Little Snitch shortcoming: Badly needs wildcards

In this day and age, running a computer without some kind of an outgoing firewall is like driving your car with your eyes closed.

There are so many malfeasors - from phishers to corporate spies - trying to track you and place you and grab you every time you check your email or you browse the web, that everyone needs a firewall.

You can test this on OS X by installing Little Snitch and scrolling through your messages. A few of the outgoing calls are for innocent images, mainly they are for tracking tags and tracking images.

Little Snitch - a few of the Edgesuite calls on one week fresh install!

Little Snitch is free for 3 hour periods at a time so it can be installed to test and find out what domains you'd like to be blocking.

For long term blocking of nasty sites OS X, your solutions are threefold:

1. buy an outgoing firewall, i.e. Little Snitch. A bit pricey at $30 a license but it's Little Snitch or go hungry
2. configure your hosts file to block most of the major offenders (people do keep lists)
3. use GlimmerBlocker control panel to block the baddies via internal proxy (works on all browsers)

Of the three, GlimmerBlocker was the best and the simplest. Until after a year and a half GlimmerBlocker decided to seize up and prevent me from editing WordPress sites. Apparently it's database got full or something. I lost eight hours trying to troubleshoot this mystery when I desperately needed to work so GlimmerBlocker is banned now. A pity as GlimmerBlocker is free.

A hosts file is also great. By adding bad sites to the hosts file and redirecting them to localhost (127.0.0.1) you stop them dead in their tracks.

One of the more complete lists of domains to block via hosts is kept online here: http://www.mvps.org/winhelp2002/hosts.txt

To edit your hosts file on OS X, the quickest way is to use Terminal to give TextEdit root access to the hosts file.

1. Open a terminal window and type the following: sudo /Applications/TextEdit.app/Contents/MacOS/TextEdit /etc/hosts
2. Hit return and enter your admin password when prompted and again hit return.
3. Your Hosts file should automatically open in TextEdit.
4. Copy the hosts from http://www.mvps.org/winhelp2002/hosts.txt or ssomewhere else (mvps wastes a lot of space on the x-rated zone for those of us not into: alternative suggestions to mvps welcome)
5. Paste it into your text hosts file.
6. Save.
7. Test that hosts is working by browsing to one of the domains listed in mvps.
8. Continue to edit and save at your leisure (at each save the hosts file is updated and live: well done Apple).

Unfortunately both LittleSnitch and the hosts file suffer from the same fatal flaw. They don't allow wildcards. So for instance, one of the worst bits of spyware around is Infusionsoft. Every time you get an email from a subscriber of infusionsoft they want to know if you opened it. Therefore every image is specific to you. But each user has his or her own subdomain, i.e. empowered.infusionsoft.com.

If you block infusionsoft.com in hosts with 127.0.0.1 infusionsoft.com, you will only block the homepage. You would have to block 127.0.0.1 empowered.infusionsoft.com for each and every Infusionsoft subscriber who sends you email.

Little Snitch automates this process and allows you to make the block application specific. I use Apple Mail exclusively as my email client (looks great, full feature set and very fast, btw) so Little Snitch and I pick off these offenders one by one.

What I really want though are wildcards in Little Snitch so that I can ban all infusionsoft.com subdomains with a single *.infusionsoft.com within Apple Mail. The same applies for edgesuite.net within Apple Mail (Edgesuite is for corporate email spies like Apple and eBay, Infusionsoft is for slippery marketers like Rich Schefren and friends like Mike Filsaime).

When is the Objective Development team going to get off their backsides and improve Little Snitch by adding wildcards? There is a three page thread in their forum which goes back to 2004 asking for subdomain blocking in Little Snitch. What's particularly galling is that ObDev have not even bothered to answer our concerns.

Until Objective Development add a subdomains/wild card feature to Little Snitch, you may want to hold off on the purchase. Managing outgoing requests one subdomain at a time is very tedious work.

In the meantime, if you'd like to block certain domains or you have doubts about a certain piece of software, there is a free solution. You can turn Little Snitch on for three hours while you deal with spam email or install new software, take note of the domains you'd like to block and then add those domains to your hosts file.

Alec Kinnear

Alec has been helping businesses succeed online since 2000. Alec is an SEM expert with a background in advertising, as a former Head of Television for Grey Moscow and Senior Television Producer for Bates, Saatchi and Saatchi Russia.