The graph visualization is prime, and I love that the peaks are "rounded" out instead of sharp declines (sharp declines would make it look more like a live stock ticker).
Extremely well done, and exactly something I have been looking for. I will keep an eye out for the Mac version.
I ran into 5 problems:
1. It spit out vague error messages, requiring repeating the action in the CLI to see git's actual, specific problem.
2. There's no option to do the initial clone via ssh, which was a problem because http was failing to download the full repository.
3. It can't do merges, so you end up needing to use the git CLI anyways.
4. It crashed repeatedly while trying to handle large (1GB) repositories. Very sluggish and occasionally unresponsive on smaller repositories, too, especially with large single commits.
5. Various minor bugs. People would ask me stuff like 'how do I discard changes?' and I'd discover they'd gotten into a state where the menu would not appear until the software was restarted. They found it difficult to know when something confusing was inherent or a bug.
I wanted to love it, because it looks like it's good for beginners. Unfortunately, being pretty is not the same as being easy to use.
In the end, I introduced them to the git CLI, simply because I could always answer or find an answer to their questions about it.
I have since switched to SourceTree and it is working out well so far.
It's also mentioned in the blog post you've posted.
Disclaimer: I'm one of the developers of MahApps.Metro, I hope nobody minds the shameless self-promotion
To do so:
* Right-click on the Desktop background, Personalize
* Select Window Color button/link at the bottom
* Select "Advanced appearance settings..." link
* Click on the Active Title Bar in the preview area, or
select Active Title Bar from the Item dropdown
* Customize the font appearance, including font, color, size and weight.
There you go. Nothing wrong with the comment, but since you asked...
The people mentioning "this is an unpopular opinion", "why the downvotes" or "this will be downvoted to hell" always get the upvotes and indeed, I see the comment doesn't turn gray when I downvote so it means others already upvoted.
I have no affiliation with the developer, I've just found Little Snitch to be quite useful and thought I'd share (admittedly it's graphs aren't as nice as this app's).
Another point: many companies don't want to spend any time or effort on design, as for most applications, it won't translate into additional revenue. I would argue that many customers don't even care what the app looks like so long as it works and they can figure out how to use it.
Also you don't want to have to re-learn how to computer for every single application you open because somebody got bored with the current state of design for a network traffic monitoring tool.
UX is about the user experience - or rather, the user understanding the program.
Design is about the application looking good.
You can have both, or you can have either one, or neither.
The command prompt is a good example of the former - I'm sure we can all agree that the design isn't great, but functionality wise, it's doing it's job perfect. Giving commands to experienced users.
Perhaps it's my understanding of basic 3D programs, but I would point to 3D programs being the exact opposite, having a great design without a good UX. I always feel like I'm limited, in that I don't understand the millions of options. The programs themselves looks great, but I just don't understand how to use 90% of their functions.
I lost you after this sentence. I thought you were about to use this program as a shining example of ugly windows software.
I would also say that calling home is a huge no-no for this software. I would seriously consider revisiting that choice if I were you.
That's a very common and dangerous misbelief.
Security products should come from a trustworthy source. Open source doesn't imply trustworthiness. If I were to screw you, I can very well do it with an open source product and pre-compiled binaries. Some people will rebuild from source, but a vast majority will use binaries provided assuming that since I'm all "open source" then I must be trustworthy. Hell of an assumption to make if I am not.
This is even easier to do to closed-source products, and if you're worried about security than compiling your own binaries is a pretty basic measure.
It is not just that open source software is inherently more trustworthy than closed source software.
1. It is more resistant to backdoor attacks (related to trustworthiness) and more effectively hardened. Fundamental to security is transparency. You cannot secure something if you cannot understand its attack surface; insecure undocumented features (ie the recent iPhone discoveries) and binaries accidentally (or "accidentally") compiled with debug flags are only detectable if the source is available.
2. It is often more nimble and can respond to new threats which closed-source projects ignore. At my work, we were hit by as USB virus that McCaffe ignored despite our very premium support plan because it didn't exist anywhere else. This was before my time, but from my understanding it was a custom-tailored attack that was made in a virus creator -- a drag-and-drop not-so-advanced persistent threat. (Probably a prank or experiment; I work at a school.) If we used open source software, and the community shrugged at us, we could at least make our own signature. At it was, we had to bring the computers down one at a time, boot them into Linux, and run a script to delete the files and registry keys. This is the job antivirus software is meant to automate. I understand virus companies have a heavy workload, but what exactly were we paying for? With open source, you always get your monies worth. (For the software at least; open source support plans can still suck.)
