GlassWire

Discussion in 'other firewalls' started by Feandur, Aug 23, 2014.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,489
    Location:
    U.S.A.
    Relating specifically to the Bitdefender firewall, I came across an old PC Mag posting. It is very likely that BD never overcame this issue and continues to use its own driver instead of employing WFP:

    BitDefender LLC

    Iulian Costache, product development manager: "We are using it at this moment in the Windows 7 installations; however, we encountered major memory leaks. The bug proved to be from Microsoft's side (confirmed by them). Therefore we don't have an estimate on when the issue will be fixed. Due to this issue, we temporarily replaced the new WFP driver with the old TDI one, until the problem is solved from Microsoft's part."


    Ref.: http://www.pcmag.com/article2/0,2817,2356130,00.asp
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,896
    Location:
    The Netherlands
    Remember how this discussion started? I said that "Glasswire doesn't block outgoing connections itself, but it uses the Win Firewall". You said "so what, almost all firewalls do". Then I explained that this isn't correct, because they use the WFP interface, not the Win Firewall itself. There is a difference.

    Not really, WFP is the interface that's being used by WF and other third party tools.
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,489
    Location:
    U.S.A.
    More precisely, WFP is the driver used by the Win firewall exclusively. If the WFP driver is disabled, the Win firewall is not functional in any capacity.

    A third party firewall can use WFP as its driver. When this occurs, the front end of the Win firewall that controls rule creation and resultant monitoring of those rules is disabled and controlled by the third party firewall. However, the core functions of the Win firewall remain in effect as noted previously and repeated below:

    WFP is designed to replace previous packet filtering technologies such as Transport Driver Interface (TDI) filters, Network Driver Interface Specification (NDIS) filters, and Winsock Layered Service Providers (LSP).
    The user interface to the WFP driver is called a mini-port filter. You can observe same by opening up your current network connection properties and noting the filter in use.

    If a third party firewall choses not to use WFP as its driver, then it must use its own driver to perform the above core functionality.

    -EDIT-

    I forgot to mention that Microsoft also allows developers the option of selectively replacing components of WFP while allowing them to use other existing parts of it. For example, Eset's NOD32 and Smart Security use Eset's NDIS mini-port filter in place of WFP's NDIS filter. This allows Eset to capture incoming network traffic at the packet level and scan it for malware before it ever reaches the browser. It also allows Eset to unencrypt SSL traffic to support their SSL protocol scanning feature. Finally, it allows Eset to add intrusion detection system protection, i.e. IDS, to it's firewall protection.
     
    Last edited: Mar 11, 2016
  4. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,473
    If Glasswire is using WF (not sure about that) and WF uses WFP then Glasswire is using WFP, right?
    With WFP you can control outgoing connections, if Glasswire doesn't have it is because they haven't implemented it, not because WF or WFP are not able to do it.

    Well you said that most of the firewall have their own driver which is far from being true.

    Anyway is pointless conversation since I think we both are in the same page (more or less)
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,489
    Location:
    U.S.A.
    My main criticism of Glasswire is it deploys a local host proxy instead of using using its own NDIS mini-port filter. Existing local host proxies can be exploited by malware.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,896
    Location:
    The Netherlands
    Yes exactly, and that's what my complaint was about. I expect a more advanced tool like GW to offer outbound control that works without the help of the Win Firewall, just like SpyShelter for example. BTW, with SS I don't even need to disable the Win Firewall , it works alongside it. Perhaps the GW developer wanted to keep things as simple as possible.

    That is not far from being true at all. Most security tools like third party firewalls use their own driver. The part that you seem to be missing is that these drivers are using the WFP interface to offer their network protection or monitoring services. For example, with SS you can disable the the Win Firewall and it continues to block incoming and outgoing connections. GW doesn't offer this.
     
  7. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    494
    The free version is not quite a firewall (interface) though.It has nice, detailed logging features, but the firewall is the On/Off type.
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,896
    Location:
    The Netherlands
    Yes, this is what the discussion was about. It basically works the same as Windows Firewall Control, when it comes to blocking network access.

    http://www.binisoft.org/wfc.php
     
  9. korben

    korben Registered Member

    Joined:
    Nov 5, 2009
    Posts:
    762
    Can it be installed along with privatefirewall? I miss the feature of OA showing the internet usage.
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,896
    Location:
    The Netherlands
    I don't see why it wouldn't be possible, GW is more of a network monitor compared to a true standalone firewall like PF.
     
