Why I'm still NOT using the GW 'Firewall' :-(

I do love GW - I really do! It’s a brilliant program for which, at least from my perspective, there is not yet any worthwhile alternative.

– Except.

Please, we now have the long-awaited GW 2, and, oh my, its ‘firewall’ is indeed improved - but it is STILL only a TOY one! Please excuse my very real exasperation and scathing view of the travesty that the GW ‘firewall’ still is.

Seriously, I was assuming that at least when GW 2 came out I could dispense with Windows Firewall Control (WFC) and have a proper front-end for Windows Firewall right there in GW. And what do I find? – It’s only been tinkered with round an edge or two, and nearly all of the requests for a proper firewall UI in this forum have fallen on deaf ears!

It is clear that whoever chooses which features are to be included in GW has no intention at all for GW to have a genuinely useful or competitive firewall UI. So, having reverted to WFC after some 15 minutes of incredulity at the lack of useful change in the GW ‘firewall’ department, I now assume that I shall have to continue using WFC (with the GW ‘firewall’ switched off) indefinitely.

Here are the primary necessary features that I can think of now, which are still needed in GW’s firewall UI (there will be other important things that I haven’t remembered here), which are all fully implemented in WFC.

  1. Full list of the Windows Firewall rules, both inbound and outbound!! – At the moment GW does NOT display any of them at all! Instead it displays only a separate list of outbound rules that it itself has created. GW2’s one ‘improvement’ that I could see is that now its listing is ‘synced’ with the genuine WF list. Please, what we need is direct display of the WF rules themselves - and ALL of them, with all parameters displayed or at least displayable!

  2. Search and quick filter facilities!

  3. The standard quick sort of the list, based on any column, executed by a click on the relevant column heading (both for ascending and descending order), which you get in almost all programs’ listings, but not yet in GW!

  4. ALL parameters of each rule displayable (which they are not at all at the moment in GW), but with a right-click menu function on column header bar to choose which columns are displayed. That’s quite a lot of columns (a choice of 18 - yes, eighteen! - in WFC), but if the user can choose which to show, then everyone can be satisfied.

  5. Order of columns to be rearrangeable by dragging.

  6. Full rule editor popup on double-click upon any rule.

  7. Facility to manually create custom rules, including temporary ones, using the full rule editor mentioned in item 6.

  8. Full WF connection logs display function, with quick filtering both for inbound/outbound and for keywords.

  9. ‘New connection’ alerts need more choices than just Allow / Block, such as ‘Block once’, ‘Block temporarily’, and 'Block / Allow only through ports nnnn-nnnn, and so on - though of course the extra choices could be hidden through a user option in Settings, to keep things at the simplest for people who want it that way.

  10. Those alerts also need the option of a user-specifiable sound. I have an excellent distinctive but not too intrusive sound that I have WFC use for its alerts.

I haven’t time to give anything like a complete rundown, for WFC has masses of additional facilities and options available, but I think that the above list should give some idea of why I most definitely will not be using the GW ‘firewall’ in the foreseeable future and sticking with WFC as my firewall UI, while greatly valuing GW for all its other functions.

So, for the foreseeable future I have written-off the GW ‘Firewall’ as a travesty, a toy, and will not spend further time in concerning myself with the odd small ‘improvements’ that may be made to it. Basically it needs complete redesign to be a serious proposition as a firewall UI.

Sorry to have cause to sound a bit bruising on this occasion, but somebody at GW needs a hefty kick up the butt to get them thinking more clearly about the real needs for a firewall UI.

Philip

4 Likes

I’m using it just fine with paid version. Its actually the only thing I use it for. I haven’t run across a more simpler firewall before that is as light weight

1 Like

@PhilipGoddard

Thanks for your feedback.

Meanwhile you may want to also give your feedback here https://forum.glasswire.com/t/future-feature-requests so we don’t lose this post somehow in the future. Feel free to copy/paste it.

That’s a good list but I don’t agree with your primary point that GlassWire is only “a TOY one” or that it is not a “genuinely useful or competitive firewall UI”. I like the simplicity of the GlassWire Firewall interface. That is one reason is why I bought it.

I didn’t expect GlassWire to become a comprehensive interface like the Windows Defender Firewall with Advanced Security or Windows Firewall Control.

I also didn’t expect that we would get many features in the first release of 2.0. I expected most would follow in version 2.1 and later because the GlassWire team has generally tried to rein in our expectations.

