After last week's column on Apple's built-in firewall, Frank Lowney asked the following question in the column's comments section:
Although, we're focused on incoming connections here, shouldn't we also be concerned about outgoing connections as well? This seems especially important where there are data caps or outrageously expensive cellular data plans being used.
We need a comprehensive and coordinated gate keeping strategy for all connections.
Frank raises an interesting and important point. While Apple's Application Level Firewall is great at putting on a good defense, monitoring your outbound traffic can be enlightening and possibly even a little disturbing. It can clue you in to which of your running applications are accessing and sending data to the Internet when you might not be expecting it to and it can help you to see if unexpected applications are sending data out when you don't want them to.
As it happens, there's an app for that: Objective Development's $35 Little Snitch, which you can download for free and use in demo mode to make sure it works exactly as you want it to.
The app's installation requires a restart, as it installs a number of its monitoring tools at a low level in your Mac's operating system. Once your Mac restarts you'll immediately see Little Snitch at work and you may be a bit surprised by what you see.
Little Snitch's default behavior is to show you Connection Alerts--messages letting you know apps are attempting to connect to the Internet--and to ask if you want that app to send out data from your Mac. You can adjust this behavior to suit your specific needs using the app's preferences.
What's surprising is just how many apps call home the moment your Mac starts up. But that little startup surprise may also act as a wakeup call. On my Macs I had to allow dozens of apps access to the Internet. Those access requests were from apps I use and want to have that access, but it is still surprising to see how many apps want to call home as your Mac starts up.
As you allow and deny connections Little Snitch learns what kinds of traffic you want to allow by how you respond to each connection request. Your responses get saved as rules that are reused every time an app attempts to make the same connection it has before. And you're not stuck with a rule once you've created it, as you can update and edit existing rules as needed.
Connection Alerts are also more than mere announcements about apps accessing the Internet, they provide detailed information about the apps trying to make that access, what ports they're using to send data, and there's a Research Assistant that gives you a more detailed look at an app from Objective Code's app databases, including whether or not the selected app has a valid code signing certificate.
Little Snitch lets you create profiles for different networks, which means you can create a "Trusted" profile for networks you know are safe, such as your office, an "Untrusted" profile for times when you're connecting to networks you're not sure about, and even a "Cellular Hotspot" setting that is stricter about which applications can send and receive data so you don't blow through your entire data plan with a single accidental download.
One of my favorite features is the Little Snitch Network Monitor, which provides a realtime view of the applications accessing the Internet and which you can use to create new network access rules on the fly.
It's important to note that Little Snitch is also a firewall for incoming traffic. So if you're using this app, you don't need to use Apple's firewall at the same time. But keep in mind that Little Snitch isn't as simple a solution as Apple's built-in firewall. That's not bad, it's just important to understand that the onus is on you to know which traffic should be allowed through your firewall and which shouldn't. While Little Snitch is a fantastic app, may also offer more power than you really want or need.
But, hey, it's free to try, so give it a go.
So, Frank, here's your "gatekeeper" with a complete collection of tools for handling everything you hoped for. Thanks for asking! Hope this was the answer you were looking for.