  11. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,098
    Location:
    UK
    Seems they have dropped the subscription method now and sell it for a "one time fee"...I've just bought the basic version using a 10% off coupon, I think its still pricey but a useful tool to have with its extensive info options.


    https://www.glasswire.com/buy/
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,896
    Location:
    The Netherlands
    I think it's a good move, I don't think a lot of people are willing to pay a yearly fee for these kind of tools. I do think they should implement a standalone outbound control feature (not depending on Win Firewall), but this should be optional. It should also feature an option to secure Win Firewall rules, just like WFC does.
     
  13. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    494
    That option made me use wfc, no other firewall except Private Firewall blocked stupid apps creating their own rules as they wish without my consent.
    Glasswire as a pure firewall is quite useless though.
     
  14. haakon

    haakon Guest

    Glasswire 1.2.54 released.
    https://www.glasswire.com/changes/
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,896
    Location:
    The Netherlands
    Yes, most HIPS do not even monitor the creation of Win Firewall rules, it's weird. This is really a cool feature in WFC.
     
  16. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,204
    TinyWall has always been able to do that. Other apps can't make rules to Windows firewall. This is news to me that WFC can now do that too, I think it was not able to do that in the past.
     
  17. haakon

    haakon Guest

    1) Glasswire doesn't do that. One must actually click on a listed application to create (or remove) its rule.

    2) Glasswire uses Windows Firewall. But many will agree with you on Windows Firewall's impurity and uselessness. :)
     
  18. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,204
    Your reply just proves that you don't understand the concept of a firewall. To block unknown apps their internet connection. And to prevent other apps except the firewall change the platform filtering rules. Most of us do agree that Glasswire is no firewall.
     
  19. max2

    max2 Registered Member

    Joined:
    Sep 22, 2011
    Posts:
    350
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,896
    Location:
    The Netherlands
    In this thread there is already plenty of info, both the good and the bad.
     
  21. haakon

    haakon Guest

    In the decades-long history of "firewall" products, "to block unknown apps their internet connection" is a recent arc.

    To "understand the concept of a firewall"? Like to "understand the concept of a water filter"? Like to "understand the concept of sauce"?

    There are firewalls and then there are firewalls. And then other firewalls. Oh look, another one!

    I administered firewalls in the enterprise since the early 90's. If I could get through a 10 hour shift without having to deal with a "firewall," wherever or whatever it was, I was a happy camper. I've also built/owned 54 Intel/AMD PCs. I knew Windows 2 on a 286 on ARCnet. Or was it IBM Token Ring?

    Currently and since early 2015 I run GW on three systems, two windows 7, a bit later one 10. One 7 with BDIS, the others WFW. I also have three family members and four acquaintances running it for GW's superb monitoring and logging. Over the phone I can, for example, direct to the tray icon, Usage, Apps, and Day screen and ask if the Bitdefender Security Service has any host entries using the word "nimbus" (their cloud services) - about a 10 second task even for the clutziest user.

    I know exactly what Glasswire is. And Windows Firewall. And "firewall." Your posting proves you don't. ;)
     
  22. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,204
    My post was somewhat too harsh and judgemental haakon, I was not intending to hurt that much, so I'm sorry about that.

    Windows firewall, with default settings is fine for most users. And some logging features of GW might be just what some people desire.
    Routers have also the ability to guard us against incoming connections. That is the basic firewall function.

    These days when we talk we talk about firewalls here, we are concerned about outbound connections. Windows firewall is totally impractical (hope that is a correct english word) on its own vanilla for that. And has some vulnerabilities of getting tampered.

    That is the reason we have and are running programs like TinyWall or WFC. Some also run programs that utilize the WFP instead of trying to control the Windows firewall. All these are for trying to control the outbound.

    Best wishes and sorry again for my harsh post.
     
  23. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Its been along time since I did any adjustments to the windows firewall. I am including a link on a how to for outbound connections.
    I already found a script to add all the windows 10 connecting to home but is there a more comprehensive one or ones out there?
    I had posted the one I use here but can't remember where.
    http://www.brighthub.com/computing/windows-platform/articles/128791.aspx

    Ahhaaa found it. Stop Windows 10 spying on you using just Windows Firewall

    http://winaero.com/blog/stop-windows-10-spying-on-you-using-just-windows-firewall/
     
  24. kerykeion

    kerykeion Registered Member

    Joined:
    Jun 30, 2010
    Posts:
    275
    Location:
    Philippines
    Interesting, I just found Glasswire on Steam as "Free to Play" / Pay to win? :shifty:
     
  25. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Installed , GUI opened, This is where it is stuck.
     

    Attached Files: