Little Snitch vs. Hands Off: Which Monitoring Utility is Better?

We live in a world where protecting our privacy isn’t just a matter of principle. Letting your personal information get exposed can harm you financially if your credit card information is obtained, and your credit rating can be damaged if someone steals your identity. Your emails and chat messages can contain sensitive information that you want to ensure only go to their intended recipients.

Our computers hold abundant amounts of personal data that most of us would rather not let get into the wrong hands. You might be surprised to see just how many applications are constantly sending data out of your computer, and it is important to be sure that all that stuff is going to places you trust. Fortunately, there are apps that help us monitor what our computers are sending out, and allow us to selectively block transmissions. Here we are going to look at two excellent apps called Little Snitch and Hands Off that aim to do just that.

What Exactly Do These Apps Do?

Every app that you use on your Mac that sends or receives something, from your email client to your RSS reader, sends certain pieces of data to a server out in the vast ocean of the internet. Most of these apps are ones you can trust, but certain apps may be more suspicious.

You can think of Little Snitch and Hands Off as your spies. Once you tell them who is allowed to communicate with whom, they monitor your outgoing connections and only allow those with the proper permission to actually transmit any data.

User Interface

Little Snitch and Hands Off approach their task in much the same way. Once you launch them, both begin to immediately watch for any app attempting to access data from a remote server. The first time an app does, you will get a dialogue box letting you know who was just caught.

You also get some basic information about what server is requesting the data. Hands Off seems to do a better job of communicating what is going on. For example, it told me that iChat was trying to communicate with “” which is obviously a place I trust. Little Snitch, on the other hand, only said that it was trying to connect with “ on UDP port 16384.” I would prefer to know what that address actually is.

Hands Off gave me very specific information about what iChat wanted to do.

Little Snitch gives you similar options, but with slightly less helpful information.

The two apps then make it very easy to choose what you want to do after being alerted. Both ask you to select whether you want your decision to be permanent, to last only until you quit the app, or just this one instance. Hands Off also adds another option, which lets your decision last until you reboot your computer. Next, both apps give your four options. Little Snitch lets you decide to:

  • Grant the app in question to freely access any connection
  • Grant it access only to the specific port it is requesting
  • Grant it access only to the specific address it is requesting
  • Grant it access to both the address and port it is requesting

Hands Off also has four options, but they are slightly different:

  • Grant access to any domain’s resolving
  • Grant access to any domain’s resolving and outgoing connections
  • Grant access only to the domain in question
  • Grant access to the domain in question and allow outgoing connections

As you can imagine, it can be tedious getting popups at first as the apps have to go one by one through whatever you are opening or might have requesting access in the background. Both apps save all these decisions you make into a menu that is accessible from your menubar. You can see all the apps that have been given permission, and can sort by specific variables.

The menus of these two apps look very similar, but Hands Off (seen here) is slightly more streamlined.

Honestly, it’s shocking just how similar the interface on the menu screen is. Both apps refer to your permissions as “rules,” both allow you to search from the top of the window, both even employ similar graphical themes.

Little Snitch (above) has much of the same functionality as Hands Off, but can be a bit more cluttered.

Winner: Hands Off

Both of these options approach the alert system in a very similar way. I think Little Snitch does the presentation in a slightly more attractive way, but Hands Off breaks down the relevant information for you in a more user-friendly way. Overall, I found the interface of Hands Off to be slightly superior to Little Snatch.

Functionality and Performance

I did a series of tests by opening Little Snitch and Hands Off separately, and then opening several different apps on my computer to see if they both alerted me to the same things. Both performed exactly the same, (and Hands Off was particularly vigilant, even asking me if Hands Off itself had my permission to transmit and receive data). Neither one slowed down my system at all, and a check of the Mac’s built in Activity Monitor showed that both used a very small amount of RAM and processing power.

Hands Off (above) and Little Snitch both run in the background, so you won't need to keep them open.

You don’t just have to wait until you open an app for the first time to set up a rule. Both Little Snitch and Hands Off allow you to manually set up new rules. After choosing the app you want to limit, you can select a specific hostname, IP address, port, and many other options. Hands Off gives you a few more options on this menu than Little Snitch, as shown in these screenshots:

Hands Off gives you a bit more flexibility when creating a new rule.

