Nightly Builds sind Vorabversionen von Little Snitch, welche die aktuellsten Fehlerbehebungen und Funktionsverbesserungen enthalten.
Little Snitch has a security mechanism which ensures that rules are only applied to those programs for which they were originally created (to prevent malware from hijacking existing rules for legitimate programs). This mechanism has changed with this nightly build. Previous versions, up to build number 5237, required a program to have a valid code signature in order to be able to detect illegitimate modifications later on. Other code could not be validated and Little Snitch warned accordingly. The focus was therefore on the code signature.
Beginning with 4.3 nightly build number 5250, Little Snitch can now always check whether a program has been tampered with, even if it’s not code-signed at all. There’s still a warning if a process is not signed, but only to inform the user about a possible anomaly. The focus is now on checking for modifications with the best means available.
This change also leads to a different terminology. Instead of a “code signature mismatch” Little Snitch now informs about a “program modification, detected when checking its identity”. And a rule no longer “requires valid code signature” but instead lets you specify to “check the process identity”.
In those cases where Little Snitch detects such a modification, it now also better explains the possible underlying cause and the potential consequences.
If the identity of a process was compromised by loading code from a library that’s not properly code-signed, the path of that library is now shown in the details section of the connection alert.
Improved handling of denial rules that were created as a consequence of a suspicious program modification. In Network Monitor, these rules are now marked with a dedicated symbol. Clicking that symbol allows to release the denial, if the modification is confirmed to be legitimate.
Improved handling of large rule sets with lots of similar rules, that only differ in host or domain names (quite common when subscribing to a blacklist which may contain thousands of similar, individual rules denying connections to various servers). The new “Automatically combine rules” option in Little Snitch Configuration (which is turned on by default) now combines such similar rules into a single row, making it much easier to keep the overview over a large list of rules.
Improved the map display in the “Known Networks” window in Little Snitch Configuration.
Improved display of data rates displayed in Network Monitor to correctly match the values shown in the status menu.
Improved the legibility of traffic rates in the status menu on Retina displays.
Fixed an issue causing Time Machine backups to Samba servers to stop working under some circumstances.
Fixed an issue in Little Snitch Configuration where the “Turn into global rule” action did not work.
Fixed an issue related to VPN connections with Split DNS configuration, that caused only the server’s IP address to be displayed instead of its hostname.
Fixed an issue where an error, that occurred in the course of a previous rule group subscription update, was still displayed, although the problem no longer existed.
Reduced the snap length in PCAP files, allowing them to be analyzed not only with Wireshark but also with “tcpdump”.
Fixed some issues in the kernel extension that was introduced in a previous nightly build.
Fixed an issue causing an app’s Internet Access Policy not being shown if that app was running in App Translocation.
Fixed a memory leak that occurred when closing a snapshot window in Network Monitor.
This version uses an improved but incompatible file format to archive the current rule set and preferences. The old archive file is preserved. If you downgrade to a previous version, all changes made since this upgrade will be reverted. Backup files are still created in a backward-compatible format.
Improved handling of processes without code signature in Silent Mode. When there was a matching allow-rule for “Any Process” requiring a valid code signature, Little Snitch considered the unsigned process as case of likely tampering and inserted a high priority deny-rule. We now just skip the matching rule and act according to Silent Mode (allow or deny).
If the matching rule requires a particular code signature (from a particular developer), we still consider it as case of likely tampering and add a high priority deny rule. The process has been seen with a valid code signature before, so the code signature must have been removed.