Since it has been a bit silent on the security side of the blog lately, I have been working on some additions that are in line with the original nature of the blog. This week an interview with Johannes Tiefenbrunner, developer at Obdev in Austria, known for the premier Mac firewalling program Little Snitch, that protects you against potential trojans, outgoing connections (applications phoning home) and lately, even code injection. Obdev is also known for Launchbar, a very popular launcher application for OS X.
So, here’s the interview, in which I ask them about those cool features like code injection prevention, the future and past of Little Snitch (like Leopard) and even it’s icon. We also touch on OS X as a secure platform and it’s future.
1. Cocoia: Hello! You’re the developers behind the widely used security program for the Mac, Little Snitch. Could you tell a bit about your company?
Obdev: We kind of stepped into the Mac area via the side door: We’ve been developing software for the NeXT platform – e.g. LaunchBar actually started on the NeXT. When NeXT and Apple joined and the NeXT (OpenStep) technology became “Cocoa”, we were able to use our rich experience for the Mac.
We also develop for other *nix based platforms – our SMB network client Sharity supports several *nix flavors and our WebCMS WebYep, being PHP based, is cross platform anyway.
But we definitely can say that developing for the Mac is incomparably more joyful ;-).
2. Cocoia: Little Snitch has been among us for quite some while. What was the initial impulse to begin development on Little Snitch? How old is it now, exactly?
Obdev: The first version of Little Snitch was released in February 2003.
The idea of such application came up when we installed a new version of a well known application from one of the big software companies. There were rumors that this new version phones home, but nobody had definitive information since ordinary users weren’t able to verify this at that time. Curious as we are, we dove down into the Unix level of Mac OS X and by running some network sniffing tools found that the rumors were true.
We did not like the idea that any application can send data anywhere without our knowledge. The user should be informed and be able to decide. That’s why we created Little Snitch.
3.Cocoia: Have there been specifically hard points for you, like OS transitions and uneasy development challenges?
Obdev: Every Mac OS transition has the potential of requiring severe redesigns of Little Snitch – working in close contact with the lower levels of the operating system results in a greater dependency to that system’s implementation details.
But on the other hand this also makes it more challenging than the “usual” Mac OS application. Covering the whole area, from the kernel level up to the GUI, makes Little Snitch a very interesting project.
4. Cocoia: I have noticed that the latest versions of Little Snitch have improved protection from other, slightly related security issues like code injection. That’s quite a feat. What prompted the addition of this feature, and do you plan more extensive features like this in Little Snitch for the future versions?
Obdev: We have no plans to make Little Snitch into an “all-round security tool” with virus scanner, malware detection, firewall etc. – these things are not Little Snitch’s job. But whenever Little Snitch itself is endangered by some security problem, like it was by the code injection issue, we will protect it.
5. Cocoia: Little Snitch’s icon has had some criticism by bloggers and commenters on websites alike. What are your thoughts on this?
Obdev: To be honest: This is totally new to us. We actually have seen very positive response to Little Snitch’s icon – like on Starry Hope.
But this of course is a subject of taste. We currently do not have any plans to change the icon, but the upcoming Little Snitch 2 (currently in closed beta) will include improvements also on the visual side as well as in usability and functionality.
6. Cocoia: Is there a special version of Little Snitch for Leopard in the works? Is there anything you can divulge about this?
Obdev: With every new pre-release build of Leopard we adapt the current beta of Little Snitch 2. When Leopard is officially released, we will have a compatible version ready.
7. Cocoia: What are your thoughts, as a developer of premier security software for the Mac, as OS X’s security status? Do you think the future is grim, or do you have faith in the strength of a well-designed OS?
Obdev: We think that with Mac OS X Apple has a very good chance to offer the best and also most secure desktop operating system available. As always, there’s room for improvement, but beside other advantages, Apple has one big pro: They always had the guts to redesign core parts of their OS whenever they found a better solution instead of clubfooted dragging old designs into new OS version just for the sake of compatibility.
8. Cocoia: All right, thanks for the interview!
Obdev: Our pleasure – good bye!
I want to thank Johannes for this great interview and taking the time for having it.