Little Snitch's new rule input menu is similar, but slightly more limited.

Hands Off does manage to separate itself from its competitor in one important way: it doesn’t just monitor outgoing transmissions, but actually gives you the power to block incoming data as well. Both of these apps are primarily billed as ways to protect your privacy, but the ability to block incoming connections is a valuable weapon to combat threats such as viruses, trojan horses, keystroke loggers and other harmful programs.

If you are worried about someone coming and changing your rules, Little Snitch will let you lock your settings. Such a tool is probably for the most paranoid of users. It is unlikely that the developers saw this as a way for parents to block access of certain apps, since Mac OS X already has this function built in.

A nice addition that both apps have is a pop-out network monitor that shows real-time network activity. The Little Snitch window can appear whenever you mouse over the menubar icon, whereas the Hands Off window requires either a manual selection from the icon’s drop-down menu, or a keyboard shortcut. The menubar icons themselves also give a limited view of network activity.

Little Snitch (left) and Hands Off (right) both have network monitors that can you can open to show real-time information about what apps are actively transmitting data.

These apps are both designed to be background enforcers, and after taking the time to define permissions for your apps, they generally do stay out of the way. Perhaps the most important part of any app like this that has so much control over your system is the off button. Both allow you to either disable all your rules, or just turn them off temporarily. Hands Off gives you that power right from the menubar and via keyboard hotkeys, whereas Little Snitch makes you navigate into the preferences pane.

The preference pane on Little Snitch is where you'll find the disable button. Hands Off has this option accessible from the menubar.

Lastly, one very minor complaint I had with Little Snitch is that it makes you restart your computer after installation. Hands Off starts doing its job immediately.

Winner: Hands Off

The interfaces of these apps were designed in almost identical ways, but the functionality is where some more pronounced differences start to show. I was much more pleased with the way that Hands Off takes their protection a step further by preventing incoming access if needed, and found navigating to certain things like the enable/disable button to be much more user-friendly.


Both of these apps have free and paid versions. The free versions have full functionality, but will automatically shut off after a few hours. Utility apps like these are most effective when they are always running, so I would recommend shelling out for the paid version if you are truly interested in monitoring your apps.

The full version of Hands Off is $25, and the full version of Little Snitch is $30.

Who Wins?

Make no mistake, these are very similar apps that do just about the exact same thing. Neither does anything radically different than the other, so the differences are very subtle.

I think Hands Off is slightly more user-friendly considering the easier navigation for certain tasks, such as disabling the rules right from the menubar. What makes Hands Off the winner for me is the ability to block incoming as well as outgoing connections. Since the two apps are indistinguishable in so many ways, this added functionality pushes it over the top.

For most competing apps, a five dollar price difference isn’t large enough to be much of a factor. However, I think in a case like this where the competitors have such similar products, it should play a part, and my preferred app, Hands Off, is the cheaper one.

Do You Really Need Either?

A natural question to ask about these programs is whether or not you need one. That, of course, is a subjective question. If you are someone who is very concerned about your privacy and are the type of person who doesn’t like sending user data to companies, then these apps are perfect for you. If you are someone who doesn’t just download your apps from the Mac App Store and instead like to download from slightly less reputable places where apps aren’t screened, Little Snitch and Hands Off will definitely benefit you. However, if you are someone that only owns a few apps, all of which come from developers you trust, or you aren’t overly concerned about your personal data being sent to strangers, these apps may be overkill.

Perhaps what could persuade me to use apps like this would be a developer or community driven blacklist that these apps could download and update periodically. If many users have identified a certain app that has proven itself to be untrustworthy, other users could have access to that information for themselves.

What Do You Think?

Now that I’ve shown you what my experience was using these apps was like, we’d love to hear what you think. Is there some particular feature in one of these that makes it the winner for you?


Add Yours
  • I think Hands Off! is the clear winner because of one feature LittleSnitch has not: control over file writing permissions. It’s nice if you test a random app from the net and can prevent it from littering your AppSupport folder. That was the clear winning factor for me.

