It makes me think of the Invincible meme, "that's the neat thing, you don't" with an asterisk.
Kidding aside if you're somewhat competent with macs and you can read, little snitch should be the first piece of software you install on any mac. It's not malware protection but it does at least make you aware of stuff wanting to do weird crap on your computer.
I ran little snitch for about a week years ago and there were hundreds of thousands of requests just from typical apple services so trying to curate that list was an exercise in futility. It's a nice GUI but not a useful tool. Plus the knowledge it takes to use LN ends up pointing you to using the more effective tcpdump+bintools and modifying your mac's packetfilter config file.
I've only used OpenSnitch, a Linux equivalent of LS.
Pihole operates at domain/subdomain level. So it won't resolve domains that are in your blacklist.
*Snitch operates at packet level, so whilst you can block a domain, you can also block an app's access to a particular domain but allow another app access, maybe only by one user and to a specific port.
Snitch takes much more setup and will annoy you until you've worked through all the usual traffic. It reminds me of the Proxomitron back in the day (https://en.wikipedia.org/wiki/Proxomitron).
Pihole just gives tells you what computer made DNS queries and to where.
Littlesnitch/tcpdump/wireshark/glasswire(I think?)/opensnitch are system level tools that attempt to monitor the individual connections - which processes made them, where they were too, and tcpdump/wireshark will also show you the content of the connection.
If malware uses ip addresses or it's own dns server then Pihole will never see it.
Snort and Suricata are more likely what you're looking for as an IDS for something network wide, they analyze network wide the individual connections and can do pattern matching with known malware lists. They can't tell you what process made the request.
A pihole certainly wouldn't hurt and is very easy to use, it's not really made to be an IDS AFAIK.
> I ran little snitch for about a week years ago and there were hundreds of thousands of requests just from typical apple services so trying to curate that list was an exercise in futility.
It is difficult to set up, but it's still possible. One of the main reasons I use Little Snitch is to stop Apple from phoning home to Cupertino so much, to take some control back for myself.
There are a ton of background processes on the Mac that can be blocked with no negative consequences AFAICT. Occasionally I trip myself up, but I'm willing to accept that consequence.
I've sometimes thought of publishing my Little Snitch setup, but the problem is that I'm typically 1 major macOS version behind, including now. A lot tends to change from version to version.
I've actually been having all sorts of weird issues with LittleSnitch after upgrading to Ventura.
For instance it was blocking requests from Python started by Sublime Text without prompting me about it (and there was no reject/drop rule in place that matched, it just didn't prompt), really annoying.
Anyone experienced similar problems using LS on Ventura?
Kidding aside if you're somewhat competent with macs and you can read, little snitch should be the first piece of software you install on any mac. It's not malware protection but it does at least make you aware of stuff wanting to do weird crap on your computer.