Originally Posted by SolipsismX
Clearly I'm wrong but I had thought the "Automatically download safe downloads list" would also get rid of any malware files it detects.
This has been said many times but I don't what Little Snitch has that is proprietary or Apple couldn't easily reproduce on their own. It's a high level outgoing firewall and access-list.
The problem with Little Snitch is that it's not for novice users so that it's not something I see Apple incorporating which is probably why they've tried to keep their own OS X firewall appear as simple as possible to the user.
Exactly. The existing firewall is already fairly robust. NoobProof is much better for the average user than Little Snitch.http://support.apple.com/kb/HT1810?v...S&locale=en_US
Configuring the Application Firewall in Mac OS X v10.6 and later
Follow these steps:
Choose System Preferences from the Apple menu.
Click the Firewall tab.
Unlock the pane by clicking the lock in the lower-left corner and enter the administrator username and password.
Click Start to enable the firewall.
Click Advanced to customize the firewall configuration.
Application Firewall's three advanced settings
1. Block all incoming connections:
Mac OS X v10.6 will block all connections except a limited list of services essential to the operation of your computer.
The system services that are still allowed to receive incoming connections are:
configd, which implements DHCP and other network configuration services
mDNSResponder, which implements Bonjour
racoon, which implements IPSec
This mode will prevent all sharing services, such as File Sharing and Screen Sharing found in the Sharing System Preferences pane, from receiving incoming connections. To use these services, disable this option.
2. Automatically allow signed software to receive incoming connections
Applications that are already signed by a valid certificate authority will automatically be added to the list of allowed applications rather than prompting the user to authorize them. For example, since iTunes is already signed by Apple, it will automatically be allowed to receive incoming connections through the firewall.
3. Enable stealth mode
With stealth mode enabled, the computer will not respond to requests that probe the computer to see if it is there. The computer will still answer requests coming in for authorized applications, but other unexpected requests, such as ICMP (ping), will not get a response.
All applications not in the list that have been digitally signed by a Certificate Authority trusted by the system (for the purpose of code signing) are allowed to receive incoming connections. Every Apple application in Mac OS X v10.6 has been signed by Apple and is allowed to receive incoming connections. If you wish to deny a digitally signed application, you should first add it to the list and then explicitly deny it.
If you run an unsigned application not in the Application Firewall list, you will be presented with a dialog with options to Allow or Deny connections for the application. If you choose Allow, Mac OS X v10.6 will sign the application and automatically add it to the Application Firewall list. If you choose Deny, Mac OS X v10.6 will sign the application, automatically add it to the Application Firewall list and deny the connection.
Some applications check their own integrity when they are run without using code signing. If the Application Firewall recognizes such an application it will not sign it, but then it will re-present the dialog every time the application is run. This may be avoided by upgrading to a version of the application which is signed by its developer.