Concerns and Inquiry

Hello Glasswire Support,

I want to preface with, my hope that you won’t take offense to my skepticism of your software, given that your product is security related.

My concerns:
1. VirusTotal: I’ve downloaded the free Glasswire.exe and uploaded it to VirusTotal which came back with two hits which are:
Antivirus: VBA32 Result: TScope.Malware-Cryptor.SB
Antivirus: Zillya Result: Backdoor.RamnitCRTD.Win32.10438

• Screenshot: i.imgur. com/IsyWqqH.png
  2. Company: One of the creators of Glasswire made a ycombinator post years ago and replied to a skeptic who was hesitant to try Glasswire without knowing about the company or its founders. Jon Hundley replied that he ought to have an about page. 3 years later and there is still no about page on Glasswire.com. There is a contact page but not an about page in any conventional sense… No company name, location, photos of founders, etc. Now, I have very mixed feelings because on one-hand this is anti-malware software which helps thwart attackers BUT the same can be said for why that information should be public to potential or existing users. I personally find it disconcerting and unprofessional but would like to read your rationale behind an about page still being absent.
• ycombinator link: news.ycombinator. com/ item?id=8222652
• contact link: glasswire .com/contact/
  3. Granular Blocking: I’ve read that Glasswire can’t block individual IPs or Ports and I have a hard time believing firewall software would lack that functionality but can’t find whether or not that’s true.

My Intent:
Buy the Elite edition to have lifetime monitoring on my Windows 10 pro home PC as well as Windows 2008 server. Also, I do appreciate that you guys use HackerOne for bug bounties. hackerone. com/glasswire

– Any response would be greatly appreciated.

EDIT: Formatting

I’m not GlassWire support but I do use VirusTotal a lot so I checked the analysis. I can’t see anything to worry about.

The reported viruses are very old (2010 and 2013). So there is no good reason why the big AV vendors couldn’t detect and flag these too. So why didn’t they? I’d suggest that they are false positives.

If these backdoors were really there then I think that some lucky hacker would have claimed a bounty for them by now.

I’ve run that GlassWire installer on Windows 10 and

• had no AV products reports it: MalwareBytes, Microsoft Defender, Avira
• found no sign of the problems reported at the following virus databases:

VBA32 Result: TScope.Malware-Cryptor.SB

McAfee and TrendMicro don’t detect a current problem:
On the TrendMicro database since 2013
On the McAfee database since 2014

Zillya Result: Backdoor.RamnitCRTD.Win32.10438

2010 About ESET Research

@Reason

I am Jon Hundley currently using this account and I am the founder of the company. Sometimes other people use our accounts for support here.

1 - You are seeing what is called a false positive. I searched around and could not find how to submit a false positive to these two companies so they can fix it. If you can find the “false positive” submission URL for these companies please post it here I will submit it. Then these warnings will probably disappear.

Every time we release an update we upload it to VirusTotal and usually one or two obscure companies give a false positive. If we had to wait until VirusTotal was clear for every update we made we might have to wait months, or maybe never make a software update at all because some of these companies have no ways to submit false positives that I could find.

2 - Since that one HackerNews comment in 2014 nobody has ever expressed concern about GlassWire or requested an About page. I think this is probably because we were reviewed in a lot of other popular well known sites. Maybe we will consider an “About” page for our 2.0 website refresh, but I’m not sure what I could write there to make anyone believe our software is safe if they don’t believe the other online reviews about us.

I guess maybe if our software was completely open source then that would be a solution, but our software is closed source.

Our Windows software does check our update server for updates, along with checking its malicious host list and updating it. You can make GlassWire block itself if you don’t like this.

Our Android app uses absolutely no network activity at all and you can confirm this. We make money only through sales of our Windows software, but we may add in-app purchases to our Android software in the future.

You may also notice that there are other popular “data usage” apps in Google Play that not only access the network but they actually do log all apps you use, and some even keep a database to sell to third parties. Check out some apps there and read their privacy policy and you can confirm that’s the case.

