A couple of feature requests

General discussions about Little Snitch
hummingdrone
Posts: 11
Joined: Fri Jan 06, 2017 6:04 pm

A couple of feature requests

Postby hummingdrone » Fri Jan 06, 2017 6:46 pm

I have bough Little Snitch today, what a fantastic and fascinating program! I've been able to track down some dubious programs, and even deduce that I had a dodgy browser plugin. You guys rock!


I do have some things I was hoping for, didn't understand, or think could be useful that I thought I'd share:


- I'd like to sort rules by date added. Sometimes you accidentally add a rule (often you click on a bunch of then), and you quickly want to undo it, for example when I accidentally also disabled a subdomain that server CSS for a webpage. The 24-hour option comes close I guess, but it still means I have to search for the rule. A big "undo last rule" button might also be useful, perhaps even as an option in the menubar icon's dropdown.

- I would like to have a learning/training period for apps where I am able to manually allow or disallow things as normal, but then after that allow all new requests. For example, Chrome wants to phone home a lot, and I would like to block that. But after I have tamed Chrome, I want to allow access to all other websites and let browser plugins (umatrix, ublock) take care of taming those.

- The Research Assistant is really handy, but it would be useful to also look at the specific domains the applications connect to. For example, with Chrome I'd like to have details on some of the servers it tries to connect to.

- It would also rock if, in the research assistant pop-op, the community could vote on whether disallowing a specific domain breaks functionality. It would almost be like a game: "Did I guess right that this is an important domain, or just fluff? Find the answer by clicking on the research assistant icon". For example, right now my plugins in Chrome don't want to load (which opens new risks!), and I don't know which of the domains I blocked was responsible for that. Google, as I now know thanks to Little Snitch, has a wide variety of domains it uses for authentication.

- I would like to be able to schedule when/how often programs can connect. For example, I want an app to be able to check for updates, but only allow that just once a month, and not every 5 minutes. (A less useful but possibly much more funny version of this would be an allowance system where I allow an app to connect X number of times, but after that it has wait until I give it a new allowance).

- I want to be able to block a whole range of subdomains, without blocking the main website itself.

- In the overview, I would like to be able to quickly allow or disallow a connection by clicking on the green and red dots. Currently, I have to open the pop-up for the rule, and then select the new status in a dropdown, and then hit save. That's a lot of clicks for something so vital.

- I'd like to have a page or icon bar or something along those lines that allows me to quickly toggle access for a select few programs that I want to block most of the time, but sometimes want to allow access for a little while. For example, I almost never install anything from the app store, so I want to block this chatty program. But once in a blue moon I'd like to give it access for a short time when I actually need to buy an app from it.

- I would like it to be able to be integrated with those white/blacklists you can find online. That way I can just instantly block most common tracking websites, so that my browser plugins have less work to do.

-As a newuser, I didn't realize I could open the main window of Little Snitch from the status bar icon because it had an unexpected name ("rules"). The other names in that dropdown are a little unclear to me as well (stop network filter?). That might change in a while, but I thought I'd let you know.

Update:
It can already do this, it turns out:
- I'd love the ability to block an entire program all at once. For example, Apple's Geo Daemon tries to connect to a whole range of servers. I block one address, and it just tries another. I just want to block the whole app in one go! (and laugh maniacally when I do it).
- And I have goten used to the names in the dropdown :-)

That's a lot of features! Please understand I only made this list because Little Snitch is so awesome.

"Little Snitch, the closest you'll probably get to running an understaffed kindergarten full of kids who are all having their birthday and just found the box full of high-fructose candy".

Andrzejm
Posts: 2
Joined: Fri Nov 24, 2017 12:48 pm

Re: A couple of feature requests

Postby Andrzejm » Fri Nov 24, 2017 12:54 pm

I highly support Research Assistant propositions.
It would be great to RA inform me about websites the app is connecting to.
Additionally is it possible to identify an application from within virtual machine? (Parallel Desktop for example).

