Wow. I hate how so many Windows applications are considerably uglier compared to Mac counterparts. The Windows apps don't seem to push forward Windows design but rather get stuck in the Windows XP design days. This is beautifully designed and clear.
The graph visualization is prime, and I love that the peaks are "rounded" out instead of sharp declines (sharp declines would make it look more like a live stock ticker).
Extremely well done, and exactly something I have been looking for. I will keep an eye out for the Mac version.
It's a little over-simplified, I think. In migrating some technical writers to git, I thought it might be a good tool to introduce people to git.
I ran into 5 problems:
1. It spit out vague error messages, requiring repeating the action in the CLI to see git's actual, specific problem.
2. There's no option to do the initial clone via ssh, which was a problem because http was failing to download the full repository.
3. It can't do merges, so you end up needing to use the git CLI anyways.
4. It crashed repeatedly while trying to handle large (1GB) repositories. Very sluggish and occasionally unresponsive on smaller repositories, too, especially with large single commits.
5. Various minor bugs. People would ask me stuff like 'how do I discard changes?' and I'd discover they'd gotten into a state where the menu would not appear until the software was restarted. They found it difficult to know when something confusing was inherent or a bug.
I wanted to love it, because it looks like it's good for beginners. Unfortunately, being pretty is not the same as being easy to use.
I have run into 2, 3, 4, 5 as well. And in general, I often feel like the tool is not telling me what it is doing (especially while handling large repos when operations some time take considerably longer)
I have since switched to SourceTree and it is working out well so far.
MahApps.Metro has been my go to for simple interfaces. Mix it with ReactiveUI and some saner DI, and it's just awesome. Thanks very much for your work!
GitHub for windows was awful last time I tried it. Didn't follow standard desktop application HIG and was annoying to figure out, sluggish. I've had a markedly better time with SourceTree. I hate it when apps force their own design instead of following the user's window manager settings and form.
Github for windows is mind bogglingly bad. It's like staring into the sun. Nothing works like you'd expect it. They do their own thing. They should consider using a design similar to btSync. Now that's a good clean UI/UX.
I'm a Windows user (go on, press the down arrow) and I don't care about app design. Give me military ship grey windows, text menus and a way to hide all icons. Windows 2000 was for me the apogee of 2D design.
I'm in on Windows 2000. Active window titles that could be set to bright colors to distinguish the active window from all the others (mine was canary yellow). I miss you Win2k.
I don't have a Windows 8.x box to check on, but on Windows 7 you can still set the display attributes for active windows - it's just a bit more buried.
To do so:
* Right-click on the Desktop background, Personalize
* Select Window Color button/link at the bottom
* Select "Advanced appearance settings..." link
* Click on the Active Title Bar in the preview area, or
select Active Title Bar from the Item dropdown
* Customize the font appearance, including font, color, size and weight.
I may be wrong, but as far as I know, the only way to access these settings in Win8 (without extra apps) is regedit. HKEY_CURRENT_USER\Control Panel\Colors has the keys you want.
Despite flat design being categorized as a fad by design news today, I would LOVE a Win2k style desktop with flat design. Could probably just be a texture swap.
I think that you are missing out on the concept of design if you limit your understanding of it to the color and shape of the widgets. When it comes to Windows, I definitely prefer the W2K look, but I wouldn't say that I don't care about app design.
There you go. Nothing wrong with the comment, but since you asked...
The people mentioning "this is an unpopular opinion", "why the downvotes" or "this will be downvoted to hell" always get the upvotes and indeed, I see the comment doesn't turn gray when I downvote so it means others already upvoted.
On the subject of Mac counterparts, I highly recommend Little Snitch for this particular functionality.
I have no affiliation with the developer, I've just found Little Snitch to be quite useful and thought I'd share (admittedly it's graphs aren't as nice as this app's).
Also not affiliated but I've been using Little Snitch for about 5 years now, and I can't recommend this app enough. It's the first app I install on a new OSX installation.
