Am I being a moron? Blocking seems extremely rudimentary

Hi All

So I found GlassWire about 2 years ago, but only just got round to testing it as I want something to protect the new laptops my kids got for xmas, so was looking at a Pro license - But what initially looks like a polished product, actually have a very rudimentary firewall…

  1. The only option allow or block all traffic per-App, there is no control as to what hosts or ports it can connect too
  2. There is no options to allow or block running system services (i.e. Windows Firewall by default is far too liberal with allow service inbound and outbound connections automatically)
  3. There is no ability to block traffic from the “Usage” tab (Which is the obvious place to put an option “Block this host” or “Block this port” etc)
  4. GlassWire does not prevent Apps creating their own Windows Firewall entries?

I’d like to know am I wrong on these point? There is nothing wrong with a basic product - Many people obviously still find it useful… But its not going to meet my needs which is a great shame (as it’s Monitoring is the closest thing on Windows to Little Snitch, its just lacking in the security enforcement front).

Hello @Kelv1n,

Thanks for your feedback.

You can read this forum page of features GlassWire users have requested in the past and you can also contribute there. https://forum.glasswire.com/t/future-feature-requests

The scenario you describe above is one reason why we are taking our time to make sure a host or port blocking feature is implemented in a responsible way. Not everyone is as sophisticated as you.

For almost everyone using GlassWire blocking the most used hosts under our “usage” tab will most likely break a service that the user needs or is heavily using, for example a CDN server Content delivery network - Wikipedia for Windows Updates, game updates, app updates, or some type of streaming service like Netflix or Youtube. I’m also afraid blocking ports could cause even more serious and confusing issues to make many PCs suddenly unusable.

We would also appreciate feedback on what ports/hosts you’d block with a child’s laptop. Did you plan to use a firewall to block adult content or something like that? Your feedback will help us understand your use case so we can consider that use case when adding host blocking.

We’ve always designed GlassWire to do no harm and we want to make sure that when we add host blocking we won’t cause harm to our customers in unexpected ways, for example blocking important security updates for apps or Windows itself.

For GlassWire’s firewall rules, they will revert back if another app tries to make changes to the GlassWire rules. In fact if you look at the forum you’ll see someone recently complained about this functionality.

If you have Windows Firewall rules before GlassWire is installed and our firewall is set to “off” then we won’t touch the Windows Firewall API at all. Many IT/Information Security professionals use our software at many different companies and organizations. Through feedback from those professionals we have made GlassWire not touch the rules those professionals have already created on their systems. Many IT/Infosec pros may not even use or need our firewall features, but instead they need our detailed network visualization features that make our software unique.

Once GlassWire’s firewall is set to “on” and some rules have been created then GlassWire will revert back the rules if those rules are changed, so GlassWire should not let other apps change GlassWire’s rules.

Also, Little Snitch is an awesome app! We’ve never tried to be like Little Snitch (maybe you feel we should?) and you probably noticed our app is completely different. It’s unfortunate that the latest MacOS versions completely bypass firewall software Apple's own programs bypass firewalls and VPNs in Big Sur - Macworld UK. Hopefully Apple will consider making changes in the future for advanced people such as yourself who feel the OS default software is too liberal with connections.

We don’t feel it’s fair that the OS itself would decide to bypass any endpoint firewall (or VPN) the user is using as is currently done with the MacOS.

2 Likes

Hey Ken

I’m one of those very same security professionals, so I say this with the greatest of respect.

I understand GlassWires approach, its effectively to “simplify and do no harm”, and everything you say 100% makes sense, but only where GlassWire is used in a business environment and put under the control of end-users.

But from a Consumer perspective, GlassWire is not a Firewall, its a traffic monitor with some capacity to block user-level applications from accessing the network stack (on or off), there is zero ability effectively manage the operating system services.

A Firewalls purpose is to be a gate-keeper to the network stack, and often the biggest risk and concerns for end-users is not from software they install, it comes from

  1. File-less power shell script, pulling down malware from obscure sources (ransom ware etc).
  2. A system service being hijacked to create a persistent reverse-tunnel and allow the attacker remote access to the PC
  3. Leaking of data that users might not wish to part with (Often referred to as “Telemetry”)

Presently the default Windows Firewall rules do little to prevent these, and Glass Wire would not warn a user or allow them to block it.

Given you need to balance business versus consumers (I’m not sure which represents your biggest user-base). My advise would be, add “Advanced” options that present blocking options under the Usage tab for blocking (with options to remove blocks under Firewall tab), this can be enabled/disabled through the settings (With full warnings about the dangers), then add a Registry value under HKLM that effectively removes the ability to enabled the “Advanced” options.

Businesses can then control this via GPO (or some 3rd party tool) and the business-users could not circumvent it as they usually don’t have local-admin privilege.

If you want to get extremely useful in the consumer market:

  1. Add GeoIP blocking - A lot of users are concerned about their data finding its way to foreign soil… i.e. US citizens to Russia and China (and vice versa)
  2. Add FQDN Blocking based upon category (Adult, P2P, Known Malware, Social Media etc - These DB’s are available). You could even add a schedule.
  3. Allow the “Advanced” setting I mentioned above to be set from the “Master” GlassWire (i.e. on my PC) and push to the Monitored Firewalls.

With regards to Little Snitch, there are some core-setting in Big Sur, that can be tweaked to give it full visibility and blocking… its just Apple has squirrelled them away.

Anyway, I’m going to with another option for now, but I will keep an eye on GlassWire… Like I mentioned, I love the monitoring (and presentation), but thats only 50% of a firewall, if you add the other half, you’ll have every privacy and security concerned person signing up!

5 Likes

Thanks for your feedback. We will work hard to improve GlassWire in the future.

I searched a lot online and I could find nothing about this. Any info you could share on how to do this would be very much appreciated by our community.

I’ll see if I can dig it out, there is a small group on Github who wrote a script - Originally it was written for Catalina, but it is being updated for Big Sur.

It seems there is a .plist file, but it’s protected behind SIP and some other check… so it requires you to into Recovery, disable SIP, then mount the location of the script and execute it. Which is great for people who don’t mind hacking… but this will never be done in a business environment, which causes a quandary - Do we keep allowing users to request Macbooks!

Personally, I’m still on Catalina at the moment, I’m holding off upgrading until its more perfected…

Hey Ken

See here Disable bunch of #$!@ in Catalina - Note about Big Sur: https://gist.github.com/pwnsdx/1217727ca57de2dd2a372afdd7a0fc21#gistcomment-3448419 · GitHub

Looking for a comment by “ecompayment” on 23 Nov 2020 …