Why is Windows Explorer connecting to the internet?

Internet Security
10

Explorer file details

Your Explorer file has different details because it was installed with Windows on a different computer at a different date and time. Generally, the dates will correspond to the last Windows version update or upgrade.

The case (lower or upper) of the filename does not matter because Windows and its file-system are case-insensitive. See Are all versions of Windows case insensitive?.

Although Windows is case-insensitive this doesn’t stop differences like the example you showed because there is nothing to stop some programs using lowercase and others uppercase, or even a mix of both. Originally DOS (the operating system Windows was built on) made filenames uppercase which is also why file extensions such as .EXE are more likely to be in uppercase. But nowadays it is much more common to display all filenames in lowercase just as GlassWire usually does.

Man-in-the-middle attack

I don’t think that you should worry about this for GlassWire. I don’t, because I have to have some level of trust otherwise I wouldn’t do much on the Internet.

There is little chance of a man-in-the-middle attack provided GlassWire is doing three things:

  1. All communications on the Internet use SSL. You can check that in GlassWire itself:
    image
    image.png1098×258 20.6 KB
  2. GlassWire should be positively checking the security certificate including the host name for each server it is communicating with.
  3. GlassWire protects its own infrastructure, including its own security certificates, from hacking.

Us users can’t check 2 & 3 ourselves but @Ken_GlassWire should be able to confirm they’re doing this.

You can find a lot of discussions about this on the Web, e.g. SSL and man-in-the-middle misunderstanding.

VirusTotal

It may interest others to know that GlassWire doesn’t normally send the entire file to VirusTotal to be scanned - that’s why the “scan” is usually so quick and doesn’t waste bandwidth. Instead it calculates a signature (an SHA256 hash) for the file and sends that to VirusTotal first.

You can check this in the screenshots when I scanned Google Chrome at 1.48pm. GlassWire shows several KB of throughput whereas Chrome.exe is actually 1.5MB in size.

image
image.png1100×543 27.3 KB

VirusTotal checks that signature against those from actual scans and finds that a file with the same signature scanned OK about seven hours earlier. So GlassWire doesn’t need to scan the whole file this time:
image

2 Likes