Similar propositions are here:
viewtopic.php?f=1&t=11096&p=33255&hilit=Research+Assistant#p33255

r2a2ob
Posts: 7
Joined: Mon Feb 19, 2018 10:13 pm

Re: A couple of feature requests

Postby r2a2ob » Thu Mar 15, 2018 2:30 am

I'd like research assistant to give information about the connection and if it's a safe connection or not

ctwise
Posts: 16
Joined: Tue Apr 14, 2009 3:19 pm

Re: A couple of feature requests

Postby ctwise » Sat Mar 17, 2018 2:48 pm

Here's a few more:

1. Handle app updates intelligently: Notice that an app has "likely" been updated and ask the user if they want to transfer the old rules to the updated app.

2. Provide whois information for IP ranges.

3. Allow rules to be merged. Selecting a range of compatible rules and right-clicking on them to merge them into one rule, e.g., a group of rules listing different DNS or IP entries for the same app.

daniela
Objective Development
Objective Development
Posts: 54
Joined: Wed Jun 21, 2017 10:08 am

Re: A couple of feature requests

Postby daniela » Mon Mar 19, 2018 12:27 pm

Thank you for your requests! They are greatly appreciated and all noted

marco
Objective Development
Objective Development
Posts: 63
Joined: Mon Jul 28, 2014 3:00 pm
Location: Vienna, Austria

Re: A couple of feature requests

Postby marco » Tue Mar 20, 2018 4:54 pm

A few notes:

hummingdrone wrote:- I'd like to sort rules by date added. Sometimes you accidentally add a rule (often you click on a bunch of then), and you quickly want to undo it, for example when I accidentally also disabled a subdomain that server CSS for a webpage. The 24-hour option comes close I guess, but it still means I have to search for the rule. A big "undo last rule" button might also be useful, perhaps even as an option in the menubar icon's dropdown.


You can sort by creation date in Little Snitch Configuration by Selecting View > Sort By > Creation Date. You can also do this by clicking the second table column header (the one with the dot in it), but that’s not exactly discoverable.

hummingdrone wrote:- I would like to have a learning/training period for apps where I am able to manually allow or disallow things as normal, but then after that allow all new requests. For example, Chrome wants to phone home a lot, and I would like to block that. But after I have tamed Chrome, I want to allow access to all other websites and let browser plugins (umatrix, ublock) take care of taming those.


You can essentially get that by answering Connection Alerts as they come and when you’re ready to accept any further connections, create an allow rule in Little Snitch Configuration or Network Monitor.

hummingdrone wrote:- The Research Assistant is really handy, but it would be useful to also look at the specific domains the applications connect to. For example, with Chrome I'd like to have details on some of the servers it tries to connect to.


That would be nice indeed, but where should this information come from? It’s impossible for us or any individual or company to maintain a list of all servers on the Internet. And if that information were to be provided by the server itself, what would be the point?

hummingdrone wrote:- I want to be able to block a whole range of subdomains, without blocking the main website itself.


I’m not sure I understand what you mean here. For example, do you want to allow connections to http://www.obdev.at, but deny connections to any other host in the domain obdev.at? You can do that by creating an allow rule for the host http://www.obdev.at and a deny rule for the domain obdev.at.

hummingdrone wrote:- In the overview, I would like to be able to quickly allow or disallow a connection by clicking on the green and red dots. Currently, I have to open the pop-up for the rule, and then select the new status in a dropdown, and then hit save. That's a lot of clicks for something so vital.


I assume you’re talking about Little Snitch Configuration here? We find that once a rule is created, changing the action of that rule is something that’s done very rarely. Nonetheless, Little Snitch Network Monitor provides quick access to allowing/denying connections using the buttons in each connection line. See https://help.obdev.at/littlesnitch/#/lsm-managing-rules

hummingdrone wrote:- I'd like to have a page or icon bar or something along those lines that allows me to quickly toggle access for a select few programs that I want to block most of the time, but sometimes want to allow access for a little while. For example, I almost never install anything from the app store, so I want to block this chatty program. But once in a blue moon I'd like to give it access for a short time when I actually need to buy an app from it.

- I would like it to be able to be integrated with those white/blacklists you can find online. That way I can just instantly block most common tracking websites, so that my browser plugins have less work to do.


We’re planning on improving such workflows, but there’s nothing specific to announce yet.

hummingdrone wrote:That's a lot of features! Please understand I only made this list because Little Snitch is so awesome.


