Internet Access Policy
In Little Snitch 4 we’ve introduced a new Internet Access Policy (IAP) standard, allowing third party app developers to bundle a policy file with their application containing information about the Internet connections their program is about to establish.
This gives developers the opportunity to describe the purpose of these connections, why they are necessary and why it’s recommended or necessary to allow them.
With Little Snitch 4.0.4 we’ve extended the policy format to allow providing dedicated information about potential consequences when denying a particular connection.
Whenever you choose to deny a connection via Little Snitch —either in the connection alert or in Network Monitor — we now display that information helping you to make a better informed decision.
- It’s now possible to provide Internet Access Policy files not only for app bundles but also for plain Unix executable files.
- Little Snitch now includes Internet Access Policies for several Apple processes shipped with macOS.
- Fixed an issue with localized IAP files.
- Blocked connections are now indicated in the map with a red flashing connection line.
- Significantly improved performance when handling large amounts of connects.
- Improved performance in case of large file downloads.
- New action: “Show Recently Used Rule(s)”. Accessible by holding down the Option key while opening the context menu in Network Monitor.
- Fixed an issue causing heavy flickering of the map during zooming or panning on macOS 10.13 High Sierra.
- Fixed: The menu bar did not respond immediately after opening the Network Monitor window.
- Fixed: Network Monitor no longer flashes connection lines that are currently invisible due to filtering.
- The data rate display in the inspector pane now respects the Bits/s vs. Bytes/s user preference.
- The experimental “Handle Connection Attempts in Monitor” preferences option has been removed.
- Improved handling and presentation of code signature issues.
- Improved handling of XPC processes.
- Improved help text of rule suggestions covering multiple connection attempts.
- Improved handling of incoming ssh connections.
- Improved handling of denied incoming connections.
- Improved display of connection alerts on small displays.
- Improved creation of diagnostics reports.
- Improved protection against malware attempting to modify Little Snitch.
- For improved privacy the Little Snitch configuration file is now saved in an encrypted format.
- Added a preference option allowing to choose whether OpenVPN remote servers should be distinguished or not.
- Added “Port 22 (SSH)” to the port popup list in the rule editor of Little Snitch Configuration.
- Due to a bug in macOS, applications may hang for a while when they attempt to show animated graphics. Little Snitch detects when important components stop responding and used to generate diagnostics info. Since this further slowed down the machine, we no longer generate these diagnostics and simply restart the affected component.
- Fixed a rare kernel panic.
- Fixed an issue when choosing the “Once” option in the connection alert.
- Fixed an issue related to handling connections via VPN.
- Several other bug fixes and improvements.
Since this version stores all configuration files in encrypted format, previous versions cannot read them. If you downgrade, all your rules and preferences are lost. In order to prevent data loss, this version makes a backup of your configuration at
/Library/Application Support/Objetive Development/Little Snitch/configuration_<dateandtime>.xpl before encrypting. Previous versions can restore from this backup via Little Snitch Configuration > Rules > Import from Backup….
Alternatively, you can make a backup of your configuration even in the new version (via Little Snitch Configuration > Rules > Backup…) and restore it after downgrading. Backups are not encrypted in order to keep them backward-compatible.
For improved privacy the Little Snitch configuration file is now stored in an encrypted format. When switching to the encrypted format, a backup of the old, unencrypted configuration file is made. If you prefer to have only encrypted configuration files stored on disk, we recommend to remove any unencrypted backup files. Their filename contains a date and timestamp, and they are located in the following folders:
/Library/Application Support/Objective Development/Little Snitch/
~/Library/Application Support/Little Snitch/
To open these folders you can use Finder’s Go to Folder… command (⇧⌘G).