There is a blog posting floating around to the effect that the developer got hacked, I assume using the WIN firewall, and he created Glasswire as a result. Probably its best features are just that; adding security missing from the WIN firewall. Those are specifically, the various real time monitors listed below: System File - any changes to the hosts file. Device List - any changes to network devices or drivers. Application Info* - program version, publisher, certificate, or .exe changes ARP Spoofing - MAC address changes. Proxy - any changes to existing proxy servers. DNS Server - any DNS IP address changes. Don't think this covers any redirects? Suspicious host** - any application Internet connections to a suspicious host. * - this appears to have some type of HIPS functionality along the lines of AppGuard, WinPatrol, and the like. ** - haven't seen any alerts from this one. Suspect their blacklist is a work in progress. No where close to that present in Emsisoft's web shield. I haven't seen it miss a dial-out with alert yet. Showed me connections I didn't know of previously such as a dial-out at start-up of Process Explorer - go figure? Also this approach of monitoring w/alert and logging of outbound connections is a sound one. Gives you time to research connection before deciding to block something. Do wish it would show service that svchost.exe was using at dial-out but that one is tricky to implement. Maybe he can get together with the developer of Windows Firewall Notifier who appears to have cracked that nut?
Correction! Dang, I was looking at peak memory usage. It actually uses around 38 MB + 5 MB for conhost.exe when idle. Strangely its memory usage drops to 12K when browsing? A bit more acceptable. I corrected my prior posting. What is a bit strange is both the monitor and service are using quite a few WIN 7 crypto modules. Makes me wonder if it is decrypting SSL browser traffic? Hopefully, that activity is just for site certificate checking.
So what is the verdict? It seems like you're quite positive about GlasssWire overall, do you recommend to install it? I'm currently using Win Firewall Control 4, I'm quite happy with it, but I do miss having a quick visual view of allowed and blocked apps, like I had back in the days with ZoneAlarm.
I uninstalled it. Actually uninstalled clean. You do have to reboot to get it's legacy driver entries out of the registry. Just couldn't live with relatively new and obscure software running a local host proxy on my PC and filtering all my Internet traffic through it. That's way to much power for my liking. Also the proper place for network filtering add-ons is to include them with your network adapter files. It is a nice tool to install and use to check out suspicious traffic but see no need to keep it permanently installed. Overall, TCPView takes care of most of my needs. - EDIT - I did have to reset the WIN 7 firewall back to default values to get rid of the Glasswire program from it although I had scrubbed my registry of refs. to it previously. Probably a good idea just to reset the firewall anyway to play it safe.
I know Avast used to and I assume still does, but not sure, for its web filtering processing. It was a hot topic in their forum since it caused problems with most firewalls at the time. Rules had to be created to allow for it in those firewalls. Also rules have to be created in the WIN 7 firewall; Glasswire added one for its inbound and outbound processing. - EDIT - Another interesting observation is I have UAC set at it's highest level yet the Glasswire installer was able to modify my WIN 7 firewall settings w/o a peep from it.
So bad it doesn't work on Windows Vista Any similar program recommended? I find GlassWire interesting but....
Just tried it out. Nifty little app that doesn't install. Would classify it as a jazzed up version of TCPView. It has no firewall functionality whatsoever like Glasswire has.
But I assume it doesn't block anything like full version of WOT does? Would be great if it did for .dll injection at least. -EDIT- Also CrowdInspect dials-out to home on port 433 at start up.
Proxy based monitoring won't be intrusive unless they use MITM for SSL/TLS connection, and if they do you can see its cert in your SSL connection. Kaspersky and many other AVs or parental control/web filtering programs also rely on proxy. The program itself seems interesting and useful, but I'll wait until it (& dev) establishes robust reputation and product matures.
Is GlassWire 1.0.40b compatible with Win8.1 X64 ? I use Bitdefender AV PLUS 2015. Will it work along with Bitdefender? Thanks.
No, I was talking about GlassWire, see this: https://www.wilderssecurity.com/threads/glasswire.367435/page-2#post-2472009
Oh, so it's hard to uninstall and way too intrusive for his likings... Well I don't really mind it for now, but I'll have to look into it.
Let me elaborate on the dangers of using any product that performs protocol and web filtering using a local host proxy. Starting with Vista and all subsequent Windows operating systems, protocol and web filtering are done by the Windows Filter Platform: https://msdn.microsoft.com/en-s/library/windows/desktop/aa363967(v=vs.85).aspx . Microsoft does not recommend nor advises that any external software be installed that in any way interferes or intercepts network traffic being monitored by WFP. The following are two excerpts from Eset's Smart Security 8 User Guide: 4.3.3 Protocol filtering Antivirus protection for the application protocols is provided by the ThreatSense scanning engine, which seamlessly integrates all advanced malware scanning techniques. The control works automatically, regardless of the Internet browser or email client used. For encrypted (SSL) communication see Protocol filtering > SSL. Enable application protocol content filtering – If enabled, all HTTP(S), POP3(S) and IMAP(S) traffic will be checked by the antivirus scanner. NOTE: Starting with Windows Vista Service Pack 1, Windows 7 and Windows Server 2008, the new Windows Filtering Platform (WFP) architecture is used to check network communication. Since the WFP technology uses special monitoring techniques, the following options are not available: - HTTP, POP3 and IMAP ports – Limits routing the traffic to the internal proxy server only for the corresponding ports. - Applications marked as web browsers and email clients – Limits routing the traffic to the internal proxy server only for the applications marked as browsers and email clients (Web and email > Protocol filtering > Web and email clients). - Ports and applications marked as web browsers or email clients – Enables routing of all traffic on the corresponding ports as well as all the communication of the applications marked as browsers and email clients on the internal proxy server. 4.3.3.1 Web and email clients NOTE: Starting with Windows Vista Service Pack 1 and Windows Server 2008, the new Windows Filtering Platform (WFP) architecture is used to check network communication. Since WFP technology uses special monitoring techniques, the Web and email clients section is not available. Again, from what little info I have been able to find about Glasswire and its developer, he supposedly wasn't satisfied with the protection WFP provided. I find that a stretch in that the developers of an established and highly regarded security software like Eset decided not to interfere with WFP's operation. Personally, I would seriously question any security product that is using its own internal proxy server to do protocol and web filtering including Avast. Now if you are still using XP, Glasswire "might" be of value; that is if you're fully confident that your network activity is not being monitored or altered.
Here's another link that shows the components of Windows Filtering Platform: http://sourcedaddy.com/windows-7/understanding-windows-filtering-platform.html The proper way to interface with it is via the third party API. A good read on how to get started is provided by none other that the infamous Komodia web site. Remember Komodia was a major player in the recent Superfish debacle .....: http://www.komodia.com/wfp_hl The important thing to note is by using the WFP API, you are incepting the data after it has been unencrypted. Thanks, but I will pass on anything using a local host proxy.
I noticed that the Pro version has gone live. IMO he's thinking too big. And then I'm talking about the pricing scheme, way too expensive compared to other tools. https://www.glasswire.com/features/