Thank you very much for taking the time to write up this feedback. It’s always valuable to hear what works, what doesn’t work and what we can improve.

marco
Objective Development
Objective Development
Posts: 63
Joined: Mon Jul 28, 2014 3:00 pm
Location: Vienna, Austria

Re: A couple of feature requests

Postby marco » Tue Mar 20, 2018 4:56 pm

Andrzejm wrote:Additionally is it possible to identify an application from within virtual machine? (Parallel Desktop for example.


If I’m not mistaken, this is not really possible without tight integration with the OS running in the VM itself. For the host OS, all network connections in the VM are usually seen as connections by one single process.

marco
Objective Development
Objective Development
Posts: 63
Joined: Mon Jul 28, 2014 3:00 pm
Location: Vienna, Austria

Re: A couple of feature requests

Postby marco » Tue Mar 20, 2018 4:59 pm

r2a2ob wrote:I'd like research assistant to give information about the connection and if it's a safe connection or not


I understand the desire to get recommendations for whether a specific connection should be allowed or denied, but who should decide that and on what grounds? We really do not want to be the ones who tell our users that it’s OK to trust connections of one app, but not another.

Little Snitch gives you the tools to decide these things for yourself. It should not decide on your behalf.

marco
Objective Development
Objective Development
Posts: 63
Joined: Mon Jul 28, 2014 3:00 pm
Location: Vienna, Austria

Re: A couple of feature requests

Postby marco » Tue Mar 20, 2018 5:08 pm

ctwise wrote:1. Handle app updates intelligently: Notice that an app has "likely" been updated and ask the user if they want to transfer the old rules to the updated app.


This works automatically as long as the app’s path doesn't change. This is because rules in Little Snitch store the path to the app’s executable. Also, if the rule requires a valid code signature, the app must be signed by the same developer.

When the path changes with an update – which often happens for certain games – the rules won’t work anymore. We’re planning on improving this, but there’s still quite a lot of work to be done under the hoods to make this work reliably and securely. So there’s no timeframe for announcements yet.

ctwise wrote:2. Provide whois information for IP ranges.


We want to integrate whois queries into Research Assistant but haven’t gotten around to it yet.

ctwise wrote:3. Allow rules to be merged. Selecting a range of compatible rules and right-clicking on them to merge them into one rule, e.g., a group of rules listing different DNS or IP entries for the same app.


We had a simple version of something like this already quite a while ago but never got around to finishing it. Again, that’s something we want to do but haven’t gotten around to yet.


Reading my answers to your three suggestions makes me realize you have a pretty good idea of some of the things we want to do in the future :wink:

bleroy
Posts: 1
Joined: Tue Mar 20, 2018 6:48 pm

Re: A couple of feature requests

Postby bleroy » Tue Mar 20, 2018 7:02 pm

I get so many alerts for each page - changing control behavior to allow faster navigation through the 10+ alerts I get would be nice:

- alert timer starts immediately, does not turn off with mouse movement or app focus
- have a choice of Escape to deny, Return to accept

That would allow me to:
- deny connections while doing something else
- quickly accept and deny connections

Thanks!

RLD
Rank 1
Rank 1
Posts: 24
Joined: Sun Aug 10, 2014 8:45 pm

Re: A couple of feature requests

Postby RLD » Tue Mar 20, 2018 7:22 pm

Some of the items you are asking for can be accomplished with profiles. example..

profiles:
normal
updates
openvpn

In profile normal the apps that do updates (including the apple store and its cohorts) are blocked. select your normal profile, then select all>copy>paste into profile updates. go thru and allow all the updates in your "updates profile". assign network to it and when you want to do updates just activate that profile. granted its not automatic profile switching but it would accomplish what you want. a one button or near to it solution.

I do pretty much the same thing with my openvpn. a lot of system programs are blocked (mail, calendar, app store, various updates, games). allowing my vpn programs (tunnelblick, transmission, filebot, vuze, whatever) to connect which are blocked in profile normal. normal and openvpn are my two automatic switching profiles. normal uses ethernet or wifi and openvpn uses utun1. you can create more profiles for switching if you use locations such at wifi1 2.4g wifi2 5.g or via router/ap connection. that way all you would have to do is switch your location and LS will switch the profiles for you.

