For those running Little Snitch who aren't subscribed to the discussion
list, a recent rundown on its problems as perceived by a user could be
useful:
Summary:
"**
The Bottom Line
**
LittleSnitch is not currently secure.
"killall LittleSnitchDaemon" will allow any app to "phone home" without
being detected by LittleSnitch
Properly securing LittleSnitch would involve running the daemon and all
LittleSnitch components as the root user or as an independent
LittleSnitch user.
This separation is inline with the intended architecture of unix
platforms (MacOS X included) and lends itself quite well to a command
line interface.
If a properly implemented command line interface is considered to be a
security hazard then the entire structure of the operating system is a
security hazard.
The main point to take away from this is that as it is currently
implemented, LittleSnitch is not secure.
A malicious app need not sneak new rules in to the configuration when
the communication block is not effective.
**
The most important request here is to secure LittleSnitch."
**
The full text of the message can be found in the mailing list archive:
http://www.mail-archive.com/littlesnitch-talk@obdev.at/msg00284.html
I opened a test user account to see whether access to the LS daemon can
be got via no privileges, and access to the LS daemon is indeed there.
I was able to delete it via the UI 'startup items list' - no unix-speak
needed. And in the process found that even though admin is required to
activate the LS daemon for that user, it reverts to default (off) at
each logon of this account. There is no process to initiate the LS
Daemon for a non-admin user. The process for admin user is initiated
at logon - as Arno describes.
LS 1.1.1 in 10.3.9 patched to date.