If we wanted to log all your network activity as a “backdoor trojan” we wouldn’t even have to use a Trojan to do it. We’d have to make major changes to our software, then update our privacy policy like these apps on Google Play and say “we gather all your network activity and sell it to third parties”. Unfortunately some people probably wouldn’t even care, but we feel that spying on people and keeping their activity in a database is wrong.

Just to be clear, your network activity for all of our apps never leaves your device and we can’t see it even if we wanted to. Our privacy policy is here https://www.glasswire.com/privacy/.

Our company focuses on privacy and security, not selling your information to others for profit.

3 - We recently did a poll to see if more people think GlassWire is more of a network monitor or a firewall. Currently I think GlassWire is more of a network security monitor than a firewall. No, we don’t support host blocking currently. We use the Windows Firewall API for blocking so you can look at the changes we make to the Windows Firewall yourself and see if it’s dangerous or not.

Thank you for considering upgrading to Elite.

Message directed to: Servo_GlassWire,

Sir, with all due respect, when you say this: “Currently I think GlassWire is more of a network security monitor than a firewall.” then I would sincerely expect you to own up to this statement of yours and fix the Network tab so it auto-refreshes either each time when a device joins or leaves my LAN or on a 1, 2, 5, seconds interval basis or give the user a choice of customizing the refresh rate/intervals. For God’s sake, what’s a value of ANY network security monitoring tool if I have to go in there and click on refresh each and every time I want to know if my stupid neighbor is at it again? I get carried away with “things” on my network and I forget to refresh only to find out that I got owned 10 or 20 minutes ago? Why don’t you guys understand how vital this is? I am sorry to be ranting here, but if a few people out there complain about the high memory usage because of this, well, hey people, buy some more RAM, (shhh, don’t tell anyone-it’s very cheap right now). Please get me the option to turn on auto-refresh each time when blah blah blah… Thanks and sorry for the harsh lingo because this above mentioned feature is extremely important to me. Thank you for this wonderful tool and please keep improving it. Every one of us and every thing (including this tool) needs to grow and continue to improve. There is no perfection. Perfection is just a placebo. Take care y’all!

@dbf

Our first Network tab worked exactly like this. Then we found some types of Cisco hardware was giving false ARP Storm alerts from our client, so a lot of people had to uninstall GlassWire on company networks.

We then had to change the Network tab where it scans less frequently.

We even added a way to stop network scanning completely.

To disable Network auto-scanning completely create a text file called glasswire.conf and place it in the c:\programdata\glasswire\service folder. Add this string to the text file: enable_network_scan = false then restart the GlassWire service. We plan to add a setting for this in the future.

On 2.0 we plan to allow the user to choose scanning intervals so people such as yourself can scan all the time. I apologize for the problem. We meant for GlassWire to scan all the time because we also wanted this feature but we had to change it due to complaints from customers.

I think there may be a way for you to set the scan interval yourself, let me confirm with our team and get back to you.

Cool, thanks Ken! Speaking of this Cisco hardware, are we talking hubs, switches FWs, routers, meaning WAN hardware or is this on an intranet where people had issues/complaints? Reason I am asking is because I thought GW was built to support/work with LANs because I am not sure ISPs would like me to get out on their WAN and have any say out there behind my DSL router/modem at all? Thanks!

I don’t know exactly what hardware was giving the ARP Storm alert. The reports came in with our uninstall reports, and a few on Twitter. When I asked details they said Cisco but nobody would confirm the exact hardware.

The scanning should only happen on your LAN so you shouldn’t have anything to worry about.

@dbf

You should change the following parameters in your C:\Programdata\GlassWire\service\glasswire.conf file:
enable_network_scan=true
network_scan_timeout=1800

You can decrease the timeout between scans (network_scan_timeout in seconds). But we would not recommend extremely short time outs since it could slow down the network. You should restart the GlassWire service after your glasswire.conf file is changed.

Your “vital” requirement for auto-scanning for the Network tab doesn’t sound like a normal network where access is controlled from the router/gateway. In any normal scenario, the “vital” part is controlling access at your router/gateway so you won’t get “owned”.

