Apple's apps bypass firewalls like LittleSnitch and LuLu on macOS Big Sur

This is one of those tough cases where software cuts both ways.

Some people are smart, informed developers that install a trusted tool to monitor their traffic and have legitimate reasons to want to inspect Apple traffic. They're dismayed.

Most people are the opposite and this move protects the most sensitive data from being easily scooped up or muddled in easily installed apps, or at least easily installed apps that don't use zero days.

Is the world better or worse due to this change? I'd say a touch better, but I don't like the fact that this change was needed in the first place. I trust Apple, but I don't like trusting trust.

If I install Little Snitch, it's because I trust Little Snitch to be responsible for my computer's network traffic, over and above anyone else.

I recognize that this won't necessarily apply to all users or all apps, but there needs to be a way for the user to designate trust. Apple services and traffic should not get special treatment.

5 years ago I found LS was unable detect any traffic out of a VMWare virtual machine running on the same Mac. Sure the VM is running through some installed virtual network adapter, but if that's all it takes an attacker can set up one of her own. Cool Hollywood interface but I gave up on LS as a serious security tool right there.

I can't speak about 5 years ago, but I was using Little Snitch with VMWare last year, and it worked. I had to specifically allow the VMWare process.

Guest traffic was visible when the VM was in NAT mode, but when switched to Bridged mode traffic went straight through with LS unaware. I suppose LS was only sniffing the standard adapters, though this could have been improved since.