by Chris Taylor
Windows firewall since XP Service Pack 2 does the basics of what is
most needed in a computer firewall; allowing all outbound traffic (so
you can access web sites, email, Skype with friends, etc.), and
blocking all connections from the Internet that you didn’t
is a threat that such a one-way
firewall can’t protect against. If you have malware on your
computer, it almost always connects to the Internet, either to
communicate with a command and control
server for instructions on what malicious action to do, or to send
your data/files to the attacker. Because the traffic is coming from
your computer, the Windows firewall will happily allow the traffic.
respond to such threats, two-way
firewalls can not only block the connections from the Internet that
you didn’t initiate (as with a one-way firewall) but can
additionally block outbound traffic. There are a few freemium two-way
firewalls, ZoneAlarm probably being the best known.
two-way firewall has to allow good
outbound traffic or you may as well unplug from the Internet! There
are several ways it can decide if outbound traffic should be
permitted. The most common is to pop up and ask you if you want
to access the Internet. And therein lies the problem with two-way
firewalls – at some point you are going to be asked if something
should be allowed to access the Internet and you will have no idea
what the right answer is! I hate that.
recently came across an interesting firewall product called
GlassWire. The freemium version is more of a monitoring program. It
works with the Windows firewall to provide reporting capabilities.
The premium versions can do more. More on that later.
can provide a wealth of information. In this example, GlassWire’s
option is detailing the following for my selected period of 24 hours;
a list of the programs that sent/received data over the network and a
graph showing data volume and alerts. The box near the centre shows
where I clicked on an alert to get details.
can pause the scrolling chart; useful for short time intervals such
as 5 Minutes.
Clicking a program name will change the graph to only display traffic
for that program. You can take a snapshot to have a permanent record.
option shows overall traffic volume, with columns for Apps,
Clicking on a program brings up details; where it is installed,
version number, name of the publisher, hosts it has accessed, and
more. Clicking on a host shows details of the traffic to/from that
host, programs that have accessed it, and its IP address.
of the above I found to be interesting. But, quite frankly, I am not
about to have the GlassWire window open at all times so I can monitor
feature really interested me. When a program first accesses the
network, GlassWire pops up a toast notification at the system tray.
If you don’t recognize the program, you can investigate to find if
it is a normal process or perhaps something malicious.
problem is that toast notifications disappear after a few seconds so
you might miss something important. The system tray icon for
GlassWire is badged (numbers are added to the icon), so you can see
if there are alerts you may have missed and you can go to GlassWire’s
section to see them. It would be nice if GlassWire could optionally
use the Windows 10 Action Centre
to keep the alerts front and centre longer. Another option might be
to make them available by right-clicking on the system tray icon.
to this point, I was still a bit iffy on the usefulness of the
program. Alerts might help me find out if I have something malicious
on my computer, albeit after the fact. As well, there are times I
want to see details about my network traffic. But overall, I thought
it required a bit too much of my attention.
it did not fundamentally deal with the problem I mentioned before –
the inability to always know if something should be allowed to access
the network or not.
example, GlassWire alerted that Touch
User Mode Driver accessed the network
for the first time. I never (knowingly) installed something called
Touch User Mode Driver.
I could Google for it and try to determine if this was something
malicious. I had just plugged in my Wacom drawing tablet, so it was
probably related to that. GlassWire does make it easier to see some
of the details about the program. Clicking on the alert gave the name
of the executable, version number, where it’s installed, and the
publisher (Wacom Technology Corporation). So, it looked like it
should be okay.
GlassWire added a killer feature; when programs first access the
network, GlassWire can automatically check them at the Google-owned
VirusTotal web site, which checks the program with a huge number of
anti-malware programs. Try it yourself at http://virustotal.com.
feature is off by default. To turn it on, click the GlassWire
menu in the top left, Settings,
As you can see in the example, the toast notification told me that
Touch User Mode Driver
accessed the network for the first time, was checked at VirusTotal,
and 0 of 67 antimalware programs found a problem with it.
may not know what Touch User Mode Driver
is, but I’m not particularly worried because none
of 67 antimalware programs found it malicious!
thing I would like to see changed; if even a single
antimalware engine at VirusTotal thinks something GlassWire has
uploaded is malware, I would like some kind of high-priority alert.
As it is, these alerts are treated just like any other informational
is a freemium
product. It installs as the full Elite
product. After 7 days it goes into reduced functionality mode. All
the features I have mentioned so far will remain for free. It is a
great product even in this reduced functionality mode. But there are
some nice additional features you get if you are willing to pay.
a new program tries to access the network, you can have GlassWire ask
you if it should be allowed or not. You can easily flip any program’s
status between allowed and blocked. You can even put GlassWire in
mode, where all outbound traffic is blocked.
mode lets you have a small window open all the time showing activity.
You can size it, set it to always on
top, and adjust transparency of the
can see what devices are on your network and be notified as devices
join or leave. WiFi Evil Twin
notifies you if a new access point shows up with your network name.
you have limited bandwidth, you can have GlassWire warn you when
approaching the limit.
profiles allow different settings in the program depending on your
situation, such as home vs. public WiFi. Or perhaps for a special
circumstance, you want to block all but one application.
are many more alert types available such as while
you were away, changes to DNS,
suspicious hosts, and much more.
for the premium version range from US$39 for one PC to US$99 for 10
PCs. Higher-priced versions also allow longer history retention.
I was wrapping up my review I contacted GlassWire with a few
questions. I had been using an older version of the product that did
not start out with all premium features. They answered my questions
and provided me with a complimentary Elite
license that permitted me to test the features in the premium
offerings. Thank you GlassWire.
from SecureMix LLC: www.glasswire.com
Free: (some features limited)
Basic: US$39 for one PC
Pro: US$69 for three PCS
Elite: US$99 for 10 PCs
Android version: free
requirements: Windows 7/8.1/10, 1 GB RAM
published: June 2018
top of page