Lulu Firewall For Macos

| 16-09-2021
[RAND-1-100] Comments

  1. Lulu Firewall For Macos 13
  2. Lulu Firewall For Macos Catalina
  3. Lulu Firewall For Mac
  4. Lulu Firewall Mac Os Big Sur
  5. Lulu Firewall Macos

Q: How do Apple's apps bypass firewalls like LittleSnitch and LuLu on macOS Big Sur? A: You have that backwards. Apple’s apps all get access to pass through the firewall from the system, this is normal otherwise your system would not work. Third. October 9, 2018 July 27, 2019 Comments Off on LuLu v1.1.1 released: free open-source macOS firewall lulu lulu firewall macos firewall opensource firewall for mac LuLu is the free open-source macOS firewall that aims to block unauthorized (outgoing) network traffic unless explicitly approved by the user. Jan 12, 2021 LuLu is a free and open-source firewall that aims to block unknown outgoing connections, protecting your privacy and your Mac. I’m pretty sure I’ve mentioned LuLu in the past in articles here and there, as Objective-See/Patrick Wardle creates fantastic security apps for macOS.

LuLu is the free, open-source macOS firewall that aims to block unknown outgoing connections, unless explicitly approved by the user. It’s goal is simple; block any unknown outgoing connections, until approved by the user.

While it was designed to generically detect malware by flagging unauthorized networking connections, LuLu can also be used to block OS components or 3rd-party applications from transmitting information to remote servers.

For

What’s to like about this program:

  • 100% free – As in no ads, no time trials, no missing features. Because why not!? And no, it doesn’t track, monitor, or spy on you – as that’d just be pure evil!
  • shared source – The full source code for th application is available on GitHub. Such transparency allows anybody to audit its code, or understand exactly what is going on.
  • protects – the tool aims to alert you whenever an unauthorized network connection is attempted. As such, it can generically detect malware, or be used to block legitimate applications that may be transmitting private data to remote servers.
  • simple – “Do one thing, do it well!” LuLu is designed as simply as possible. Sure this means complex features may not be available, but it also means it’s easier to use and has a smaller attack surface!
  • enterprise friendly – Want to know what network events are being detected? Or rules your users have added? LuLu provides simple mechanisms to subscribe to such events, and stores data such as rules in an open, easily digestible manner.

You can read more and download this tool over here: https://github.com/objective-see/LuLu

Related Posts:

Two issues following the Big Sur update for macOS have been revealed. The first issue revolves around Apple notarization for apps, and is a security features used by Apple to verify that apps aren't harmful and hasn't been modified. The second issue is that apps created by Apple typically circumvent VPN connections.

TLDR: After extensive research and testing, the OVPN client does not leak data from native Apple apps when the killswitch is enabled as the killswitch uses the Packet Filter (PF) firewall. All traffic originating from your macOS computer is sent over the VPN connection.

Lulu Firewall For Macos 13

What happened?

Lulu

If you tried to open any applications on your Mac around November 12th, you may have noticed that the applications either failed to launch, or took a very long time to launch.

LuluLulu Firewall For Macos

This is because modern versions of macOS sends a hash to Apple every time you launch a program, and (possibly due to the Big Sur update) the Apple servers got really slow. So slow, in fact, that the hash that gets sent to Apple failed to send and didn't trigger the offline-code. This, in turn, causes all non-Apple apps to fail to launch.

Whenever you launch an application on your macOS computer, the computer sends a message to ocsp.apple.com which contains the following information:

As with any server you communicate with, the server can also see your IP address. This opens a potential issue with all modern macOS computers where they can associate both your normal IP address and VPN IP address to you. When you start a VPN application, the aforementioned information would be sent to Apple's servers using your ISP IP address. After you've connected and started any other application, a new call would be made to Apple's servers with your VPN IP address, meaning your VPN IP address could potentially be tied back to you using the information Apple has stored about you.

What's worse, the information doesn't only stay with Apple, the requests your computer sends are unencrypted, meaning your ISP or anyone else on the same network as you can see these, as well as anyone else who may have tapped their cables. They're also sent to a server run by a separate company — Akamai — who would also have access to them. In addition to Apple and Akamai, Apple has been a partner of the US military intelligence PRISM program since October 2012, who can access all of this data at any time without a warrant. And boy do they. In fact, they did so more than 35000 times during 2019.

Before the Big Sur update, all of this could be blocked using Little Snitch, LuLu or other firewall applications, but that's no longer possible as of macOS 11.0, due to some new APIs that prevent firewalls from blocking these. Little Snitch recently released an updated version, Little Snitch 5, that does solve this issue which you can upgrade to for free if you purchased Little Snitch 4 after November 1st 2019.

While this has been standard even in previous versions of macOS computers, this is the first time that Apple actively prevent people from blocking these requests. Beyond the obvious privacy issues, this opens up a lot of new problems, such as Apple being apple to control which apps are allowed to be launched on your computer, opening doors for authoritarian regimes such as China to coerce Apple into censoring which applications Chinese users can access, something they've already done in the past on the App Store. This could also potentially open up new doors for governments such as the United States to install backdoors directly into Apple's devices — which they introduced a bill for as recently as this year.

Lulu Firewall For Macos Catalina

How can this be prevented?

Currently, there is no easy way to prevent this on your Apple device without third-party apps since the daemon responsible for these requests (trustd) is in the new ContentFilterExclusionList, meaning they ignore any user-controlled firewalls. In fact, all Apple-developed apps seem to ignore most VPN and firewall rules completely. After extensive research and testing, the OVPN client does not leak data from native Apple apps with the killswitch enabled. Other apps such as Tunnelblick, WireGuard and Viscosity do, though.

Since the lookups are done unencrypted towards ocsp.apple.com you could potentially filter them directly on a hardware firewall as well, such as on your router. You can also install third-party firewall applications such as Little Snitch 5 to block these requests.

Do note that blocking ocsp.apple.com can lead to issues with app certificates since Apple do use it to authenticate apps.

Apple's response

Lulu Firewall For Mac

Apple has since responded to the critique by outlining exactly what the Gatekeeper security feature does.

Firewall
Gatekeeper performs online checks to verify if an app contains known malware and whether the developer’s signing certificate is revoked. We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices. - Apple

They also state that since the critique, they have stopped logging Apple ID, IP addresses, or the identity of each device, and they've also stopped logging IP addresses associated with ID checks done by Gatekeeper, and will ensure that any IP addresses collected in the past will be removed from their logs.

They've also committed to make some improvements over the next year by introducing several changes to their security checks:

Lulu Firewall Mac Os Big Sur

  • A new encrypted protocol for Developer ID certificate revocation checks
  • Strong protections against server failure
  • A new preference for users to opt out of these security protections

Lulu Firewall Macos

While it is not possible to opt-out of these security checks at the moment, it is nonetheless good that Apple is transparent about the issue and is working to resolve the issue by allowing users to opt-out.