I love the app and what it represents. You have a great story and motive behind it. I'm +1 for a mac version as I think your work is beautiful. I'll share this with a few friends.
Super useful if you spend a lot of time tethering. Just set everything to "ask" and build up your whitelist over time. After that, you no longer have to worry about remembering to turn off your torrents, CrashPlan, etc.
There are windows design guidelines, most developers/ISV's adhere to them.
Another point: many companies don't want to spend any time or effort on design, as for most applications, it won't translate into additional revenue. I would argue that many customers don't even care what the app looks like so long as it works and they can figure out how to use it.
Also you don't want to have to re-learn how to computer for every single application you open because somebody got bored with the current state of design for a network traffic monitoring tool.
I agree. I hate how certain programs (e.g. Adobe Creative Suite) feel the need to re-invent UX paradigms in every new version. I 99% don't care how an app looks if it's useful.
I think in this case, there is a difference between UX and Design. They do overlap, but not completely.
UX is about the user experience - or rather, the user understanding the program.
Design is about the application looking good.
You can have both, or you can have either one, or neither.
The command prompt is a good example of the former - I'm sure we can all agree that the design isn't great, but functionality wise, it's doing it's job perfect. Giving commands to experienced users.
Perhaps it's my understanding of basic 3D programs, but I would point to 3D programs being the exact opposite, having a great design without a good UX. I always feel like I'm limited, in that I don't understand the millions of options. The programs themselves looks great, but I just don't understand how to use 90% of their functions.
Thanks! It was actually very difficult to make rounded peaks due to the way network activity tends to suddenly spike. Sometimes the mini graph at the bottom of the UI doesn't match up exactly with the top graph due to our rounded graph but we're improving it all the time.
I also hate the way spiky graphs look.
It might look good on "standard" resolutions but unfortunately it doesn't handle Windows 8.1 scaling and a high resolution monitor that well. For example the "Usage" tab is unusable for me with fonts cut off in half and labels to the diagrams unreadable.
+1 for the nice design of this app! But personally, unless the curves represent actual data points, I think they're somewhat disingenuous. Granted they look prettier than spikes but they give a false representation of the resolution of the data.
All software related to security should be open source. This particular piece of software doesn't sit at a crucial point in a secure system, but a greater deal of transparency would be appreciated. I personally avoid using closed-source tools for security purposes, and especially closed-source tools that are hoping to monetize. I use Linux, though, so I guess it doesn't really matter to me in this case :)
I would also say that calling home is a huge no-no for this software. I would seriously consider revisiting that choice if I were you.
> All software related to security should be open source.
That's a very common and dangerous misbelief.
Security products should come from a trustworthy source. Open source doesn't imply trustworthiness. If I were to screw you, I can very well do it with an open source product and pre-compiled binaries. Some people will rebuild from source, but a vast majority will use binaries provided assuming that since I'm all "open source" then I must be trustworthy. Hell of an assumption to make if I am not.
> If I were to screw you, I can very well do it with an open source product and pre-compiled binaries.
This is even easier to do to closed-source products, and if you're worried about security than compiling your own binaries is a pretty basic measure.
It is not just that open source software is inherently more trustworthy than closed source software.
1. It is more resistant to backdoor attacks (related to trustworthiness) and more effectively hardened. Fundamental to security is transparency. You cannot secure something if you cannot understand its attack surface; insecure undocumented features (ie the recent iPhone discoveries[1]) and binaries accidentally (or "accidentally") compiled with debug flags are only detectable if the source is available.
2. It is often more nimble and can respond to new threats which closed-source projects ignore. At my work, we were hit by as USB virus that McCaffe ignored despite our very premium support plan because it didn't exist anywhere else. This was before my time, but from my understanding it was a custom-tailored attack that was made in a virus creator -- a drag-and-drop not-so-advanced persistent threat. (Probably a prank or experiment; I work at a school.) If we used open source software, and the community shrugged at us, we could at least make our own signature. At it was, we had to bring the computers down one at a time, boot them into Linux, and run a script to delete the files and registry keys. This is the job antivirus software is meant to automate. I understand virus companies have a heavy workload, but what exactly were we paying for? With open source, you always get your monies worth. (For the software at least; open source support plans can still suck.)
