GlassWire

Discussion in 'other firewalls' started by Feandur, Aug 23, 2014.

  1. Tarantula

    Tarantula Guest

    Oh, come on. Comodo, ZoneAlarm, PrivateFirewall...are they using Win firewall as a base? I think not.
     
  2. haakon

    haakon Guest

    Bitdefender Internet Security, too. It's been a almost two years since I've had hands-on with Kaspersky IS and I'm sure if they since dumped their firewall and went with Windows that would have been Big News.

    And you think correctly. guest has long been inflicting his "nowadays any firewall" delusion here and no doubt elsewhere. He remains adamant even having been corrected on several occasions. So sad.

    As well, Windows firewall or not, Glasswire rocks. It's core function monitoring and reporting is superb. That it doesn't do any thinking for you is the issue most users whine about.
     
  3. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,570
    Firewall capability aside,i find the fonts way too small,on the gui/popups.Unless Im a foot away from the screen Ive got a job to see/read them properly.I have my pc plugged in to tv screen ,and the lack of font control really bugs me.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,433
    Location:
    The Netherlands
    I agree with this, the Win Firewall is quite good, I use WFC to control it. But I just expected a bit more from GW, on screenshots it looked cool, but I didn't see any true need for it. Plus I was annoyed about the high CPU usage, I'm not sure if it was some conflict.

    Yes correct, apps can still control outbound connections independent of the Win Firewall. But I guess GW is more of a network monitor with some extra options.
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,396
    Location:
    U.S.A.
    Actually, he's right on this one. Since WIN 7, almost all Internet Security suites use Windows Filtering Platform aka WFP: https://msdn.microsoft.com/en-us/library/windows/desktop/aa363967(v=vs.85).aspx . That includes Comodo:

    CIS uses WFP in conjunction with inspect.sys packet filter driver. Inspect runs at the lowest level (kernel level) where WFP runs at higher levels. I don't know the specifics about WFP works or how CIS uses it.

    Ref.: https://forums.comodo.com/firewall-help-cis/is-cis-using-windows-filtering-platform-wfp-or-what-t103704.0.html;msg757415#msg757415
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,433
    Location:
    The Netherlands
    That's not the point. GW can't control outbound connections independent of the Win Firewall (WF), but tools like Comodo and SS can. So if you block something in Comodo and allow it in WF, it's still blocked. WFP is an interface that's being used by security tools.
     
  7. guest

    guest Guest

    I think Comodo is going to change that in the next version.
    And there is no real advantage of having a separated firewall driver.
    Last update of Private firewall was in 2013, Outpost firewall has disappear.

    I wouldn't use "..." in your sentence since there are no more firewalls with its own driver as far I know.
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Not quite true. EIS uses it's own driver
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,433
    Location:
    The Netherlands
    You miss the point, almost all security tools use their own driver, but they can choose to use the Win Firewall for blocking outgoing or incoming connections. So your statement is not correct. Comodo will most likely continue to monitor inbound and outbound traffic independently of the Win Firewall, since that is what most HIPS and third party firewalls do. What is the advantage? Let's say that malware manages to bypass or disable the Win Firewall, then you're still protected by a third party firewall/HIPS.
     
  10. guest

    guest Guest

    There is no AV Suite using it's own firewall driver besides Comodo and Zone alarm for historical reasons
    You can control outgoing and and incoming connections with windows firewall ie. WFC does it and most AV suites are able to do it using the advanced settings
    HIPS has nothing to do with a firewall, not even at driver level.
    I haven't seen yet a malware able to bypass WF but I have seen a lot of malware able to kill CIS during the last years, youtube is plenty of videos and I have tested myself. I guess the same applies to ZA.
     
  11. guest

    guest Guest

    Well we have 4 products
    EIS (Online armor)
    ZA
    Comodo
    PF (abandonware?) last update 2013

    Then we have hundred of other firewalls, av suites... using WF which offer the same functionality, and there is no proof that any of those 4 fw is any better than WF
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    guest your inaccuracies are troubling. EIS(Online Armor) implies one product. Simply not true. It would be more accurate to display this.

    Online Armor(abandonded)
    EIS
     
  13. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,396
    Location:
    U.S.A.
    EIS interfaces with WFP as noted below. Most current Internet Security suites do the same. Most have drivers which interface with WFP using a NDIS miniport filter.

    Technically Emsisoft Internet Security isn't considered compatible with Malwarebytes Anti-Malware due to the fact that Malwarebytes Anti-Malware uses a WFP driver to capture network traffic for their website blocking, and that driver could cause problems with the WFP driver used by Emsisoft Internet Security.

    Ref.: https://support.emsisoft.com/topic/19289-compatibility-with-malwarebytes-anti-malware/
    Also the firewall used in EIS was designed from the ground up as a new piece of software and has no relationship to the firewall used in Online Armor.
     
  14. guest

    guest Guest

    I know that OA is abandon, I just assumed since you said that it has is own driver that the fw driver was a light "version" of online armor. That was my intention by putting OA brackets.

    But as itman said EIS uses WFP so we can take it from the list I added it there thanks to your inaccuracy.
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,433
    Location:
    The Netherlands
    I'm afraid you're still misunderstanding. Windows Filtering Platform (WFP) is an interface used by security tools like third party firewalls, HIPS and AV's. If a security tool is using WFP, this doesn't mean it can't control outgoing and incoming connections independently.

    To give an example, both GlassWire and SpyShelter use a WFP driver, but if you block some app from outbound access, GW simply creates a rule in Win Firewall. If SpyShelter blocks some app, it creates a rule in its own settings. It doesn't care about the Win Firewall rules. If you still don't understand, then I give up.
     
