Little Snitch
 

There is a commercial application that claims to detect the sort of spyware you are worried about. It is called "Little Snitch": http://obdev.at/products/littlesnitch/
I haven't tried it myself but would be interested in reports about how well it works.

hayne, thanks for the link to little snitch, i tried the demo. it seems to work as advertised- notifies you of outgoing connections and allows you to add rules to block. it's a little opaque- does not doucment whether or not it is simply adding rules to ipfw or what. does anyone know?

it is very nice that it notifies user about outgoing communications, but it would be much better if it had a logging capability.

also, it's weird that in order to add a rule, you must also checkbox the option to never show the notification again--- sucks if you want to have a rule to allow, but also want to be notified next time again.

close but not quite there

ditto. what peaved said re: li'l Snitch - let's submit some feedback to the developer; it has a lot of potential.

it appears to be autonomous of ipfw. ipfw show doesn't reveal any new rules added.

A Little Peaved,

I know that NetBarrier has it's advocates, I like it for what it does but I completely switched to Firewalk X about 9 months ago. I would take some of the comments on VT with a pinch of salt, some of their comments smack of ignorance.

It is a very good firewall utility, shareware. It has all the necessary tools to limit and log incoming/outgoing connections, gives consistent alerts which are configurable, time dependent rules, blackholing etc. etc.
It installs a daemon and preference pane which I've had no trouble with and is completely independent of ipfw, if you wish you can actually have ipfw on as well and it works well with that. I don't do that anymore.
In regards to little snitch, if it's spyware you're looking for, then you can easily configure Firewalk to monitor your TCP/UDP or ICMP outgoing connections and give pop-up alerts. You can also limit applications from accessing the internet if you're very paranoid.

more about spyware, little snitch-

It seems some applications cause your browser to open and perhaps load a web page, thereby evading little snitch, because it is likely there is already a rule in place to allow your browser to send outgoing data on port 80.

Is there an effective way to prevent this kind of thing?

HenWen is a freeware Mac OS X interface for snort, a network intrusion detection software. It is not a firewall, but still a helpful utility for security purposes.

HenWen is here:
http://home.attbi.com/~dreamless/henwen.html

bassi- i am also negative on Netbarrier- haven't looked at it lately, but in OS 9 it reportedly modified the System file- that kind of behavior is not something i want to tolerate.

Firewalk looks very nice. I am starting to become a believer in more open source and unix software, though, and the firewalk firewall is proprietary.

The Little Snitch firewall is proprietary, too, I think, which is a drawback (IMHO).

So, some good software around, but still looking for:

1. freeware, preferably open source and unix-based, firewall that blocks ougoing packets to replace/combine with ipfw, has logging, and nice user interface.

2. solution for above problem- sneaky software starts up, launches your browser and loads webpage via 80, bypassing your firewall security.