LuLu 2.6.3
Open-source firewall to block unknown outgoing connections
| Category: | Utilities |
| Price: | Free |
| Popularity: | High |
| Version String: | 2.6.3 |
| Release Date: | 2024-03-06 |
| Architecture: | Intel & AppleSilicon(ARM) |
| Minimum OS: | macOS 10.15 |
| Vendor Name: | Objective-See, LLC |
| Homepage: | objective-see.org |
Install App via MacUpdater:
This link works only when MacUpdater is installed on your Mac
Download from the Mac App Store:
Version History 2.6.3
You can find release notes for this version here: [github.com]
Description:
In today's connected world, it is rare to find an application or piece of malware that doesn't talk to a remote server. Let's control this!
LuLu is the free, open-source macOS firewall that aims to block unknown outgoing connections, unless explicitly approved by the user.
Note, as with any security tool, direct or proactive attempts to specifically bypass LuLu's protections will likely succeed. By design, LuLu (currently) implements only limited 'self-defense' mechanisms. If you're interested in this topic, I'll be giving a talk, 'Fire & Ice: Making and Breaking MacOS Firewalls' at VirusBulletin 2018!
LuLu is the free, shared-source firewall for macOS. It's goal is simple; block any unknown outgoing connections, until approved by the user. While it was designed to generically detect malware by flagging unauthorized networking connections, LuLu can also be used to block OS components or 3rd-party applications from transmitting information to remote servers.
What's to like about LuLu? Lots!
100% free
As in no ads, no time trials, no missing features. Because why not!?
And no, it doesn't track, monitor, or spy on you - as that'd just be pure evil!
shared source
The full source code for LuLu is available on GitHub. Such transparency allows anybody to audit its code, or understand exactly what is going on.
protects
LuLu aims to alert you whenever an unauthorized network connection is attempted. As such, it can generically detect malware, or be used to block legitimate applications that may be transmitting private data to remote servers.
simple
'Do one thing, do it well!' LuLu is designed as simply as possible. Sure this means complex features may not be available, but it also means it's easier to use and has a smaller attack surface!
enterprise friendly
Want to know what network events are being detected? Or rules your users have added? LuLu provides simple mechanisms to subscribe to such events, and stores data such as rules in an open, easily digestible manner.
Note, as with any security tool, direct or proactive attempts to specifically bypass LuLu's protections will likely succeed. By design, LuLu (currently) implements only limited 'self-defense' mechanisms. If you're interested in this topic, I'll be giving a talk, 'Fire & Ice: Making and Breaking MacOS Firewalls' at VirusBulletin 2018!
LuLu is the free, shared-source firewall for macOS. It's goal is simple; block any unknown outgoing connections, until approved by the user. While it was designed to generically detect malware by flagging unauthorized networking connections, LuLu can also be used to block OS components or 3rd-party applications from transmitting information to remote servers.
What's to like about LuLu? Lots!
100% free
As in no ads, no time trials, no missing features. Because why not!?
And no, it doesn't track, monitor, or spy on you - as that'd just be pure evil!
shared source
The full source code for LuLu is available on GitHub. Such transparency allows anybody to audit its code, or understand exactly what is going on.
protects
LuLu aims to alert you whenever an unauthorized network connection is attempted. As such, it can generically detect malware, or be used to block legitimate applications that may be transmitting private data to remote servers.
simple
'Do one thing, do it well!' LuLu is designed as simply as possible. Sure this means complex features may not be available, but it also means it's easier to use and has a smaller attack surface!
enterprise friendly
Want to know what network events are being detected? Or rules your users have added? LuLu provides simple mechanisms to subscribe to such events, and stores data such as rules in an open, easily digestible manner.
Want to support LuLu? ...you can via my patreon page! Mahalo ♡
It's also important to understand LuLu's limitations! Some of these will be addressed as the software matures, while others are design decisions (mostly with the goal of keeping things simple).
Network Monitoring
By design, LuLu only monitors for outgoing network connections. Apple's built in firewall does a great job blocking unauthorized incoming connections.
Rules
Currently, LuLu only supports rules at the 'process level', meaning a process (or application) is either allowed to connect to the network or not. As is the case with other firewalls, this also means that if a legitimate (allowed) process is abused by malicious code to perform network actions, this will be allowed.
Single User
For now, LuLu can only be installed for a single user. Future versions will likely allow it to be installed by multiple users on the same system.
Self-Defense
Legitimate attackers/security professionals know that any security tool can be trivially bypassed if specifically targeted - even if the tool employs advanced self-defense mechanisms. Such self-defense mechanisms are often complex to implement and in the end, almost always futile. As such, by design LuLu (currently) implements few self-defense mechanisms. For example, an attacker could enumerate all running processes to find the LuLu component responsible for displaying alerts and terminate it (via a sigkill).