  16. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,396
    Location:
    U.S.A.
    Actually, you explained that well.

    Here are the specifics. Note the sections I underlined. Also important to note is the firewall used in most IS suites today, does not totally disable all of the Win firewall functionality. Doing so will also disable WFP as noted below. For example when using Eset's Smart Security firewall, you will see wording along the lines of "These settings are being managed by vendor application Eset Smart Security" when accessing Windows Firewall settings via Control Panel:

    Windows Filtering Platform (WFP) is a set of API and system services that provide a platform for creating network filtering applications. The WFP API allows developers to write code that interacts with the packet processing that takes place at several layers in the networking stack of the operating system. Network data can be filtered and also modified before it reaches its destination.

    By providing a simpler development platform, WFP is designed to replace previous packet filtering technologies such as Transport Driver Interface (TDI) filters, Network Driver Interface Specification (NDIS) filters, and Winsock Layered Service Providers (LSP). Starting in Windows Server 2008 and Windows Vista, the firewall hook and the filter hook drivers are not available; applications that were using these drivers should use WFP instead.

    With the WFP API, developers can implement firewalls, intrusion detection systems, antivirus programs, network monitoring tools, and parental controls. WFP integrates with and provides support for firewall features such as authenticated communication and dynamic firewall configuration based on applications' use of sockets API (application-based policy). WFP also provides infrastructure for IPsec policy management, change notifications, network diagnostics, and stateful filtering.

    Windows Filtering Platform is a development platform and not a firewall itself. The firewall application that is built into Windows Vista, Windows Server 2008, and later operating systems – Windows Firewall with Advanced Security (WFAS) – is implemented using WFP. Therefore, applications developed with the WFP API or the WFAS API use the common filtering arbitration logic that is built into WFP.

    The WFP API consists of a user-mode API and a kernel-mode API. This section provides an overview of the entire WFP and describes in detail only the user-mode portion of the WFP API. For a detailed description of the kernel-mode WFP API, see the
    Windows Driver Kit online help.

    Ref.: https://msdn.microsoft.com/en-us/library/windows/desktop/aa366510(v=vs.85).aspx
     
  17. haakon

    haakon Guest

    BDFWstuff.jpg
    BDFW2.jpg
     
    Last edited by a moderator: Mar 9, 2016
  18. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,396
    Location:
    U.S.A.
    Doesn't look right to me. I would check with BitDefender to verify that that the Win firewall service should be disabled. I am running Win 7. It might be different for Win 10.

    I know from experience that I have had the Win firewall mysterious totally disabled when using Eset Smart Security. When that happens, I just reset the Win firewall to default settings and reboot. Thereafter, it is back to the mode I previously described.
     
  19. haakon

    haakon Guest

    @ itman
    "Actually, he's right on this one...almost all Internet Security suites use Windows Filtering Platform"

    That's not same as guest's
    "any firewall uses Windows firewall as a base"
     
    Last edited by a moderator: Mar 9, 2016
  20. haakon

    haakon Guest

    Forgot to mention I run Windows 7, but since when has that detail been important in Wilders postings? :D

    From page two of the BDIS 2016 User Guide:
    Disable or remove any firewall program that may be running on the computer. Running two firewall programs simultaneously may affect their operation and cause major problems with the system. Windows Firewall will be disabled during the installation.

    The firewall log is devoid of errors and typically:
    2016/02/28 14:19:23.856 [BDFW] Library init completed successfully.
    2016/02/28 14:19:23.856 [BDFW] Driver init completed successfully.
    2016/02/28 14:19:31.204 [BDFW] Ip 192.168.0.256 added to device {f15c1818-SNIP-fc541}


    I run BDIS in paranoid mode full time and build rules as the alerts pop-up. Quite chatty at first, but that's the fun.

    BDFWrules.jpg
     
    Last edited by a moderator: Mar 9, 2016
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,433
    Location:
    The Netherlands
    BTW, if malware is capable of terminating HIPS, I'm sure it won't have any trouble disabling the Win Firewall.

    He seems to be confused between WFP and the Win Firewall, they are two different things.
     
  22. haakon

    haakon Guest

    Well then I wouldn't notice they are two different things to post up about. In which case I'd simply dismiss the any and almost all discussion with a "Duh. Yeah."

    You, on the other hand, are confused as to my expertise. ;)
     
  23. guest

    guest Guest

    It depends, some third party firewall have this implemented others don't, so what?

    What you don't understand is that all of them have in common that they are using the same driver made by msft, WFP.
    WF is just another interface using WFP.
     
  24. guest

    guest Guest

    I said this
    "Nowadays any firewall uses Windows firewall as a base"

    lets be more specific so every one is happy but I'm still right

    "Nowadays almost (but 2 or 3) any firewall uses Windows Filtering Platform (as WF) as a base"
     
  25. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,396
    Location:
    U.S.A.
    Yes. Eset's user manual uses the exact same wording. What that wording actually means is that the full functionality of the Win firewall is not in effect. Not that the Win firewall itself is turned off. Please bear with me since this subject is confusing as hell; even to those with technical knowledge.

    When a vendor firewall is interfacing with WFP, the Windows Firewall screen accessible via Control Panel should look as given below:

    Win_Firewall_Managed.png

    Additionally if you access the "advanced settings" option from the above screen, you will observe that the Win Firewall is indeed enabled:

    Win_Filewall_Advanced.png

    However if the Win firewall service is disabled, the result is all functionality of the Win firewall is disabled including WFP. When that happens, you would see a screen such as this:

    http://www.computerperformance.co.uk/images/win8/firewall_private.jpg
     
    Last edited: Mar 10, 2016
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.