3. Appsec is expensive, its not always something you can afford to pay for. If you aren't designing with security in mind from the start, its not just a feature you can build into your app. It will require pentests and likely a partial rewrite. On an open source project, theres a good chance someone will volunteer to close at least the widest holes. No one volunteers for closed source.
4. This is likely not a part of your threat model, but its harder to serve an open source project with a national security letter.
It's not just about screwing intentionally. Open source also helps with getting more eyes on the code. You need to be able to catch vulnerabilities before the bad guys or no amount of good reputation would survive. That is the primary reason for security software to be open source - reducing security by obfuscation and easy vulnerability check.
That said, all software is written and audited by a group of individuals. Ultimately it all comes down to trusting them. Even audits on open source software is done by a few individuals, so when using any open source security software, you are only really trusting them. Any sense of security more than that is a smokescreen. In that regard, I agree with you. Open source does not help with reducing risk of bad intention. That is a myth.
That argument is often repeated and also that often falsified, that Open Source is better because there are more people who have an eye on it.
I just want to mention:
— The famous Debian-Bug, which lead to easily guessable "random" numbers. Nobody reviewed that code change for years.
— SSL Heartbleed. Nobody reviewed the code change by that guy. Not even the maintainer reviewed it.
So the problem with Open Source is, as I see it, that everybody - from those who are experienced - thinks, that someone else has done the review. Which leads to the situation, that at the end of the day nobody does a review.
> SSL Heartbleed. Nobody reviewed the code change by that guy. Not even the maintainer reviewed it.
I think this is a blatant counterexample actually.
The code _was_ reviewed. It passed the review. This just shows that security is hard and that reviews don't always catch everything.
But the only reason that heartbleed ever came to light was that OpenSSL is open source. Had it not been, such a bug would have been much much more difficult to find. Yes, this is not instant, yes, it takes time and leaves people vulnerable in that time, but it did work out in the end.
If a similar bug were to exist in proprietary software, there's a good chance it would never come to light at all. Save for the extremely dedicated intelligence agencies who may have the people and desire to exert the effort to find it. That's who proprietary security software helps.
The Debian bug isn't a terrible example, but it simply shows that distro-specific patches aren't well reviewed, not projects in general. Most people who want to see OpenSSL code go to OpenSSL, not Debian.
Bugs happen, reviewers miss things or may not look in the right places. Open source does not mean secure by any means, it simply removes some requirements of trust of a sole entity and eases reviews.
It's a problem with the people who make that assumption. Not everyone does.
Just because you have examples of code that wasn't reviewed properly doesn't mean it applies to all open source software. I personally have my eyes on open source quite often, and I know many others who do. I also know we wouldn't have our eyes on it if it weren't for the source.
Really, software being open source doesn't make it secure. It's just a precondition that allows us to find out if it is secure (and fix it when it isn't). If it isn't open source, then we should assume the worst, as we likely have no other way of knowing whether it's reasonably secure.
So if it wasn't open source, how would you go about discovering Heartbleed? It was discovered independently by multiple people beacause it was open source - so contrary to your naive assumption, people are looking at these things.
As a (unworthy, since I happen to use proprietary software accidentally) believer in Free Software, I tend to agree, but since that's unlikely to happen, I'd say all security-related software should be at least fully auditable by end-user. That is, there must be either 1) some form of human-readable (i.e. unobfuscated) source code and means to validate the built binaries to match the provided sources or 2) means to easily decompile the binaries to a human-readable high-level language and study their behavior.