  • To be fair, Little Snitch does domain resolving. It may not be the default option at install, but it’s clearly marked in the preferences.

  • I wish Hands Off let you group the rules into folders by application (i.e. let you collapse all but the app you’re interested in), as the list can get very long and cluttered; often a single application will collect many kinds of rules.

    I wish Hands Off let you use wildcards to define rules — at least the basic * (asterisk) functionality.

    I wish the inheritance (how the multiple rules for a single application relate to each other) was clearer.

    I doubt if Little Snitch has these features either, so these wishlist items probably aren’t a factor in choosing between them.

  • Hands Off! Just does more, therefore it’s the superior product.

    There is one feature that Little Snitch has, though, that for Chrome users is pretty darn nice: proper handling of ksurl. ksurl is part of Google’s updater, and I believe the process generates itself afresh every… I don’t know, but quite often. This means that you cannot allow/deny it permanently, as every time it will be a new process. Quite annoying!

    I asked the devs to do something about this twice via Twitter but received no response.

  • I began with HandsOff! But After Lion was released it started constantly locking up my iMac and MBP almost every other boot and causing regular kernel panics.

    It literally took weeks to of reinstalling OS X, reinstalling one app at a time & testing stability for a few days then reintroducing other software and wondering if it was a software or hardware issue on two 2011 machines until I finally figured out it was HandsOff! causing the problem.

    Since switched to LittleSnitch and have had absolutely no stability problems, lockups or kernel panics whatsoever. So LS gets my vote.

    • You’re in a league of your own

  • You trust Google ?
    Oh !

    • Indeed. To me, Google abandoned their “Do no evil” pledge years ago and now is one of the very worst privacy offenders on the net.

  • When you have many applications on your Mac you can see a big speed difference when opening the Rules window. Here LittleSnitch is the big winner!

  • I’m surprised Hands Off didn’t rip Little Snitch’s icon too.

    • +1

  • I use TCPBlock since a while and I’m happy with this free alternativ.


    • Hear, hear!

  • I use Intego’s solutions ( ) Are there any comparisons?

  • One other factor to consider. Little Snitch has been around for a long, long time. They’ve proven over the years that they’re here to stay and update frequently for compatibility with OS updates, etc.

  • Sigh… another misguided review with a lack of understanding. On won’t go over all that was missed, because others have already begun to do so. Let’s just same the first three paragraphs were (and weren’t) enough to prepare me for the the rest.

    If you’re going to attempt even misguided uses of metaphor and simile, then at least get it right! These programs are not the spies but the spy catchers. The spies are the programs trying to illicitly share information in an out of the system.

    “…only said that it was trying to connect with “ on UDP port 16384.” I would prefer to know what that address actually is.” That is the “address”; What you wanted was the domain name. Get your terminology right as well.

    I won’t go on with the problems in this review. The list just gets too long once we we reach the ignorant bias part and the lack of awareness for the features overlooked in both programs.

    • I apologize for accidentally mixing up address and domain in the review, and for using an unacceptable metaphor for you. But I would greatly appreciate knowing what specifically I missed in the review for the sake of accuracy and being fair to the developers.

      • He’s being a little picky but you should mention that Little Snitch was around a long time before Hands Off. And as you described they look identical – which means Hands Off ripped off Little Snitch. That means something to me. I hate thieves!

        Plus the biggest feature which caused me to dump Hands Off after a month or so and go back to Little Snitch – that’s the domain name resolution. That’s a big deal.

  • I’m using Little Snitch and I’m happy!

  • Hands Off! my Little Snatch! Typo in the conclusion of the “User Interface” portion :)

  • Little Snitch is the clear winner here. And this review is the clear loser.
    Hands Off looking a little newer and offering more eye candy on the UI does not level up against the incredible stability and reliability of Little Snitch. This tool is supposed to stay in the back-ground and do a good job! It’s not a photo editing tool…
    And, many have mentioned it: Hands Off is such a Rip Off. It’s awful. How could the reviewer miss that.
    I’ve been using LS for a long time, tried HO for a split second and turned back to LS immediately.

