Hey Ken
I’m one of those very same security professionals, so I say this with the greatest of respect.
I understand GlassWires approach, its effectively to “simplify and do no harm”, and everything you say 100% makes sense, but only where GlassWire is used in a business environment and put under the control of end-users.
But from a Consumer perspective, GlassWire is not a Firewall, its a traffic monitor with some capacity to block user-level applications from accessing the network stack (on or off), there is zero ability effectively manage the operating system services.
A Firewalls purpose is to be a gate-keeper to the network stack, and often the biggest risk and concerns for end-users is not from software they install, it comes from
- File-less power shell script, pulling down malware from obscure sources (ransom ware etc).
- A system service being hijacked to create a persistent reverse-tunnel and allow the attacker remote access to the PC
- Leaking of data that users might not wish to part with (Often referred to as “Telemetry”)
Presently the default Windows Firewall rules do little to prevent these, and Glass Wire would not warn a user or allow them to block it.
Given you need to balance business versus consumers (I’m not sure which represents your biggest user-base). My advise would be, add “Advanced” options that present blocking options under the Usage tab for blocking (with options to remove blocks under Firewall tab), this can be enabled/disabled through the settings (With full warnings about the dangers), then add a Registry value under HKLM that effectively removes the ability to enabled the “Advanced” options.
Businesses can then control this via GPO (or some 3rd party tool) and the business-users could not circumvent it as they usually don’t have local-admin privilege.
If you want to get extremely useful in the consumer market:
- Add GeoIP blocking - A lot of users are concerned about their data finding its way to foreign soil… i.e. US citizens to Russia and China (and vice versa)
- Add FQDN Blocking based upon category (Adult, P2P, Known Malware, Social Media etc - These DB’s are available). You could even add a schedule.
- Allow the “Advanced” setting I mentioned above to be set from the “Master” GlassWire (i.e. on my PC) and push to the Monitored Firewalls.
With regards to Little Snitch, there are some core-setting in Big Sur, that can be tweaked to give it full visibility and blocking… its just Apple has squirrelled them away.
Anyway, I’m going to with another option for now, but I will keep an eye on GlassWire… Like I mentioned, I love the monitoring (and presentation), but thats only 50% of a firewall, if you add the other half, you’ll have every privacy and security concerned person signing up!