That is, one of the first things this GlassWire app did is connection to its home server. It openly admitted that itself, but nonetheless, why it did so and what kind of data (~200+ KiB, that's a fair amount that probably exceeds any analytic and update-checking needs) were transferred — I have no idea and I'm too lazy to figure out.
Thanks for your feedback. We'll try to add more transparency. The calling home is for software updates and it shows up on the graph, and GlassWire can even block itself.
Another simple fix: tell us who you are. The contact page is woefully generic and anonymous. Glasswire appears to be a company, more than one person. Where are you based? What's your background? Funding?
That may be the case, but it's still not acceptable in my opinion. Calling home to fetch a new database of malicious hosts and such is fine, but calling home for analytics is not okay. At the very least, clearly disclose it and make it easy to opt out.
Out of curiosity, do you have any security concerns about calling home for analytic or is it just you would prefer the privacy of not having your usage tracked?
If it's opt-in, I enable it. If it's opt-out, I disable it.
For me it's a matter of principle. That people politely ask is both an indication of trustworthiness and how I prefer things to be, so I try to help by enabling it.
It also depends on the way they ask. Mozilla Firefox for Android tells me that I should choose what I share, enabling crash reports and disabling telemetry by default. Even though the crash report is technically opt-out, they ask me in clear terms. I like that.
It's mostly privacy concerns, but also the fact that you use this software at all can disclose some interesting information to eavesdropping attackers. Most worrisome is just that it's not very well disclosed - most users just don't know it's happening, and it's not very well justified.
In a perfect world, all software would be open source. Our world isn't perfect so I just live with asking people to make their security-related software open source.
I must confess to using a few blobs for drivers, software that school wants me to run (for UML designing) and the occasional game. But overall, I'm pretty clean of closed source software.
I think you are conflating security advice with business advice. Obviously, you are not the target audience. I may agree with you on a technical level but on a business one I do not really agree.
The company that made this is: SecureMix LLC (est. 04/15/2014); aka Free Firewall Antivirus LLC (est. 10/17/2013); aka Blue Quail Capital, LLC (est. 06/21/2010).
Here is the corporate registration: https://mycpa.cpa.state.tx.us/coa/servlet/cpa.app.coa.CoaGet.... The person opted to use a CPA (EDWARD H. GOWETT) to register their LLC (looks like a nice guy: https://www.linkedin.com/profile/view?id=34375436). And finally, the man, the myth the legend: ANTON BONDAR.
It is a made up title from a big $$$ company to promote their new app, that's what's wrong in the first place.
How can you trust a company that uses a title like this to ultimately get you sign their licence and fetch your private data to make money out of it? This leads to being hacked with your own consent and that's why it is wrong and misleading.
Try install the app and read the license to see what they want from you and it all becomes clear...
There is no big company here and we don't even have an office. I currently have no ownership in any other businesses or products. Your graph data is never sent to our servers. We plan to make money via a paid software version with more features, for example the ability to monitor multiple remote servers. I agree that it wouldn't make sense to have a product like ours that collects user data.
My name is Jon Hundley. Anton is my cofounder. I founded ManyCam also with Anton and it was acquired last year. We need an "About" page on our site. GlassWire is now my only project. https://twitter.com/hundley
Honestly, sorry about that Jon. I wanted to bring some transparency where there was none, and this seemed reasonable to actually share some concerns (and I don't consider this "doxxing" or whatever that other guy said, more like "googleing over coffee"). I did install your app and it is great! Coming from using the flow tool argus (part of the CALEA collection toolkit), I always thought that analyzing flow/connection data was the next frontier in client/end user security; and sure enough GlassWire does just this! It is true, however, that further transparency would be good. I suppose that just comes with time. To keep it simple, this app being free really just makes me wonder what the catch it. So, what's the catch? :) I use Ghostery and that catch is pretty obvious.
We'll about the catch part, they're pretty open about that on the front page. They intend to implement new features just for paying customers. Over time I'm guessing the business value of the free product will decline while the paid one will rise.
I got hacked, felt paranoid, made an app... Yeah right!
