Summary
- Free Mac app LuLu allows you to control which apps can access the internet, adding an extra layer of security.
- LuLu’s open-source approach provides a transparent approach to app security, and it even plays nicely with Apple’s built-in firewall.
- You can easily create your own rules, modify existing rules, and use LuLu’s built-in network monitor to see which apps are communicating with the broader internet.
You should implicitly trust any app that you install on your Mac, but that doesn’t mean that you need to give up all control. Being able to decide which apps get access to the internet is not something that Apple has built into macOS.
Here’s a free and open-source app that you can use to decide which apps can “phone home” and which can’t.
LuLu Gives You Control Over Outgoing Connections
LuLu is a software firewall from Objective-See, a non-profit foundation that specializes in free and open-source security tools and documentation for macOS. You might have encountered some of their apps before, including OverSight for detecting apps that try to use webcams undetected and KnockKnock which looks for persistently-installed malware.
By installing a network filter and system extension, LuLu is able to act as a gatekeeper between the apps that you use and the wider internet. It does this specifically for outgoing connections, so it only affects apps that are trying to send information to the wider internet (it has no effect on incoming connections).
Related
Your Favorite Open-Source Project Might Be in Trouble
A lab that provides infrastructure for hundreds of projects is “no longer sustainable.”
Installing a tool like LuLu can prevent apps from “calling home” and talking to remote servers. While many apps rely on this sort of functionality to work, not all of them need it. This sort of control is especially useful in the event that you manage to install an app that poses a threat to your Mac. With LuLu, you can stop the app in its tracks before it starts talking to remote servers.
LuLu is an open-source app, which means that the source code is available on GitHub for all to see. This transparent approach to software development is the gold standard from a security standpoint. Anyone can download the app, thumb through the code, and see exactly what is going on. This adds an element of trust that is lacking in closed-source apps.
Related
What Is Open Source Software, and Why Does It Matter?
Geeks often describe programs as being “open source” or “free software.
The app is the perfect accompaniment to Apple’s built-in macOS firewall, found under System Settings > Network > Firewall, since Apple’s solution focuses solely on incoming connections. They don’t interfere with one another, they’re complementary.
Setting Up LuLu
You can download LuLu from the project homepage and install it as you would any other app: by mounting the DMG file and then dragging the “LuLu” app icon to the Applications folder. You can also install LuLu via the macOS package manager Homebrew using the following command:
brew install lulu
The last time we checked, the Homebrew installer was a few minor updates behind the download on the official website. You can check this for yourself by running the following command and checking the version number:
When you first install LuLu, you’ll need to set the app up correctly so that it has permission to monitor outgoing connections. You’ll see a pop-up asking you to “Open System Settings” which you should do by clicking the button. From here you can toggle on “LuLu” in the window that appears.
If the window doesn’t appear (or you click the wrong thing) you can go to System Settings > General > Login Items and Extensions then scroll right down to the bottom of the page and click the “i” next to “Network Extensions” and toggle LuLu on.
You’ll need to approve the change with your fingerprint, admin password, or using your Apple Watch. Finally, click “Allow” to enable LuLu. You’ll now see a small pop-up window to quickly get you started.
Objective-See recommends leaving these settings at their default values. This means that Apple’s own apps (like Safari or Apple Notes) will all be granted permission, all of your existing applications will be allowed to reach the wider internet, and any requests that fall under the label of DNS traffic (intended to convert website addresses into IP addresses) will go through without a hitch.
If you decide to turn any of these off, especially existing apps, you’ll likely be flooded with a sea of alerts that you’ll have to manually approve. It’s easier to let everything through and rescind access later (which we’ll cover next).
Once installed, LuLu will live in your menu bar at the top of the screen. As part of the installation process, the app will add itself to your startup items so that you can always access it whenever you need it. Whenever a new process tries to access the internet, you’ll be presented with a pop-up like this one:
Block or allow the app, based on your understanding of what it does. If you’re not sure, use “Process lifetime” option to allow the app temporary (until the process is killed) or the “Valid until” box to set a time limit. If you mess up, changing the rules is easy.
Changing and Creating Your Own Rules
With LuLu installed, click on the LuLu icon in the menu bar at the top of the screen (it looks like a shield). Hover “Rules” and select “Show” to see a full list of rules. This will list every app that you’ve allowed or denied, including those that were allow-listed when you installed LuLu.
Double-click on an app to see the path that the app uses, or double-click on a rule to make changes. Change “Block” to “Allow” and vice versa to reverse a rule. You can also make changes to the remote address and ports that are affected. Note that the wildcard asterisk * is used to denote all domains or all ports.
Create your own rules using the “Add Rule” button in the bottom-right corner of the screen. Point to your app (or use the “Browse” button) and add an address or domain name to allow or block. This allows you to do neat things like blocking everything except a specific port or domain by creating two rules (and vice versa). Delete rules by right-clicking an app or an individual rule.
For a quick run-down of which apps are currently using the network, LuLu includes a network monitor called NetIQuette. You can access this by clicking on the menu bar icon followed by Network Monitor. By default, Apple processes are hidden from this list (you can enable them under the Settings menu) so that only third-party apps are visible.
This gives you a quick at-a-glance view of which apps are talking to remote servers (so you can hop back into LuLu if you decide you’d rather block them).
Another Solid Open-Source App
Mac users are lucky that they have a thriving open-source software scene to take advantage of. If you like LuLu, check out some of the best open-source Mac apps you should be using.
If you’ve got an iPhone, there are some solid open-source iPhone apps you can download too.
