Little Snitch security update

Little Snitch is privacy/firewall software for the Mac from Objective Development Software GmbH that monitors network activity and gives you control and visibility for data leaving your computer via network connections. Features include connection alerts with flexible blocking of outgoing traffic, including on-the-fly control, rules-based configuration (with several aids) and configuration profiles (e.g. for different locations or networks); DNS name based traffic filtering; network monitoring displays and snapshots (with details about traffic, history, hostnames, ports, geographic locations, etc., plus packet capture in PCAP format); an inbound firewall; a “research assistant” database to help identify networks and activities; and much more.

Little Snitch 4.5.2 is priced at $45 for OS X 10.11 and up. A demo mode functions for three hours at a time, for 30 days. (Little Snitch legacy versions support Mac OS X 10.2 and up.)

The latest release brings a security patch and should be installed promptly:

We highly recommend to update to this version soon because it fixes a possible privilege escalation.

  • Fixes a privilege escalation issue (CVE-2020-13095). Details about this issue will be revealed later.
  • Fixes an issue in the connection alert causing the user’s host/domain choice to be ignored under some rare circumstances.


Lockdown is an open-source firewall app for macOS and iOS from ex-Apple engineer Johnny Lin (Confirmed Inc.) “that blocks tracking, ads, badware and more” with the following features listed:

  • Block any domain / service
  • Works for all apps, not just the browser
  • Useful preconfigured defaults
  • See what’s being blocked
  • Optional VPN for additional privacy

In addition, “everything Lockdown does stays on your device,” according to the company.

Lockdown Apps 0.3.1 is a free download for iOS 11 and later (with optional VPN services priced starting at $7.99/mo.).

Lockdown Apps 0.1.1 is a free download for macOS 10.15 Catalina only.

(See “Here’s What The “Do Not Sell My Personal Data” Button Does” for Johnny’s detailed and revealing look at modern Internet privacy problems.)

Hands Off

Hands Off is a Mac security app from One Periodic Inc. that controls access to your network and storage devices by applications to help prevent programs from “phoning home”, stealing sensitive information, or installing malware on your computer. Hands Off monitors applications and uses notifications and configuration rules to control what they can access. You can choose among default presets for ease of use or more detailed configuration options. Rules can be applied to a single user or globally to the whole system, and you can make them temporary (until the application quits) or persistent. (See Hands Off basics for more information).

Hands Off 4.4.2 is priced at $49.99 (one user) for OS X 10.11 and up, with a free demo version available. The latest update brings support for macOS Catalina 10.15.3 and 10.15.4. (Older versions are available for earlier Mac systems.)


Scudo is new macOS “hybrid firewall” software from (which previously created WaterRoof, IceFloor, Murus and Vallum firewall apps for the Mac), designed to be user-friendly while letting you choose between a “silent” automatic mode and an interactive mode.

Scudo combines both a network-layer and an application-layer firewall. Its purpose is to give all Mac user a compact, easy, reliable and affordable way to:

  • protect shared documents and services from unwanted connections from remote computers
  • improve privacy and security detecting apps connections attempts and allowing you to choose which app is allowed to connect to the network
  • throttle upload and/or download bandwidth usage for each service/app independently

Scudo is a graphic user interface for an inbound network layer packet filter based on PF and an outbound application layer socket filter based on AFW. Additionally, Scudo automatically monitors your Mac for active network services and applications so you are always aware of all network activities.

Scudo 1.0 is priced at $10 for OS X 10.11 and later. The download includes an installer package, an uninstaller app, and a user manual in PDF format.

Murus, Vallum

Murus is a graphical front-end (from for the Mac’s full-fledged, built-in PF (“Packet Filter) network firewall, offering control over inbound connections and heavy-duty features, including “proactive” features like “port knocking” and an adaptive firewall to block brute-force attacks and use blacklists, customizable logging with realtime graphing and statistics, user-defined notifications, connection sharing with access limits and accounting, port forwarding, bandwidth management, a “remote safety switch” and much more. A Murus Assistant app helps quickly configure and enable PF, choose a predefined configuration profile or create your own configurations.

Vallum is a companion application-level firewall that controls outbound connections via a friendly user interface with a configuration assistant, plus a rules editor, log analysis, user-specific rules and geo-IP controls, “fingerprint” matching, and more. (See also: Murus-Vallum comparison.)

Murus 2.0 is available in three versions for macOS 10.12 and later: a free Lite version, a $10 Basic version, and a Pro bundle, priced at $35. The latest release is the new Version 2.

Vallum 3.3.2 is priced starting at $15 for OS X 10.11 and up with free evaluation and a 15-day money back guarantee. The latest release is compatible with Murus 2.

Scudo, a new “hybrid firewall” from the company, is an alternative option.