Maybe MacUpdate should start with your childish rant

How can you not expect comparisons of Little Snitch and Net Barrier, they both do the same thing but differently??

If you don't want to see any such comparisons try poking out your eyes until you go blind.

LOL

WTH is this clown even babbling about. I agree. Start by deleting the clown's post which makes no sense!

Dumb kids that don't know how to use a spell checker or string a coherent sentence together should be banned from MacUpdate.

@ JAKE THE SNAKE - Time to get your facts straight. Little Snitch and Netbarrier are pretty much completely opposite in what they do. The first warns of and optionally stops stuff leaving your computer (from the dev: "As soon as you're connected to the Internet, applications can potentially send whatever information they want to wherever they want."). The other warns and optionally stops stuff entering your computer (from the dev: "Intego NetBarrier X5 ... offers thorough protection against intrusions coming across the Internet or a local network.")

@ MACTECHHEAD - Could you please be a little less superior in your comments? Not everyone lives in an English-speaking country and we don't all have a perfect command of the English language. Oh, and spell checkers don't work on grammar or sentence construction. Btw, swearing is generally thought to show a lack of creativity and respect.

Actually, you can configure NetBarrier to alert you of outgoing connections initiated by apps on your Mac, similar to LittleSnitch...

NetBarrier can only block outgoing connections by port. Little Snitch allows host and IP based filtering, to support misbehaving applications that genuinely need network access.

It has uninstaller right in the disk image you downloaded. You should run it to remove netbarrier, it is not a trivial application which you can uninstall with moving files to trash. kernel extensions etc. included too.

If you run the uninstaller, it will remove the files in right way.

NetBarrier X3 v10.3.7

NetBarrier provides basic protection in 'Client only' mode; but I learned the hard way that the latter setting cannot prevent IGMP packets from accessing certain ports — one apparently being
47807, which is used by iCalendar for network access.

It was also used by some bad guys recently to install a trojan in my G5. I know this because I ran a port scan on 127.0.0.1 using the OS X Network Utility, and 47807 came up open.

After finally wising up as to how they were getting to me, I formatted the drive and then began writing rulesets in NetBarrier's 'Customized' view. Now the unauthorized penetrations have stopped.

Advising others of rulesets which may or may not be appropriate for their specific situation is risky business; yet for people like me who use dialup and are not affiliated with any network — i.e., just plain 'ol home users — there are a couple of hard and fast rules that'll save your bacon.

They are:

1. [TCP In] (Connected Services) (Block: Port Range 1~ 65535) (Try to write 0 ~ 65535. . . see if NB will accept it. Hackers are commonly soliciting Port 0; although so far NB has blocked all Port zero attacks to my machine while set to block port range 1 ~ 65535).

2. [IGMP In] (Any type) —————————— (Block)

3. [ICMP In] (Any type) —————————— (Block)

4. [UDP In] (mDNS-Multicast/SLP ———— (Allow: mDNS P: 5353; SLP P: 427) (Using 2-part rule)

5&6. [NTP In/Out] (From Add ruleset) (Allow P:123)

Note: I believe NTP (Network Time Protocol) may be exploitable. So it's a good idea to define the parameters for that protocol in a hard and fast rule, designating Port 123, which is the standard NTP port. That will prevent spoofing of NTP through other ports to "reset your clock, haha."

7&8. [DNS In/Out] (From Add ruleset) (Allow P:53)

9. [All Remaining Protocols] (UDP In) (Block: Port range 1 ~ 65535)

Now they can't use IGMP to hack my apps. . . nor are they able to use ICMP to map an attack.

Most inbound hits these days are UDP-based, directed to P: 1026 or 1027. Are you logging UDP hits to those ports? YOU SHOULD BE! Rule # 9 stops 'em in their tracks.

You should also determine the addresses of YOUR primary and secondary DNS servers from the ISP and enter them into your network folder under the TCP/IP tab (OS X). Allowing your computer to resolve addresses by the 'seat of the pants' method — searching for the best DNS, may be hazardous.

Do you completely trust every domain server on the spine?

NetBarrier is a good quality product that unfortunately is in the hands of some very greedy people. It's the same old story.

That's why I stopped eating french fries.

Guess some things just never change. . .