How can your “stupid neighbor” be “at it again”? On a wireless network you enforce password access; on a cabled network you control who connects cables. Are you unable to do these things? If so, then why can’t you keep your neighbout out of your netwok?

When you say it is “my network” that usually means that you control who can access your network. GlassWire’s Network tab can be used to identify devices that should not be connected. Once you detect an unauthorised device then you prevent any further access - so they can’t do it again - by making changes at your router/gateway because GlassWire does not perform the “vital” function of access control for your network.

Remah, There are tools out there my dear friend that you’ll never get your hands on, if you lived for 500 years. I will not and shall not name those tools. I want this feature for a reason/reasons you will never know, I do not wish to speak of this in detail, publicly or in private. I apologize but I must say that these things are way over your head to even begin to understand them. One minor thing I will reveal: This is not about someone sniffing out the content of my packets because they are encrypted fairly strong but rather DDoS on the Network as soon as the WiFi gets turned on because it’s “scannable” (it gets sniffed out) even if the network ID is hidden (or not being broadcast). Please do me a favour Remah and don’t reply to me again, I don’t need your “expertise” on anything, I requested a feature to be able to have my LAN devices scanned in real time and Ken took care of that in his reply. Thank you Ken. Remah, please read some Bruce Schneier books (to name one, among many other smart Americans) so just maybe one day you’ll begin maybe to understand, maybe. I don’t need some kid out there preaching me anything at all. I didn’t even ask for your reply and you don’t have to be a part of every post or every reply. Just chill. K?

If there is a common vulnerability out there that we don’t know about then why not enlighten others … without being patronising?

If your neighbor is stupid, how did he get his hands on those tools?

Well, knowing if you’re a cat person or a dog person and if you prefer soft shell or hard shell tacos would reveal a lot.

Those days are long gone. I sorely miss the likes of Sunbelt, Online Armor and Outpost.

Comodo Firewall still presents some serious granularity if you want to put up with all the bloat they they throw in.

One can attempt to use old school stuff (Tinywall, Jetico, etc.) but who knows if they’re even doing the job in Win10?? I don’t have the time to check that out.

That said, you can use GW and still roll your own IP and Port rules in WFW Advanced Settings. I do that to block inbound the LAN IP addresses of my DVR, HDTV and Blu-ray player.

These days on my mix of Win7 and 10 systems, I trust WFW/GW or Bitdefender IS for the essential firewalling and depend more on a layered scheme; AV with web filtering, behavior monitoring and ransomware protection for security.

Cheers.

[quote=“dallas7, post:14, topic:4448”]

3. Granular Blocking: I’ve read that Glasswire can’t block individual IPs or Ports and I have a hard time believing firewall software would lack that functionality but can’t find whether or not that’s true.

Those days are long gone. I sorely miss the likes of Sunbelt, Online Armor and Outpost.[/quote]

Aw man I miss OnlineArmor… Forgot to mention that was kinda the sole reason why I wanted to try out Glass Wire…but apparently it doesn’t have such a feature…but still I would try its other features like the bandwidth monitoring and logging feature which is nice has I host game servers and would like to know what each individual server process uses how much network usage, etc…

Ia Comodo still going?? Wow…What happened to Zone Alarm? Dead too or still going?

Well try to hack your own PC and see if it works or not…if it works, then it’s not doing its job…if it doesn’t then it is…

I’m guessing they’re both hacker intelligent people who find ways to be dicks to each other and or others just for the lols…good thing I don’t have such neighbours around…or maybe I do but just don’t know it…?

You know when people say those things and then never reply back means they have intentions of using such flaws for their own personal gain or within their own circle and never for the greater good of others like those two guys or I think it was more before them, that found out the meltdown and spectre vulnerability…

There was a another one too if I recall - the wanncry ransomeware, supposedly the NSA knew all about this and force Microsoft to let the hole be unpatched until some guy also found out and decided to actually do some damage…