Little Snitch Being Bypassed By Developers?

General discussions about Little Snitch
Snowshoe

Little Snitch Being Bypassed By Developers?

Post by Snowshoe » Wed Jul 11, 2007 3:34 am

It appears that xtralean (XtraLean Software, Inc.), through its program ImageWell, has started to program the software to bypass Little Snitch.

Will Little Snitch be updated?

Snowshoe

Post by Snowshoe » Wed Jul 11, 2007 11:46 pm

I guess the software in question uses some type of script for a web browser and does not phone home.

Lieven

Post by Lieven » Sun Jul 15, 2007 2:54 pm

Snowshoe wrote:I guess the software in question uses some type of script for a web browser and does not phone home.


There are several mechanisms to access the web, which doesn't neccesarely means Little Snitch is bypassed.

A nice example is acrobat reader.
When opening a PDF you might be tempted to always allow web access to a pdf to make it easier to click on a webpage in a PDF.
Acrobat includes its own web-engine, so plugins like Pitstop will have free web-access and free control over your serials then.
Little-Snitch is less annoying for the user then other firewalls, which is nice, but don't let it fool you to open up free internet gates ;-)

RedTuttle

Post by RedTuttle » Mon Jul 30, 2007 3:10 am

I KNOW for a fact that Drag Thing bypasses Little Snitch. I have no idea how, and I haven't gotten the chance to run a packet sniffer to catch it in the act, but my registration is always invalidated whenever I've been connected to the internet for about a half an hour, and it didn't get invalidated for about two months while I had no internet access.

arkus

Post by arkus » Sun Aug 05, 2007 11:10 pm

It seems KIT (Keep it Together) has some way to bypass it too. I installed the trial and was looking through options. Under the update section it said it last checked a few minutes ago but I had never received a notice that it was connecting.

Guest

FlexNet

Post by Guest » Wed Aug 08, 2007 6:36 am

Filemaker Pro 9 demo installed FlexNet which bypasses Little Snitch to report whatever about the computer it is installed on. Adobe also uses this product.

What is the legality of this spyware?

randyharris
Rank 1
Rank 1
Posts: 34
Joined: Thu May 10, 2007 9:10 am

Re: FlexNet

Post by randyharris » Fri Aug 31, 2007 9:02 pm

Anonymous wrote:Filemaker Pro 9 demo installed FlexNet which bypasses Little Snitch to report whatever about the computer it is installed on. Adobe also uses this product.

What is the legality of this spyware?


How about the legality of using Little Snitch to steal software?

Fluffy
Rank 1
Rank 1
Posts: 23
Joined: Fri Nov 17, 2006 1:35 am

Post by Fluffy » Fri Aug 31, 2007 11:15 pm

RedTuttle wrote:I KNOW for a fact that Drag Thing bypasses Little Snitch.

DragThing may be using expiring serial numbers. They won't expire if your machine does not have network access... But if you have a net connection and DT is blocked, then it can expire itself.
In my tests, LittleSnitch 1.2.4 always notifies when DT wants access.

arkus wrote:It seems KIT (Keep it Together) has some way to bypass it too.

LS always notifies me about KIT version checks...

As randyharris pointed out, you shouldn't be using LS to steal software, it is for managing privacy...

askywalker

Caring about security does not make us software pirates!

Post by askywalker » Sat Sep 01, 2007 4:59 pm

I am an IT guy from a Windows world - so I understand that when Mac users see my 'zeal' for security they may think I am going overboard. But the simple fact is that I am responsible for keeping my (and my customer's and employees) data safe. As far as I am concerned, it is absolutely critical that I am in control of any network activity from our computers.

As a company, we are just beginning to explore adding OS X onto our network. Little Snitch was recommended as an easy way to make sure that there is no 'outbound' network activity that is unauthorized.

Caring about security and being in control of your network is the responsibility of anyone who has personal/confidential data on their computer. Rootkits and anti-piracy methods have recently been infecting PC's with a hackers 'dream come true' - invisibility...

I have no problem with software requiring live checks and activations - but I will not allow software to hide it's network activity. If software stops working because we (through a tool like Little Snitch) have blocked their network activity we can usually talk to the software company and come up with some resolution - including getting proof (through packet analysis and such) that the network access is safe.