There appears to be no limit to the number of rules LS can use. I currently have over 1000 across 3 profiles. many are duplicates with few redunancies due to profiles.

I also block ports 1-1050 for all programs and selectively only allow certain ones to go within that range; i.e. mail, calendar, web browsers, ping, etc. all programs can access ports 1050-65535. I have also determined that disabling local network rules and switching them to specific ip range makes for better lan communication (on a per program basis: i.e. screensharing, nfs, netbios). external mounts for my NAS drives work flawlessly now instead of randomly popping up with inaccessible. I keep them in my dock as list/folder and use a folder on the drive for the link instead of the root dir. for some reason the dock does not like 2 afp/smb links on the dock from the NAS root dir.

just a few ideas for you to ponder. :)

RLD
Rank 1
Rank 1
Posts: 24
Joined: Sun Aug 10, 2014 8:45 pm

Re: A couple of feature requests

Postby RLD » Tue Mar 20, 2018 7:36 pm

bleroy wrote:I get so many alerts for each page - changing control behavior to allow faster navigation through the 10+ alerts I get would be nice:

- alert timer starts immediately, does not turn off with mouse movement or app focus
- have a choice of Escape to deny, Return to accept

That would allow me to:
- deny connections while doing something else
- quickly accept and deny connections

Thanks!


I know this can be irritating at times when it happens. The best solution I have found is either to deny everything or allow everything. (do not click forever imo). then open LS rules; go to unapproved, temporary, last 24hrs and adjust them to your liking making them permanent in the process. then dragging them to which ever profile you like or duplicate them for more than 1 profile.

marco
Objective Development
Objective Development
Posts: 63
Joined: Mon Jul 28, 2014 3:00 pm
Location: Vienna, Austria

Re: A couple of feature requests

Postby marco » Wed Mar 21, 2018 11:09 am

bleroy wrote:I get so many alerts for each page - changing control behavior to allow faster navigation through the 10+ alerts I get would be nice:

- alert timer starts immediately, does not turn off with mouse movement or app focus
- have a choice of Escape to deny, Return to accept

That would allow me to:
- deny connections while doing something else
- quickly accept and deny connections

Thanks!


You can actually use Escape to deny and Return allow connections. Please check if that is turned on in Little Snitch Configuration > Preferences > Alert. There’s a checkbox labelled “Confirm with Return and Escape”.

BTW: Having no permanent rules for the web browser and then allowing/denying connections via Connection Alert as they happen is a way to use Little Snitch that I find very cumbersome. I know people do it this way – even people on our team – but I find it much too tedious. Instead, I have allow rules for port 80 and port 443 and then deny connections after the fact using Network Monitor. I’m not saying that’s the “right” way to use Little Snitch, it’s just the way I like to use it.

aoiwaliadk33
Posts: 1
Joined: Tue Apr 10, 2018 2:43 am

Re: A couple of feature requests

Postby aoiwaliadk33 » Tue Apr 10, 2018 2:47 am

marco wrote:
ctwise wrote:1. Handle app updates intelligently: Notice that an app has "likely" been updated and ask the user if they want to transfer the old rules to the updated app.


In the interim, is there a workaround to simply copy rules that apply to the older version of the app and paste them to the new version. In my case, I have an app that updates very frequently. Within the app contents folder, new versions of the app get a new path to a new folder.

marco
Objective Development
Objective Development
Posts: 63
Joined: Mon Jul 28, 2014 3:00 pm
Location: Vienna, Austria

Re: A couple of feature requests

Postby marco » Tue Apr 10, 2018 9:50 am

aoiwaliadk33 wrote:In the interim, is there a workaround to simply copy rules that apply to the older version of the app and paste them to the new version. In my case, I have an app that updates very frequently. Within the app contents folder, new versions of the app get a new path to a new folder.

That is pretty much the workaround I’d suggest. To simplify, you can just edit the rules for the old version and change their path to match the new version. Another approach is to copy the rules for that app, paste them in a text editor as a textual representation that you keep around and edit for each new version, then paste that text back to Little Snitch Configuration.


Return to “Little Snitch General”

Who is online

Users browsing this forum: No registered users and 4 guests

cron