Where I do agree with you is the need for many much-requested features. As you emphasize, the user interface lacks basic and commonly used features: sort, filter, select, edit, column organize, etc. The block and allow options are still too limited. And so on …

1 Like

Open-source:

I’m working on another one: Fort Firewall.

@Glasnet As mentioned here GlassWire Software Version Changes List “GlassWire now also checks the integrity of the Windows Firewall on every startup, and can restore itself if changes were made without your knowledge.”

I think the required permission level to edit the Windows Firewall is administrator, and if someone is administrator of your PC then they already have absolute control of your device anyway.

Nor does have to be or for GW users should it become. WFC is WFC. GW is GW. Two completely different market segments. It’s like you posted up all that hot air and useless lecturing about supercars in an SUV forum. Duh.

Anyhow…

For my personal Windows systems over nearly two decades it’s been the offerings from Sunbelt, Online Armor (Tall Emu & Emsisoft), Comodo and lastly the one bundled in Bitdefender Intenet Security, the latter with Glasswire Free. And I sure do miss Malware Defender which took up the largest swath of that timeline. Now it’s just Windows and GW Pro. In that time I also dabbled with firewalls in the enterprise, client and server side. I have certifications in Windows, Apple, Unix, Novell and AwCrap. Outside of business I’ve been online since a 110 baud acoustic modem, a C=64 and BBSs and FidoNet.

Firewalls have for many years now been marketed as a hybrid solution, wrapping network traffic (IPs and ports) with or without one or several or all of HIPS, behavior blocking, IDS and so on. The misunderstanding of this marketing has progressed to the point where current discussions on “firewall” have the same context as “vehicle” would have in a motorsports forum.

The protections presented by a network traffic firewall are no longer effective against the most dangerous players in the threat landscape. While a meticulously and expertly configured firewall can be a front line weapon, like restricting a POP or IMAP client to server IP addresses and ports, and who has that expertise? I do but I’m not going run that by Aunt Petunia nor am I going to configure that in her system.

All that said, Windows Firewall is a perfectly good network firewall and left on its own provides great network protection. As well, the recent (relative to Windows’ history) addition of the Network Inspection Service (NisSRV.exe) “Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols.”

For me, the ability to block with one click applications that “phone out” for no reason is GW’s #1 feature. And even for those that do for a reason, like sihclinet.exe.

The monitoring and reporting are superb. There is hardly a day I don’t check Usage to see what’s up.

As for GW’s GUI, software developers have been backed or bought into the modern/metro/millennium school of UI design of the rigid layout of minimalist data displayed with fancy spread out fonts in vast nondescript monocolor borderless fields and windows with narrow faint or hidden (!) scroll bars and barely-there sizers. I can’t blame developers considering the whining and moaning about apps with “dated” UIs.

PhilipGoddard’s numerous points for expert granularity, discovery and alerts are legitimate but, again, the expertise required is a percentage of a percentage of the market and GW is not it. Not to mention all that is so frowned upon by the screaming “quiet protection” and “install it and forget it” mobs.

Finally, there is the customizable dated ugly highly granular management console of Windows Firewall with Advanced Security (WF.msc) for special stuff. Other than the little flame rules like {Glasswire.app.out_2}, of course, IMHO Glasswire should stay out of there.

In my screenshot you can see where I built my own block for IoT entertainment gear in my home theater.

Glasswire rocks. And though it’s not a “firewall” the one for Android too!

WFWadv

Dallas7 - I’d gently point out that, in your fit of compulsive negativity you got me confused with somebody else completely unknown to me. The ‘hot air’ post you refer to was on a subject that is completely outside my life experience!:slight_smile:

I do heartily agree with the OP. However, maybe it is a bit too much to ask of the devs to make GW outperform WFC on a technical level. On the other hand, stuff like sorting the list really should be available. Or remembering an action - I cannot recall how many goddamn times I told windows photo service ‘no’.

In other words, if you are going to implement a functionality of some sort, it really should perform on a somewhat decent level. And I see no BETA BETA BETA warning anywhere, so yeah…

@silunare

The “remembering” problem is a known bug. We will have a fix out soon, meanwhile you can try our beta here Try the GlassWire Windows 2.0.81 beta!.

that’s a nice list there hopefully it has already been implemented now…or in future…