Little Snitch 4 Public Beta
Objective Development (Hacker News):
Third party developers can now bundle their apps with an Internet Access Policy file containing descriptions of all network connections that are possibly triggered by their app. Little Snitch will then display that information to users, helping them in their decision how to handle a particular connection. A description of the policy file format will be provided soon.
[…]
The network filter now performs Deep Packet Inspection instead of the previous IP address based filtering. This results in much more precise filter matching, especially in those cases where one and the same IP address is possibly associated with multiple hostnames (e.g. google.com vs. googleanalytics.com)
[…]
The code signature of the connecting processes is now taken into account. If a rule was created for a process with a valid code signature, that rule will no longer match if the signature changes or becomes invalid. This prevents malicious software from hijacking existing rules.
[…]
To avoid a vast numbers of connection alerts from appearing when using common macOS and iCloud services, Little Snitch now provides preconfigured rulesets for these usage areas.
Sounds awesome. It is compatible with macOS 10.13 if you use the new option in System Preferences to allow the kernel extension to load. Previously, kernel extensions just had to be signed using a special key that you apply for. Going forward, Apple is deprecating kernel extensions, so hopefully they will be adding an extension point so that utilities like Little Snitch can continue to work. If you want to do novel things with the kernel that Apple hasn’t pre-planned for, it sounds like you’ll be out of luck.
Update (2017-06-29): See also: Little Snitch and Possible Deprecation of NKEs.
3 Comments RSS · Twitter
The linked session says they're deprecating network kernel extensions, not all KEXTs.
(Yes there are the German rumors about that, but I suspect they might have just not heard the *network* part).
They are deprecating Kernel Extensions on iOS. But macOS is clearly the next step. They are looking for feedback on what is currently missing in the Network Extension features set so that moving from NKE to NE can be done.