3. Appsec is expensive, its not always something you can afford to pay for. If you aren't designing with security in mind from the start, its not just a feature you can build into your app. It will require pentests and likely a partial rewrite. On an open source project, theres a good chance someone will volunteer to close at least the widest holes. No one volunteers for closed source.
4. This is likely not a part of your threat model, but its harder to serve an open source project with a national security letter.
That said, all software is written and audited by a group of individuals. Ultimately it all comes down to trusting them. Even audits on open source software is done by a few individuals, so when using any open source security software, you are only really trusting them. Any sense of security more than that is a smokescreen. In that regard, I agree with you. Open source does not help with reducing risk of bad intention. That is a myth.
I just want to mention:
— The famous Debian-Bug, which lead to easily guessable "random" numbers. Nobody reviewed that code change for years.
— SSL Heartbleed. Nobody reviewed the code change by that guy. Not even the maintainer reviewed it.
So the problem with Open Source is, as I see it, that everybody - from those who are experienced - thinks, that someone else has done the review. Which leads to the situation, that at the end of the day nobody does a review.
I think this is a blatant counterexample actually.
The code _was_ reviewed. It passed the review. This just shows that security is hard and that reviews don't always catch everything.
But the only reason that heartbleed ever came to light was that OpenSSL is open source. Had it not been, such a bug would have been much much more difficult to find. Yes, this is not instant, yes, it takes time and leaves people vulnerable in that time, but it did work out in the end.
If a similar bug were to exist in proprietary software, there's a good chance it would never come to light at all. Save for the extremely dedicated intelligence agencies who may have the people and desire to exert the effort to find it. That's who proprietary security software helps.
The Debian bug isn't a terrible example, but it simply shows that distro-specific patches aren't well reviewed, not projects in general. Most people who want to see OpenSSL code go to OpenSSL, not Debian.
Bugs happen, reviewers miss things or may not look in the right places. Open source does not mean secure by any means, it simply removes some requirements of trust of a sole entity and eases reviews.
Just because you have examples of code that wasn't reviewed properly doesn't mean it applies to all open source software. I personally have my eyes on open source quite often, and I know many others who do. I also know we wouldn't have our eyes on it if it weren't for the source.
Really, software being open source doesn't make it secure. It's just a precondition that allows us to find out if it is secure (and fix it when it isn't). If it isn't open source, then we should assume the worst, as we likely have no other way of knowing whether it's reasonably secure.
Here is a story how it happened and how it was patched - http://en.wikipedia.org/wiki/Heartbleed#Discovery
Are you really arguing that discovering and fixing Heartbleed would be simpler and faster in a closed source form?
That is, one of the first things this GlassWire app did is connection to its home server. It openly admitted that itself, but nonetheless, why it did so and what kind of data (~200+ KiB, that's a fair amount that probably exceeds any analytic and update-checking needs) were transferred — I have no idea and I'm too lazy to figure out.
For an example, check out the Defcon 22 talk Hack All the Things, page ~61. NTV200-100NAS owned through unsigned updates....
It's like you didn't even read what was written.
For me it's a matter of principle. That people politely ask is both an indication of trustworthiness and how I prefer things to be, so I try to help by enabling it.
It also depends on the way they ask. Mozilla Firefox for Android tells me that I should choose what I share, enabling crash reports and disabling telemetry by default. Even though the crash report is technically opt-out, they ask me in clear terms. I like that.
We got your initial point..
I think you're just grinding metal at this point.. Ease down.. ease down...
Why just security-related software? It doesn't get special permissions or anything. All software can do equal damage on most operating systems.
> I personally avoid using closed-source tools for security purposes
I too prefer open source tools for security purposes, but that means that for security purposes I prefer all my software to be open source.
I must confess to using a few blobs for drivers, software that school wants me to run (for UML designing) and the occasional game. But overall, I'm pretty clean of closed source software.
Fixed that for you,
yours RMS ;-)
The company that made this is: SecureMix LLC (est. 04/15/2014); aka Free Firewall Antivirus LLC (est. 10/17/2013); aka Blue Quail Capital, LLC (est. 06/21/2010).
Here is the corporate registration: https://mycpa.cpa.state.tx.us/coa/servlet/cpa.app.coa.CoaGet.... The person opted to use a CPA (EDWARD H. GOWETT) to register their LLC (looks like a nice guy: https://www.linkedin.com/profile/view?id=34375436). And finally, the man, the myth the legend: ANTON BONDAR.
