| > Software has security vulnerabilities. So, even if the software is trusted, there could be a zero-day vulnerability that is exploited. I'd rather have software stopped in its tracks. How? When the zero day hits, the program has long been marked as trusted and the firewall will just happily let it go along. Besides, even if you're an experienced user and the firewall is smart enough to figure out that the application is talking to a server that it's never talked before (which isn't even sustainable for a lot of applications), it's very likely that you'll see the alert way before you read the news about the zero-day, and you'll just shrug and allow it to continue because you trust that program. (Edit: maybe personal firewalls got smarter since I last used one and there's something else I'm missing here?) > Maybe macOS apps are different, but I never had this experience during while using little snitch for almost 10 years. The kind of applications that actively snoop on users as a business model -- the ones that you want to block in the first place -- sometimes even do this deliberately (which is something that I know from experience, not something that I suspect). Inexperienced users quickly figure out it's the firewall that gives them trouble, and they'll pick disabling the firewall over not playing with their toy any time. This works for pretty much any sort of permissions. For example, last time I ran it on my tablet, Instagram's application was crippled to uselessness because I had disabled camera access (my girlfriend only needed to post a photo on an account that she managed): as soon as it opened, it spit out a big fat error message saying it can't access the camera and that you should allow camera access if you want to be able to take photos. As soon as you tapped ok, the same error popped up, and the application never loaded. macOS apps aren't any different, you're just running the right ones :-). |