This app is not a one man show! This app, with all it's license stuff, backdoors etc.. all ready to know a lot of all your network traffic going in and out, and you agree upon all this when you install it. Now YOU got hacked! Or do you think the app will also show in detail what data they store and share on their servers and third parties and more?
Surprise HN; I'm trying to grasp why this is upvoted so high (1) This submission has a reddit style storified title but doesn't link to the story (2) Uses the word "app" , to catch the mobile crowd, which for Windows wasn't used traditionally (That also explain the top comment, which is about aesthetics) (3) seems to suggest the problem is solved the first time, despite the fact that there are dozens of similar apps, commercial, free or open source.
It is the best looking and best presented Windows app I can remember seeing. Can you show me a single app with similar functionality that is presented as well as this?
Why is that relevant? _diminish_ points out misleading marketing in the HN post title. It aggrevates me as well, even though the presentation on their web site is nice and all that.
_edit_: I can see that your post is relevant with regards to (3) - "problem solved for the first time". They may have some features that no others have, such as alerts. There are many similar apps though. One example: Netlimiter http://www.netlimiter.com/
Not to mention, this kind of app does us no good. Its another little snitch clone. Joe End User isn't making heads or tails of this. Why would he want to?
What I want is a simple no-worry IDS/IPS I can install on easily on Win or OSX machines. Have it use the rules Snort uses. Make it dead simple to install. Now I don't have to spend hours digging through logs or graphs by apps like these. The IDS/IPS just stops hackers from entering. I'm a sysadmin and I run IDS and its a game-changer for us. Yet somehow in the home user space, its non-existant.
No idea on how bad the licensing on those Snort rules is, but a 1-click WinSnort that auto-updated itself would be a game changer. I find it amusing that everyone lives in fear of Cryptolocker when a simple rule can detect Cryptolocker traffic and deny it access to the mothership to generate a key. No key, no encryption.
I could see this evolving into a smart firewall type app on top of these static rules. It could say, "Hey why is guy downloading an unsigned exe from a computer on the botnet list? I'll block that." Or "why is this guy sending out suddenly smtp connections to thousands of servers. I'll just block that."
For me, I don't think that applications like this are targeted at "Joe End User" more at technical people who would like more information about what network connections are happening from their machine.
Personally I've been looking for a little snitch equivalent for Windows for a while now and this one seems like a good starting point.
I think that the problem you might have with IDS/IPS for end user machines is similar to the problems that end users would have with this kind of software. Namely when it blocks/alerts it's very hard to translate the reason for the block (a SNORT rule) into something that's meaningful for a non-technical user.
the alternative is just to silently block, but that leaves the user with a problem whenever there is a false positive (which is a fairly large problem with network IDS/IPS in my experience)
You could say the same thing about AV software. Just log events in a tray application. False positives are simply going to happen. They happen with everyday AV. Well written rules won't have this issue often and for end users it'll be edge cases they don't have to worry about. If it is a serious case they can call their tech savvy son for help, just like they do now with all other issues.
I'm all for caution when it comes to installing software, but it seems in your comment that you're suggesting that this software is actually malicious.
Do you have any evidence of malicious intent/execution from this software, or this just your presumption based on their marketing?
Can anyone explain why the Qt DLLs are offset in size? I compared them to Qt 5.3 and even replaced them and app works fine with original Digia compiled versions. Maybe it is the digital signature? I just recall a trojan people used before by re-compiling the Qt Libraries with malicious intent.
Beautiful app, I looked at the Privacy Policy on the site & breezed through the Install legalize and it doesn't seem to include specific network traffic information being relayed back to remote servers in anyway (I easily could have missed this), can you confirm that you guys are not collecting network usage statistics from the app?
We absolutely can't see your network data and we don't want to see it. GlassWire checks for software updates and that network activity appears on the GlassWire graph. If you block GlassWire via its own firewall then you won't know about future updates.