This app is not a one man show! This app, with all it's license stuff, backdoors etc.. all ready to know a lot of all your network traffic going in and out, and you agree upon all this when you install it. Now YOU got hacked! Or do you think the app will also show in detail what data they store and share on their servers and third parties and more?
767 point and counting on HN, amazing...
Surprise HN; I'm trying to grasp why this is upvoted so high (1) This submission has a reddit style storified title but doesn't link to the story (2) Uses the word "app" , to catch the mobile crowd, which for Windows wasn't used traditionally (That also explain the top comment, which is about aesthetics) (3) seems to suggest the problem is solved the first time, despite the fact that there are dozens of similar apps, commercial, free or open source.
_edit_: I can see that your post is relevant with regards to (3) - "problem solved for the first time". They may have some features that no others have, such as alerts. There are many similar apps though. One example: Netlimiter http://www.netlimiter.com/
To give you an anecdotal idea of how compelling that can be, I booted my gaming Windows machine just to take a closer look at it.
What I want is a simple no-worry IDS/IPS I can install on easily on Win or OSX machines. Have it use the rules Snort uses. Make it dead simple to install. Now I don't have to spend hours digging through logs or graphs by apps like these. The IDS/IPS just stops hackers from entering. I'm a sysadmin and I run IDS and its a game-changer for us. Yet somehow in the home user space, its non-existant.
No idea on how bad the licensing on those Snort rules is, but a 1-click WinSnort that auto-updated itself would be a game changer. I find it amusing that everyone lives in fear of Cryptolocker when a simple rule can detect Cryptolocker traffic and deny it access to the mothership to generate a key. No key, no encryption.
I could see this evolving into a smart firewall type app on top of these static rules. It could say, "Hey why is guy downloading an unsigned exe from a computer on the botnet list? I'll block that." Or "why is this guy sending out suddenly smtp connections to thousands of servers. I'll just block that."
Personally I've been looking for a little snitch equivalent for Windows for a while now and this one seems like a good starting point.
I think that the problem you might have with IDS/IPS for end user machines is similar to the problems that end users would have with this kind of software. Namely when it blocks/alerts it's very hard to translate the reason for the block (a SNORT rule) into something that's meaningful for a non-technical user.
the alternative is just to silently block, but that leaves the user with a problem whenever there is a false positive (which is a fairly large problem with network IDS/IPS in my experience)
Do you have any evidence of malicious intent/execution from this software, or this just your presumption based on their marketing?
By the way, I'm surprised this isn't a default feature of OS'es. I always thought knowing exactly what apps are talking to the world and how much is something one would like to know about.
See: http://blogs.windows.com/bloggingwindows/2013/06/06/windows-... and http://support.apple.com/kb/HT5890
Any chance you will support hi-res screens (see http://imgur.com/ztN8cL3)?
While I got you here, can I ask how many people worked on this and how long did it take? Just curious.
This is the information for DPI-Aware applications.
I would attach some source code from a game I wrote, but I don't have the source code of it at hand right now.
This will probably stop some drive-by hacking - great. But my understanding from some well informed people, is that increasingly rootkits can hide their network traffic.
So, whilst this will add piece of mind, you'll still need to maintain security - because all this will really do is let you know you've been "hacked" again. Sure, it may prevent the dropper from connecting out - but often that would look like Flash or Java just connecting out to a random host.
As someone who got hacked, and installed NoScript, I'm amazed at the number of hosts that even mainstream websites connect out to. I struggle to stay on top of my whitelists. I just don't think you're going to see the dropper in time and stop it.
it would be nice to have more info about how you monitor the connection and prevent any Trojans from going around the monitor point.
What's the overhead of Glasswire? For me it's 2-6% CPU (of my many core systems).
What does the gwdrv.sys kernel driver do exactly? Hook into the TCPIP.sys kernel driver?
Is the "Glasswire control service" an app update service? Blocking it in the "Firewall" tab has no negative side effect so far.
i.e., "spynetus.microsoft.akadns.net" could have some clearly Glasswire edited note that said something like "Used by Windows Defender". You could even add a +1232 Safe/-12 Unsafe that linked to a crowdsourced/forum sourced "what's this" registry. Sort of like reviews on processes or hosts.
