Page 1 of 1

Protected Rule Disabled and Keeps Re-Enabling

Posted: Thu Feb 14, 2013 11:59 am
by Stuart
I want my AppStore to have network communication disabled (so it has to ask me whenever it connects so I know what and why it is doing it (i.e. I only use AppStore for Software Updates and don't want it doing other stuff as and when it wants to).

So, I find that for some reason the in-built AppStore Enable rule is protected! (quite why ... well it seems daft).

So, I disable that AppStore protected rule.

Then, all fine, AppStore asks when wants to connect ... all happy

Then I re-boot/restart the Mac

And the AppStore protected rule seems to automatically become re-enabled and AppStore had a great time passing all sorts of info to Apple, info I specifically purchased Little Snitch to block!

Running Mountain Lion 10.8.2, LS 3.0.3 nightly 3901

Re: Protected Rule Disabled and Keeps Re-Enabling

Posted: Thu Feb 14, 2013 8:09 pm
by Stuart
FYI: Reported to ObDev who have confirmed the bug and passed it on o developers.

Stuart

Re: Protected Rule Disabled and Keeps Re-Enabling

Posted: Mon Feb 18, 2013 10:53 am
by Stuart
Any news of a fix as I am now finding all sorts of stuff freely communicating that I had blocked. Sort of makes LS a waste of time as it is not blocking stuff I have set it to block. In fact worse because I think it is blocked and I am safe but in fact things are freely communicating because of this rather major bug.

I gets very dangerous when you believe you have locked something down (for security) yet bugs mean it is wide open. e.g. If the lock on your front door opened itself automatically 1hr after you locked it and went shopping, would you feel your house contents were secure ?

Re: Protected Rule Disabled and Keeps Re-Enabling

Posted: Mon Feb 18, 2013 4:57 pm
by hagen
I've seen these rule changes on new or updated clones, but never on reboot or on MacIntosh HD. This is with OSX 10.6.8 Snow Leopard. I wonder if it's another 10.8.2-related problem.

Re: Protected Rule Disabled and Keeps Re-Enabling

Posted: Mon Feb 25, 2013 4:32 pm
by Stuart
hagen wrote:I've seen these rule changes on new or updated clones, but never on reboot or on MacIntosh HD. This is with OSX 10.6.8 Snow Leopard. I wonder if it's another 10.8.2-related problem.


I don't know. I'm running on 10.8.2. I've just had App Store scanning and talking to Apple (and telling then god knows what) because I re-booted a few days ago and forgot to re-disable the App store rule. I do have a "disable" rune on everything the App Store might want to do but seems the protected enable rule built-in takes priority and everytime re-enables on re-boot (not just an occasional glitch).

So security wise Little snitch is actually worse than useless as it gives you the impression you are secure when it has secretly re-enabled an app that does seem to scan you computer and talk to Apple sending them stuff (but who knows what).

This was reported some time ago and immediately found to be the case and reproducible and still no fix (even in the nightly updates).

How many people out there are unaware that their security system has a bug that allows your computer to communicate despite it supposedly being locked down. I am disgusted that ObDev seem to be treating this CRITICAL bug as a "when we get round to it ...". Security is what people are paying for and they are getting worse because they think they are secure when they are not.