautifully designed window displays detailed information about all of the incoming and outgoing network traffic on your Mac. It only pops up when connections are active unless you check the small "stay visible" box at the top of the window. I find myself leaving the Network Monitor window visible and watching in awe as the packets flow by. If you decide to close it a subtle menu bar item will also keep you apprised.

Nice, tight bit of code. Highly recommended.

Editorial standards