Search for any common Windows service or .dll filename, and you'll get dozens of forum threads where people who have no idea what they're talking about try to figure out whether it's a normal part of the OS or the worst virus ever. These are the same people who open Task Manager every day and blindly kill everything that they don't recognize. (Doing so does tend to make Windows run faster, which reinforces the impression that svchost.exe was indeed a virus.)
Surprising really it has taken so long to get an app like this on Windows. I've been using My Data Manager on Android for a the previous 2-3yrs.
The closest I've gotten on Windows up to this date is CFosSpeed in traffic shapping = off mode + process explorer. There have been other apps that attempted to present the data, however none have done it like GlassWire.
Looking forward to the paid version, this is awesome :)
Got a few rendering issues on Windows 8.1
Hopefully these issues get sorted out, quickly.
1) It'd be nice to be able to scroll around directly on the graph using mouse gestures (middle-click drag?).
2) Graphing of bandwidth seems to be off somehow. If I do a speedtest.net, my ~104Mbps transfer shows up on the graph as 38 Mbps and the graph scale shows a max of 20 Mbps. http://imgur.com/QkZMVvj
Also, the Apps tab under Graphs says 250Mb for Steam. I have no idea what this value is supposed to reflect. Similarly, the Traffic tab shows a similar value (but slightly different value) for HTTP traffic which Steam is the only user of right now.
> GlassWire keeps an up to date list of known suspicious hosts and alerts you if you contact one. Suspicious hosts are often related to botnets, malware, and other malicious behavior
How is this implemented exactly? Does the app phone home? Does it do some sort of RBL check (if so, against which servers)?
I'm sure you can understand why I'm asking. In fact, it'd be ideal if the update checks would have the "remind" option like Bvckup2 has it - https://bvckup2.com/img/r8/screenshot-4-preferences.png
Is there any way to opt-in to share network stats? I, personally, would not mind and I think it would lead to a stronger product.
Here is a small suggestion. I actually didn't know I could close the tray notifications. When I looked closer at the notification, I saw the X in the top right corner. The X looks just like the background; maybe you should make it a little darker or somehow add more contrast.
Also, I think I may have discovered a bug. GlassWire thinks that Microsoft Word has transferred 253.7 MB, when it was actually Microsoft Silverlight (I was watching Netflix and had MS word open for a while). http://i.imgur.com/84qFF42.png
Can it import existing whitelists or blacklists?
If there are competing products (paid or free), a comparison would be helpful.
The only time I've been aware of getting hacked, my friend handed me his computer and said, "You're a nerd, find me a live pirate stream of the Big Game. Quick, people are coming over!" Friend may be too strong a word, but I gave it a shot even though I thought it hopeless. I went to some sketchy pirate sites, and I clicked on a link. A popup launched, and immediately there was an error; "Shockwave has crashed."
"Do you install updates?"
Another time, my brother was lamenting that he couldn't take pictures with his phone because his SD card broke. I never used mine, so I pulled it out and handed it to him. A few days later I had to get some information immediately and the only device available was my phone. I was on a website and an error popped up; it was to the effect of "Can't download someapp.apk because you don't have an SD card."
Edited to add:
https://incidents.org has good reads.
That's what I get in iOS. Teachable moment?
Beautiful app. Amazingly designed. Insanely useful with zero configuration. Would love to pay money for this, especially if you can bring this sort of zero click usability to a LAN environment.
This looks way easier and prettier than open sourced NIDS and HIDS like snort and OSSEC, and I think that's why I'm supremely skeptical they hired enough security people versus frontent people.
On a related note, I recently tested a number of firewalls for Windows using Comodo's HIPS and Firewall Leak Test Suite; the only one I found that passed all tests with virtually no setup or changes was SpyShelter Firewall. Not an endorsement by any means, just an observation.
I find the combination works very well. You get two ways to block things
(Little Snitch rules and Privoxy rules) and because Privoxy is so easy to
restart you can make "Deny" your default behavior since if the site doesn't
show properly, just restart privoxy and hit refresh.
Great looking app btw. Haven't had to work on a windows box in a long
time but if I do I'm definitely going to try this out.
Feels like a trap.
Edit: It seems it's using QT, impressive.
It was a piece of security software modeled after OpenBSD's pf firewall which let you define policies around network, file, and registry access for applications. You were able to setup really fine-grained policies as well, for example to only allow access to the C:\temp directory for list and read access, but to deny delete access, and to ask the user to accept/reject if it tries to open a file for writing.
So instead of monitoring access after the fact, CoreForce let you actively grant permissions and would either silently deny or interactively prompt you when an application went outside the resources you granted.