I will not be able to trust Little Snitch - and I don't think others should either - if it is easy to circumvent. And I strongly resent being thought of as a software pirate just because I am concerned that Software Developers are finding ways to hide from tools like Little Snitch. If there was some involvement from Obdev about this, and a community of users that was helping Obdev find holes so that they could get 'patched' I would be eager to jump on board. But it appears to me that Obdev is not taking this very seriously?

FredB
Rank 2
Rank 2
Posts: 69
Joined: Sun Dec 31, 2006 8:19 am
Location: Liège, Belgium
Contact:

Post by FredB » Sun Sep 02, 2007 3:36 am

First, two points:
  • It's not because someone think that there is a hole in LS that it is a fact.
  • Why do you think obdev doesn't care? There has been ways to circumvent LS before and they've been patched.

I love LS and I'm a registered user for a long time, but if you need to manage a lot of workstations with predefined rules, ipfw is bundled with OS X. You'll need to configure it yourself and without GUI, but I guess that's not a problem.

I agree with you that the reason why someone use LS is irrelevant. We're talking about the efficiency of a tool here, not about morality.

askywalker

Post by askywalker » Sun Sep 02, 2007 4:45 am

Fred - you make a couple of great points. I shouldn't assume that there are holes - but the lack of response from objdev to several threads indicating holes can only lead me to assume that they are not being looked into.

I would expect that ObjDev would be thankful that posters were bringing these issues to their attention, and would appreciate the 'feet on the street' to test. Even a canned response that they were aware of this, and were working on a solution would be great.

I like the feel of Little Snitch - and actually really like supporting development initiatives from smart developers - which ObjDev seems to fit. I don't expect perfection from software - but am wary of 'part time' projects where the developers commitment is questionable.

Our small company has little to no I.T. support for Apple OS X. I would guess that there are a ton of companies similar to ours that are wary of 'OS X', but prefer not to stifle the 'passions' of their employees.

# Why do you think obdev doesn't care? There has been ways to circumvent LS before and they've been patched.

This second point is important - I suppose I didn't search back far enough, or did a poor job in researching on the forum. Had I seen 'ANY' interest from ObjDev about these security breaches (or former but relatively recent breaches) my attitude would have been completely different.

It sucks that there are security holes everywhere - but it is the best that we can expect that Microsoft, Apple down to small companies like ObjDev take them seriously and work hard to get patches to their users as quickly as possible.

Kevin

Response to security holes

Post by Kevin » Sun Sep 02, 2007 9:40 pm

Askywalker: You are asking questions that go to the heart of the raison d'etre for using LS to begin with, and deserve a reponse. Have you emailed Obdev asking them about this, or submitted a support ticket?

FredB
Rank 2
Rank 2
Posts: 69
Joined: Sun Dec 31, 2006 8:19 am
Location: Liège, Belgium
Contact:

Post by FredB » Mon Sep 03, 2007 1:16 am

@askywalker

The forum is quite recent compared to LS existence, in fact they opened a forum after we asked for one on the LaunchBar mailing list...

The forum is probably not the best way to contact Obdev for urgent/security matters. Keep in mind that Obdev as limited resources (just a guess but...), and I think their time is better spent working on the softs than reading/answering the forum...

Kevin

Priority of message booard responses

Post by Kevin » Mon Sep 03, 2007 5:31 am

FredB,

In general I would agree with you, but the entire reason we are using LS to begin with is undermined if programs can skirt around it. I don't think getting a reputation as a firewall with holes in it is going to do ObDev any good, and as has already been noted, the Mac community is small, and word *will* get out. Therefore, I think it is incumbent upon them to respond to the concern raised by his particular thread -- not to do so means everyone will simply assume LS is fatally flawed. (On a personal note, I myself am not going to buy it until I hear their response.)

-Kevin

Fluffy
Rank 1
Rank 1
Posts: 23
Joined: Fri Nov 17, 2006 1:35 am

Post by Fluffy » Mon Sep 03, 2007 8:42 am

So far, there has been no concrete evidence presented in this thread showing that LS is actually being bypassed!

The initial post about ImageWell has been proven false. The other examples of DragThing and KIT are equally without merit.

This is not to say that it is not possible for a malicious app to trick LS (or the user) into allowing a connection, however none of the ranting in this thread concerns that type of scenario...

Post Reply