  • To all the ignorant comments like “I hate thieves” etc. about Hands Off “ripping off” Little Snitch —

    I don’t think you’re thinking this through. Most software isn’t groundbreaking, and looks very similar to other software that came first. That’s just how things work. Would you like there to still be only one Web browser usable by the general public, as there was back in 1993, since all the other browsers since then really aren’t very different from each other and mostly just copied the first ones?

    In other words, do you really want to live in a world without software competition? Competition makes things better for all of us (except, maybe, would-be monopolists). Most competition isn’t by new things that are radically different from what came before; most useful competition is by minor iterations on a standard, making adjustments in small ways that eventually add up.

  • Just wanted to mention that I don’t know whose picture that is appearing next to my posts, but it sure isn’t me, and I don’t want that guy to get blamed for what I say.

    Maybe the pic is attached to the bogus email address I used, “[email protected]”. If so that guy must get blamed for an awful lot of stuff!

  • Should be noted that Hands Off! currently offers no option to hide the dock icon. Taking an extra spaces on both the dock and menubar.

    Whilst LittleSnitch sits quietly in the menubar. I for one prefer this behaviour. I’ll Email Hands Off! devs and see if there’s a future plan to hide the Dock icon.

    • I spoke too soon! Turns out that I mistaken Hands Off!’s configuration app as something that’s got to be running in the dock at all times.

      My apologies. Ignore my previous statement.

      Both apps behave in a similar matter!

    • Just wanna update, I ended up purchasing Hands Off!

      After using it for both apps little over three days (on different machines, of course) I found Hands Off! to suit me better.

      I’m not saying LittleSnitch is a lesser quality app. Both apps are probably at the same calibre; from developers that are equally competent. Both offer great support, too!

      A few points that also came into consideration:
      1) ObjDev (LittleSnitch devs) offer nightly builds for all of their apps. So, very likely that issues will get fixed almost immediately
      2) One of the primary reasons I ended up with Hands Off! is the value; they offer better pricing (got the family license), on a product that are very very similar, to a point almost identical.

      Also, I don’t think one dev ripped the other out. As previously pointed out by other commenters; it’s true that you can only do “so much” when it comes to GUI and functionality of apps that do a particular thing. I mean, how different do you want a firewall app to look like? I’m sure they might’ve taken pointers; but I wouldn’t call it as far as “ripping off”.

      I much prefer a native looking app, rather than apps that are crazily styled with weird graphics (read: most antivirus apps, Roxio’s Toast, and a few others).

  • I’n using little snitch … It’s a great simple firewall.

  • Please forgive the newb question but… what’s wrong with OS X’s firewall? Why would anyone wish to buy a 3rd party firewall?

    • Not sure but I think OS X’s firewall is (like most system-level firewalls) just to block incoming bad stuff. Application-level firewalls like Little Snitch and Hands Off block outgoing stuff, like applications phoning home, sending your data out to their servers without your knowing it, etc.

  • Very helpful info, thanks a lot. I’m getting Hands Off.

  • Just want to say that I’ve been using Hands Off! for 2 years now. I really do love it.

    The only thing I hate about it, is the way it handles KSURL. I’ve seen multiple post on this issue and it never gets resolved.

  • Thanks for the review. I’ve been using Little Snitch for a few years and I’m happy with it, but I came across Hands Off and I’m going to try it. The blocking of incoming connections of certain servers piqued my interest. I’ve used Chrome and found it irritating that it would update without my knowledge. Sometimes I wonder how much data mining Google and Apple is doing under the guise of user satisfaction.

    I also found it amusing that people get so upset by a review when they obviously have made their mind up already. Are they checking comparative reviews to see if they made the right choice? Then belittling the author when he thinks they haven’t?

    Also, apps tend to look alike because there is something called a software development kit (SDK) that developers use to write software. All developers use it. Thats why all the little windows on your desktop arent different colors, sizes, and so on. When developers deviate from using the SDK, mac-users get all upset and start criticizing the app, saying its not “mac-like.”

    Oy! People are annoying.

    Anyway thanks again for the review!