Downloaded it just to see if those screenshots were real. Keeping it because its awesome!
It'd take an amazingly complicated scanner to detect if GlassWire was, for instance, capturing your DNS requests and sending them somewhere. Or allowing updates to get loaded into its process space. I'd guess you'd need a nearly general AI to determine if any program is malicious.
If you cannot block new connections, it is likely the valuable information on your computer has been siphoned off, or glasswire bypassed before you noticed it on those fancy but useless graphs.
And yes, I check each one that pops up and don't put an approved one in permanently unless I know what it is.
Could you make it so when the graph rescales, it just doesn't snap into place, but gradually (say, animate over a half second) resizes?
EDIT: If I have GlassWire on my second monitor, and click "+ 2 more" to see what else is going on, the pop-up opens on my first monitor.
I'm definitely curious to see what the paid features will be...
That's what I currently do via NetUse, but this looks quite a bit better.
e: After trying it, yep, this is excellent. And far too good to be free. I almost feel guilty using it.
Here's my minor feature request (I'm sure you'll get a hundred or so today) - how about a config setting to turn on an automatic virus scan of the executable on first network activity? I imagine this would not be enabled by default for performance reasons, but I'd like to run it this way for a few days before reverting to default settings.
That used to do almost exactly the same as glasswire is advertising, 10 years ago. It died in 2005 when symantec acquired the company and killed the product.
* A pay-once Pro version
* A plugin API so I can add my ISPs usage monitor
* Per-app bandwidth limiting (difficult on Windows I think)
Supporting Telstra, TPG, Internode and iiNet would get you a large number of Australians, but I have no idea how you'd do the same for Comcast or Time Warner Cable.
Contact details are in my profile and I'm happy to be a guinea pig for this kind of thing.
Edit: This looks pretty good, actually - http://netusage.iau5.com/ispjs.html
I remember when switched to linux some years ago, the software I really missed was ZoneAlarm and still haven't find a nice alternative (for fast and easy control of the outbount(!)/inbound net trafic). I liked that I could block and unblock the internet access of each application from the systray icon.
I think it's much easier to set the filters and k control list for the applications while you are using the pc rather than setting them up all at once.
2. "Internet & Bandwidth Usage Monitoring" similar to the Glasswire screenshots. (Stats, Application List that access the internet, hosts, etc) and feature to block with a click some of these (apps,ports,hosts) or all
do I ask a lot? :)
Also I hope it has list of known malware hosts for which it should give a huge red alert dialog if a connection is made to it.
Isn't the best "trojan" horse that one, that comes as a security programm?
I'm always afraid, that software programs that aren't open-source steal sensitive data from my computer and upload it to the web. I experienced, how easy that is and no user ever knows, especially on MS Windows.
What usually happens with freeware like this is that it becomes adware or dies. I think you have enough features to charge for it now.
I am not able to connect to a remote server. I don't know why!
This is what I am doing:
1- Allowing server access in Server tab in Settings on one computer.
2- Trying to connect from another machine using the credentials.
I am not able to connect. Does anyone else face the same issue?
At least it so much better looking than other windows apps…
My point being it's a closed source project by using it you implicitly trust its developers.
most malwares will rip thru this like butter.
i would only trust something like this running out of the box believed to be compromised. in the router for example.
LS has a similar network activity visualization. You can of course drill down by process and such: http://i.imgur.com/ZQX0XEa.png
As a power user, I like alerts for all unclassified network activity on my machine. No affiliation with obdev, just a fan of LS.
Getting hacked? Make an app! Feeling paranoid? Make an app! House getting repossessed? Make an app! Hangover? Make an app!
One question, what does "powered by Symantec" mean?
Is this just a sexy UI on top of a Symantec engine?
I've encountered an issue with the Anti-Virus scan function. I'm using Symantec Endpoint Protection (SEP) and the SEP logs indicate that GlassWire does not perform any scans what so ever. A response to this would be greatly appreciated!
Maybe only visible with an UAC auth.
other than that am gonna say what everyone ELSE is thinking, Security + Microsoft, give me(us) a break, last time i checked the word security does NOT exist in Windows
am surprised how THIS made it to the top of HN, probably has something to do with those users who were defending IE's developer tools ;)
that should probably be fixed, not much point in a idle mode if it just makes things more difficult to investigate
edit: also currently using 1.3GB of memory. what.
How are you planning to monetize - Will there be a "Pro" version ?