In macOS 11 the Little Snitch firewall can only work to a limited extent for the time being. The network traffic of certain Apple apps and services remains invisible to the tool: the reason for this is a restriction in Apple’s network extension programming interface, which “surprisingly” whitelists a number of system services, as the developers announced. This allows pre-installed Apple software such as the App Store or the integrated software update to hide their network activities from third-party firewall apps.

Firewall no longer works at the kernel level You can no longer rely on the previous method of implementing your own firewall as a kernel extension in order to monitor all outgoing network traffic . Instead, macOS 11 requires the use of Apple’s Network Extension API with the corresponding restriction, writes the Little Snitch developer Objective Development in one FAQ entry for the new version 5 of the software, which is specially designed for macOS 10.

The Little Snitch developers are currently looking for an approach to make the network traffic of the services on Apple’s whitelist still visible with “other techniques”. Since the limitations have already attracted media attention, it is also hoped that Apple will remove them themselves with a system update in the future.

Kernel extensions from Apple discontinued Security researchers and other app providers have been warning of Apple’s exclusion list since October, which affects the network extensions NEFilterDataProvider and NEAppProxyProviders and which are already in macOS 10. 15 Catalina exists. In Catalina, however, network filters can still work at the kernel level and are therefore ultimately not affected by the restriction.

Apple’s kernel extensions have been in effect since 2019 as discontinued, macOS already warns against the use of the “outdated system extensions”. They are being replaced by system extensions that run in user space – this step is intended to make the operating system more secure. macOS 11 still supports kernel extensions from third-party manufacturers to a limited extent – but no longer loads them if an “equivalent” already exists as a system extension, see above as is also the case with the Little Snitch network filter. (lbe)