[elesiuta]

I agree with the snake oil sentiment, and wanting a tool to monitor connections on a per application basis but being dissatisfied with everything I found, I wrote my own (https://elesiuta.github.io/picosnitch/).

Only then did I discover that creating any sort of tool that is running on the same machine it is supposed to protect, if malware is also on said machine, is basically a fool's errand.

I tried to overcome as many of the pitfalls as I reasonably could, but reached a point now where the best approach is to just document any remaining limitations and some of the other counter measures you can use.