When security researcher Jonathan Zdziarski took a job at Apple a few weeks ago, I heard from many people concerned about the future of his macOS app, Little Flocker, a tool that restricts apps and system processes access to files without permission. He was unable to talk details, but recently F-Secure, a leading security developer and analysis company, announced its purchase of Little Flocker, which it’s rebranded as Xfence.

I spoke to Sean Sullivan, security advisor at F-Secure, about the changeover and the general current set of risks to Mac users. He said Xfence, which was in release form as Little Flocker, will shift into a free beta mode for the foreseeable future. (Those who paid for a Little Flocker license will get some currently unspecified benefit as future pricing for Xfence and its inclusion in other products isn’t yet set. “Their license will carry through when there’s a paid product,” Sullivan said.)

The littleflocker.com domain remains up showing a maintenance page and the Check for Updates link, which queries that domain, currently doesn’t work. That should change when the new beta is released with Xfence branding.

For those who haven’t read about Little Flocker in the past, it was designed to combat ransomware, which is the greatest new scourge in the Windows world. Ransomware overwrites your documents with encrypted versions and the attackers demand payment, typically in Bitcoin, to release a decryption key. A few feeble attempts have been made to infect Macs, but because ransomware has such a low threshold to cause harm and such a high reward-to-cost ratio, you can be sure attackers are hard at work.

Little Flocker observes every time an app tries to open, write, execute, or otherwise modify any file or folder, and lets you set one-time, short-term, or permanent exceptions. It also has rulesets that it offers to add when it recognizes an app. Because Apple has its registered developers sign released apps with cryptographic signatures, the monitoring system isn’t fooled by malicious programs with the same name trying to inherit file privileges. Later updates added monitoring and blocking of audio or video input activation.

Sullivan said part of F-Secure’s goal to move Xfence forward will make it more accessible to a greater number of users. He’s right that that’s needed. While Little Flocker is invaluable if you want to know how apps are interacting with files and folders on your Mac, even the simplified mode requires too much system knowledge for the majority of users. It’s a tool for veteran Mac owners and system administrators.

Little Flocker also didn’t provide great help for people who use a macOS account without administrative privileges. Some people prefer to work at a lower-privilege level, as it reduces the impact of a security breach; others are users on a computer (family, work, or school) for which they don’t have administrative access. Ostensibly, Xfence will need to let an administrative user approve apps or delegate certain approval privileges, similar to parental controls.

The current release also requires a lot of interaction, though it decreases over time. As an experienced user wanting to see all the interaction, I don’t mind when new software or a software update requires I approve a number of requests. But a less-interested or less-advanced Mac owner might prefer to only have dubious actions highlighted.