  • I was a loyal Little Snitch user for several years, but a little more than a year ago I began to suspect that it was missing a lot of callouts. So when TCPBlock came out, I tried it. I was astonished to learn how very many callouts Little Snitch really did miss, and it wasn’t a problem with my rules because I worked with Objective Development customer service for months to determine just that or whether Little Snitch itself was to blame. There were 33 different callouts getting through LS that did not get through TCPB, and only 2 of those could be blamed on poorly set up rules on my part.

    TCPBlock, which runs as a system preference (and it’s free), is by far the most robust app when compared to LS and HO because it catches EVERYTHING. But TCPB takes A LOT more work than the others, you sort of need to have it open all the time until you’re absolutely certain that it’s set up to cover every possibility (which will never happen if you like to test new apps frequently, as I do) — which makes it difficult to use other system preferences, and worst of all, you have to reauthorize it ever goddamned 5 minutes to make any changes! It’s also not as configurable (or fine grained) as LS or HO. So, now I’m testing HO against TCPB to see whether it lets through as much as LS. If not, I’ll chuck my loyalty to LS and buy HO (and turn off TCPB!). I’ll let you know how it turns out.

    • Waiting for your result….

    • any updates?

  • I’m a long-time user of LS and been very impressed by its reliability. I got HO as part of a MacUpdate app package and thought I might as well try it. My first impression was, “Hey, they ripped off Little Snitch!” There do seem to be some underlying differences, though. LS seems to install itself deeper in the OS – if you turn on verbose logging, you can see LS firing up quite early in the boot process. Perhaps because of this difference there are connection attempts that LS catches and HO misses, and vice versa. Paranoids might want to have both installed, since they work OK together (though of course you’ll get twice as many popups to deal with).

    The ksurl thing is my main bugbear with HO. I may even delete it for that reason. My only gripe with LS has been that it doesn’t have an inbuilt system for installing updates (or even notifying you of them).

    • I just found AppFresh and this solves the problem for LS and all other similar apps. =)

  • My reason for buying Hands Off even though I was a Little Snitch user was that Little Snitch would not simply let me tell it to allow DropBox to connect to its servers. The reason for this is that DropBox has many many different URLs to connect to its servers, all on the same domain. But there was no way to tell LS “let through any traffic from DropBox to any URL ending in ‘'”. I had requested that feature to the developer to no avail. (all this in the past tense as this may have changed since).

    I purchased Hands Off because of it support for subdomains.

    Now Hands Off is even better, with full wildcards.

    I am a happy hands off user.

    • You can block or allow an application’s connections to:
      1.) “Any server”
      2.) a domain… E.g.,
      3.) Hostname
      4.) IP Address
      5.) through 9.) Local/Broadcast/Multicast inc IPv6

  • I am a long time user of LS. Currently testing Hands Off.
    In Hands Off I can’t find a setting to automatically answer the dialog with a deny or allow after a timeout period. LS can do that. Am I missing something or doesn’t HO have this feature?

  • To me Little Snitch is the winner, ok it’s not as pretty as Hands Off but it gets the job done and doesn’t get all flash about it.

    Plus they’re usually pretty swift at staying up to date with things, they’ve got a Mountain Lion build in the works.

  • Very useful article, thank you! Maybe this is something that changed since the comparison was written, but HandsOff now costs $50 while Little Snitch is still $30 for single user licence and $60 for 5-computer family license (and some other bulk licenses). HandsOff does not seem to have any bulk options at all. To me that makes it a clear winner today.

  • How do you know what’s a good or bad incoming connection, I’m a complete n00b when it comes to networking even though I’ve been online for a decade and I’m the household IT tech as it were. All I’m really getting told is what Apps like browsers and Multi-chat clients are doing. Are these things for when on the off chance a random person hacks in via your terminal or something?

  • Hands Off is $49.99. No way in Hell am I paying that for this app. Totally out of line.

  • I have used both and my favorite ist HANDS OFF. Just about any Programm, App, Tool, etc… these days will try to send or receive data to and from a server which the user is not aware nor be informed of. I would strongly recommend to use on of these Programms and trust no one out in the great internet ocean !.

  • Litle Snitch is the best alternative. use both for [not so legal] tasks and you will know what I mean. Hands Off is good just for “Nice People” but apps like this aren’t made for nice tasks or paranoid users. this apps exist for just one reason. yep. that one.

