←back to thread

Apple's apps bypass firewalls like LittleSnitch and LuLu on macOS Big Sur

(twitter.com)
1183 points robenkleene | 1 comments | 20 Oct 20 15:51 UTC | HN request time: 0.21s | source
Show context
3pt14159 ◴[20 Oct 20 16:03 UTC] No.24838967[source]
This is one of those tough cases where software cuts both ways.

Some people are smart, informed developers that install a trusted tool to monitor their traffic and have legitimate reasons to want to inspect Apple traffic. They're dismayed.

Most people are the opposite and this move protects the most sensitive data from being easily scooped up or muddled in easily installed apps, or at least easily installed apps that don't use zero days.

Is the world better or worse due to this change? I'd say a touch better, but I don't like the fact that this change was needed in the first place. I trust Apple, but I don't like trusting trust.

replies(19): >>24838993 #>>24839043 #>>24839086 #>>24839126 #>>24839194 #>>24839419 #>>24840315 #>>24841406 #>>24841984 #>>24842961 #>>24843115 #>>24843241 #>>24844017 #>>24844287 #>>24844319 #>>24844636 #>>24845405 #>>24845660 #>>24845932 #
Wowfunhappy ◴[20 Oct 20 16:05 UTC] No.24838993[source]
If I install Little Snitch, it's because I trust Little Snitch to be responsible for my computer's network traffic, over and above anyone else.

I recognize that this won't necessarily apply to all users or all apps, but there needs to be a way for the user to designate trust. Apple services and traffic should not get special treatment.

replies(3): >>24839030 #>>24839084 #>>24842512 #
threatofrain ◴[20 Oct 20 16:12 UTC] No.24839084[source]
If you don’t trust Apple then you need something more than little snitch. Apple is responsible for both hardware and OS. What delta in security or trust is little snitch going to offer over Apple?
replies(2): >>24839186 #>>24842154 #
addicted ◴[20 Oct 20 16:20 UTC] No.24839186[source]
In this situation the question isn’t about whether or not Apple can be trusted.

Apple has clearly betrayed users’ trust in this situation.

People don’t install Little Snitch only to prevent nefarious third party activity. Some may want to know what traffic is going to and from their computers. Other may want to block all traffic for testing and/or research purposes.

I can trust that Apple is not doing something nefarious and still see that Apple is blatantly betraying the fact that people trusted when switching stuff like firewalls away from kext that it wouldn’t build backdoors for itself.

Also, any backdoors Apple builds for its own apps and services are simply an additional attack vector that could potentially be used by non Apple malicious actors.

replies(2): >>24839406 #>>24839483 #
threatofrain ◴[20 Oct 20 16:35 UTC] No.24839406[source]
> any backdoors Apple builds for its own apps

Apple hasn't weakened the security of their devices to provide a secret way in, in fact, they made their systems even more robust.

The question absolutely is whether Apple can be trusted. Little Snitch works for other apps, just not Apple's apps. The remaining slice of the pie you're arguing for is whether or not we can trust Apple.

So what delta in security and trust over Apple are we getting by asking for this change, and how much insecurity and brittleness are we inviting to all other users with our ineffective software based firewall?

replies(3): >>24839460 #>>24839619 #>>24842479 #
Wowfunhappy ◴[20 Oct 20 16:39 UTC] No.24839460[source]
> Apple hasn't weakened the security of their devices to provide a secret way in, in fact, they made their systems even more robust.

I'd consider poking a hole in firewalls to be providing "a secret way in", particularly in the context of Little Snitch. This isn't some antivirus bloatware that comes preinstalled, or a firewall imposed by corporate networks. The entire pitch of Little Snitch is that it enables you, the user, to monitor and control any bit of traffic that leaves your machine. No one was asking for Apple to bypass that.

replies(1): >>24841801 #
mlindner ◴[20 Oct 20 20:03 UTC] No.24841801[source]
ANY firewall inherently trusts the OS of the device it's running. They have to in order to function. The firewall sits on top of the OS, not underneath it. Even on Linux if you're running ipfw, the traffic first goes through the OS and then to your firewall.
replies(2): >>24842170 #>>24845430 #
1. saagarjha ◴[21 Oct 20 07:08 UTC] No.24845430[source]
There is trust and there is visibility. Here’s an alternative example I actually do quite often: I attach debuggers and such to system processes. Not because I don’t trust them to not do something malicious, but knowing what they are doing is always useful to me. If Mail is randomly reading files from my Documents folder, perhaps something is wrong with it. Maybe I should just tell it that I can’t look there and see why it might be doing so. These are things that give me more control over my system, not things I engage in because of a lack of trust.