Hello, this seems to be a fundamental flaw in Open Snitch: block/allow actions in the pop-up window apply globally, to the whole operating system not to one specific application.
When some application makes a new connection to some IP address a pop-up window appears asking user to allow or deny access to that IP, and allowing or blocking that access applies to the whole operating system and all its applications, not to that one particular application who initially requested that access.
If some unwanted application wants to resolve a new hostname via for example "8.8.8.8" and I block that network request for 30 seconds, this results in DNS queries completely blocked for the whole operating system for the next 30 seconds because all other applications could not connect to "8.8.8.8".
If some "good" application wants to connect to for example "1.2.3.4" and I allow that network request for e.g. 1 hour then every other application, even unwanted ones, will be able to connect to 1.2.3.4 address for the next hour.
Example: I open Github in Firefox and click "allow" on Open Snitch pop-up:
And then within the next 30 seconds every other application will be able to open "gist.github.com" hostname without any prompts from Open Snitch:
Reverse example: a "malicious" application wants to open "gist.github.com" and I block that network request:
Within next 30 seconds even legitimate applications like Firefox will not be able to open Github because the "reject" action was applied globally, not only to curl:
I suggest to add a mandatory enabled by default option like "From this PID only" to the pop-up window so every action will apply to one particular application who requested that network access.
Currently the pop-up window allows only a single choice: "From this PID" OR "to that IP/subnet", but it should be 2 prerequisites: both "From this PID" AND "to that IP address"
Hello, this seems to be a fundamental flaw in Open Snitch: block/allow actions in the pop-up window apply globally, to the whole operating system not to one specific application.
When some application makes a new connection to some IP address a pop-up window appears asking user to allow or deny access to that IP, and allowing or blocking that access applies to the whole operating system and all its applications, not to that one particular application who initially requested that access.
If some unwanted application wants to resolve a new hostname via for example "8.8.8.8" and I block that network request for 30 seconds, this results in DNS queries completely blocked for the whole operating system for the next 30 seconds because all other applications could not connect to "8.8.8.8".
If some "good" application wants to connect to for example "1.2.3.4" and I allow that network request for e.g. 1 hour then every other application, even unwanted ones, will be able to connect to 1.2.3.4 address for the next hour.
Example: I open Github in Firefox and click "allow" on Open Snitch pop-up:
And then within the next 30 seconds every other application will be able to open "gist.github.com" hostname without any prompts from Open Snitch:
Reverse example: a "malicious" application wants to open "gist.github.com" and I block that network request:
Within next 30 seconds even legitimate applications like Firefox will not be able to open Github because the "reject" action was applied globally, not only to
curl:I suggest to add a mandatory enabled by default option like "From this PID only" to the pop-up window so every action will apply to one particular application who requested that network access.
Currently the pop-up window allows only a single choice: "From this PID" OR "to that IP/subnet", but it should be 2 prerequisites: both "From this PID" AND "to that IP address"