  • I’ve been using Little Snitch for a few years now, and I have a list of gripes:

    * It doesn’t handle wildcards, 2 big problems because of this:
    1) Several domains use hundreds of servers to load balance, especially video sites, so you end up having to allow then… it really can feel never ending.
    2) More and more services are moving stuff to “the cloud” to host, which means they push their assets (images, video, data etc) to a service like Amazon AWS that then gives them generated urls. Just try vising Amazon’s own homepage, and it will use a new domain on every subsequent page you vist.

    * It uses a plist as the database. This means that as it fills up it gets *very* slow. Slow to write to (especially “forever” rules), and slow to access, as the GUI will load the whole file into memory. It also means the search is incredibly slow too, as it’s searching a huge XML file.

    * The rules that pop up are pop ups. Think about this – do you really want to be *interrupted* every time a server is accessed? No, I’d prefer to be informed, and then I could switch over and make the choice. An example of why this is bad – I may be running Mail while running Safari. If I switch to Safari and start browsing, maybe I come to a sight like this and start writing a comment. Mail, meanwhile, starts pulling down some mails that call to servers for images. While I’m typing, Little Snitch pops up and interrupts. I’m no longer typing into the text box, but accessing LS. Sometimes it means I set a rule without seeing what it is. Usually it means I have to set the rule, what for LS to write it, then get back to my writing. Imagine how many times this could happen (then triple it). It’s VERY annoying.

    So, in summary, it’s slow, it’s irritating, it lacks features. But, when you see how many apps and web pages and emails want to connect to places, and you see where they want to connect to, you realise there’s no way you’ll want to let that happen.

    Unfortunately, that means I’m stuck with LS. Hands off doesn’t look much better, as the pop up thing and the plist thing are still there. If I find a decent competitor then I’ll be off like a shot, but I won’t stop using it. I consider it the Microsoft Office 2003 of the monitoring world ;-)

    • To handle your wildcard needs, LS can block by domain. Edit the rule and for the Server: field, change it to “domain.”

      I have 196 rules in LS. I don’t notice any slowness at all.

      • Firstly, I have 8175 rules. If they’d used some kind of database, Berkley, Sqlite etc etc it would be able to handle 1000’s of rules and still be faster than your plist with 196 rules (I could add more than that in one sitting at the computer!)

        Secondly, tell me how I’d view a youtube video? Youtube will make calls to: ports

        most of these to ports 80 and 443. I’d be most interested to hear how I set up a rule that allows the r2— and r12— but blocks something like at the same time.

  • The price is now the important factor. Little snitch is much cheaper now which makes it no brainer.

  • Macworld has published a review of the updated LittleSnitch 3. One new feature is that LittleSnitch now allows blocking of incoming connections.

    LittleSnitch is now $34.95/$69 for single-user/family licenses. HandsOff! apparently only offers single user licenses for $50.

    Macworld published a review of LittleSnitch 3 on 11/27/12:

    I’d like to suggest that MacAppStorm consider updating this review so we would have an up-to-date comparison of the two apps. That would be a lot more helpful than Macworld’s review…

    • Update: HandsOff! replied to my license query and informed me that HandsOff! can be installed for up to three users with a single user license.

  • We have used both Little Snitch and Hands Off!, switched over to Hands Off! 30 April 2012 for the domain based blocking service. Now 9 months, 317 Apps and 4920 rules later the HandsOffDaemon is consuming 641,9MB out of 4GB of physical memory and mDNSResponder is crashing 4 till 6 times a day on the plug in /Library/Handsoff/dns_preload.dylib.

  • I’ve been using Little Snitch since it first came out about thirteen years ago, and hard absolutely no problems with it. I like that the Little Snitch team is always working on issuing new updates (often for free, unless it’s a major version update).

    The Little Snitch GUI just seems easier to use, and the Little Snitch support is excellent …. often getting back to me by email the next day.

    I just upgraded to a new 2013 iMac and the first app that got installed was Little Snitch. As of March 2013, the Little Snitch team has released version 3.x updates since this article was written …. and the new version 3.x is better than ever.

    Keep up the excellent work Little Snitch team !