On the user level layer, systrace is not unlike Little Snitch, at least, to the vast majority of users. Systrace provides kernel-level filtering, which is quite advanced over that which is offered by Little Snitch, and is quite tuned for security.

Still, for the vast majority of users, I find that ‘Little Snitch’ will most likely be the most beneficial – it doesn’t require kernel hacking, and if you do something wrong, it’s trivial to remove a rule, or remove them, all together.

Personally, I’d love to see a ‘systrace’ type facility within the kernel – it’s powerful, easily extendable, and not ENTIRELY a third party utility loaded post-kernel initilization.

I doubt Apple will end up integrating this, but it certainly is a wonderful application, even touting an in-progress Cocoa port for the GTKish frontend!