Little Snitch

Little Snitch is privacy/firewall software for the Mac from Objective Development Software GmbH that monitors network activity and gives you control and visibility for data leaving your computer via network connections. Features include connection alerts with flexible blocking of outgoing traffic, including on-the-fly control, rules-based configuration (with several aids) and configuration profiles (e.g. for different locations or networks); DNS name based traffic filtering; network monitoring displays and snapshots (with details about traffic, history, hostnames, ports, geographic locations, etc., plus packet capture in PCAP format); an inbound firewall; a “research assistant” database to help identify networks and activities; and much more.

Little Snitch 4.4.3 is priced at $45 for OS X 10.11 and up. A demo mode functions for three hours at a time, for 30 days. (Little Snitch legacy versions support Mac OS X 10.2 and up.) The most recent release updated macOS Catalina support.

Please upgrade to this version before you upgrade to macOS Catalina!
On Catalina, system apps have been moved from /Applications to /System/Applications and the paths in rules must be updated. If you upgrade to Catalina while a previous version of Little Snitch is installed, rules for system apps are not updated.

Hands Off

Hands Off is a Mac security app from One Periodic Inc. that controls access to your network and storage devices by applications to help prevent programs from “phoning home”, stealing sensitive information, or installing malware on your computer. Hands Off monitors applications and uses notifications and configuration rules to control what they can access. You can choose among default presets for ease of use or more detailed configuration options. Rules can be applied to a single user or globally to the whole system, and you can make them temporary (until the application quits) or persistent. (See Hands Off basics for more information).

Hands Off 4.4.2 is priced at $49.99 (one user) for OS X 10.11 and up, with a free demo version available. The latest update brings support for macOS Catalina 10.15.3 and 10.15.4. (Older versions are available for earlier Mac systems.)

Scudo

Scudo is new macOS “hybrid firewall” software from Murus.it (which previously created WaterRoof, IceFloor, Murus and Vallum firewall apps for the Mac), designed to be user-friendly while letting you choose between a “silent” automatic mode and an interactive mode.

Scudo combines both a network-layer and an application-layer firewall. Its purpose is to give all Mac user a compact, easy, reliable and affordable way to:

  • protect shared documents and services from unwanted connections from remote computers
  • improve privacy and security detecting apps connections attempts and allowing you to choose which app is allowed to connect to the network
  • throttle upload and/or download bandwidth usage for each service/app independently

Scudo is a graphic user interface for an inbound network layer packet filter based on PF and an outbound application layer socket filter based on AFW. Additionally, Scudo automatically monitors your Mac for active network services and applications so you are always aware of all network activities.

Scudo 1.0 is priced at $10 for OS X 10.11 and later. The download includes an installer package, an uninstaller app, and a user manual in PDF format.

Murus, Vallum

Murus is a graphical front-end (from Murus.it) for the Mac’s full-fledged, built-in PF (“Packet Filter) network firewall, offering control over inbound connections and heavy-duty features, including “proactive” features like “port knocking” and an adaptive firewall to block brute-force attacks and use blacklists, customizable logging with realtime graphing and statistics, user-defined notifications, connection sharing with access limits and accounting, port forwarding, bandwidth management, a “remote safety switch” and much more. A Murus Assistant app helps quickly configure and enable PF, choose a predefined configuration profile or create your own configurations.

Vallum is a companion application-level firewall that controls outbound connections via a friendly user interface with a configuration assistant, plus a rules editor, log analysis, user-specific rules and geo-IP controls, “fingerprint” matching, and more. (See also: Murus-Vallum comparison.)

Murus 2.0 is available in three versions for macOS 10.12 and later: a free Lite version, a $10 Basic version, and a Pro bundle, priced at $35. The latest release is the new Version 2.

Vallum 3.3.2 is priced starting at $15 for OS X 10.11 and up with free evaluation and a 15-day money back guarantee. The latest release is compatible with Murus 2.

Scudo, a new “hybrid firewall” from the company, is an alternative option.