Holy hell, this was the app I was looking for for a long time! It does exactly what I want it to do and does it beautifully. Thank you! I'll be happy to pay you when you provide that option.
By the way, I'm surprised this isn't a default feature of OS'es. I always thought knowing exactly what apps are talking to the world and how much is something one would like to know about.
FYI, Task Manager on Windows now has an "App History" tab which includes both CPU and Network usage. OS X provides similar functionality in Activity Monitor.app.
I developed the need to know what's talking to the world when I used a mobile Internet connection with a limited plan (16GB/month) (long story). In such situation, one wants to account for every single megabyte being used.
Not really a default, but under Ubuntu I always setup the system load indicator, sits in the top bar, nice little colored charts of CPU/Mem/Network/IO. After a while you notice when something unusual happens. I used nethogs to check which processes use the network but I'd like to see such a nice gui to track network usage.
This will probably stop some drive-by hacking - great. But my understanding from some well informed people, is that increasingly rootkits can hide their network traffic.
So, whilst this will add piece of mind, you'll still need to maintain security - because all this will really do is let you know you've been "hacked" again. Sure, it may prevent the dropper from connecting out - but often that would look like Flash or Java just connecting out to a random host.
As someone who got hacked, and installed NoScript, I'm amazed at the number of hosts that even mainstream websites connect out to. I struggle to stay on top of my whitelists. I just don't think you're going to see the dropper in time and stop it.
You have to declare that the app is "DPI aware" in the manifest and implement few things that go along with that promise. Just google it, it's fairly simple.
While I got you here, can I ask how many people worked on this and how long did it take? Just curious.
Bug report:
After few hours of installing the app. I got a blue screen KERNEL_SECURITY_CHECK_FAILUR which repeated 3 times.
I removed the app from the start up list and disabled the windows service. now everything is back to normal.
System: Win 8.1
I don't see it anywhere on your site, but have you passed (or at least tried) Windows Logo test? That coupled with driver certification kit can show some warnings. It's costly to get signed driver and certified product, but you can just run the tests for free and see if everything is OK.
I know some have mentioned white/black lists, but in addition to known malicious stuff, one feature that might be really helpful is a known list of what connections are used for, or processes/executables.
i.e., "spynetus.microsoft.akadns.net" could have some clearly Glasswire edited note that said something like "Used by Windows Defender". You could even add a +1232 Safe/-12 Unsafe that linked to a crowdsourced/forum sourced "what's this" registry. Sort of like reviews on processes or hosts.
This is brilliant! Windows users are seriously in need of an authoritative source for information like that. Especially since the URL you mentioned looks just like a phishing site that pretends to be Microsoft and distributes spyware.
Search for any common Windows service or .dll filename, and you'll get dozens of forum threads where people who have no idea what they're talking about try to figure out whether it's a normal part of the OS or the worst virus ever. These are the same people who open Task Manager every day and blindly kill everything that they don't recognize. (Doing so does tend to make Windows run faster, which reinforces the impression that svchost.exe was indeed a virus.)
I will let them know, thank you! GlassWire is kind of like "Little Snitch" in the way that it shows you everything and lets you make your own decision on what you want to do, but we also add in some extra protections like malicious host alerts, ARP spoofing detection, DNS server changes, Host changes, and we let you know about changes to your applications that are accessing the network. For example if Chrome's certificate is changed or it's updated you should be alerted. Unfortunately nothing can stop trojans/viruses but we hope GlassWire helps some.
Beautiful indeed! Only tiny stray semi-colon: "Our Windows network security monitor also looks for; domains or IP addresses..." I wouldn't mention it but for that fact that attention to detail is clearly important to you judging by the design of both the site and the app!
Surprising really it has taken so long to get an app like this on Windows. I've been using My Data Manager[1] on Android for a the previous 2-3yrs.
The closest I've gotten on Windows up to this date is CFosSpeed[2] in traffic shapping = off mode + process explorer. There have been other apps that attempted to present the data, however none have done it like GlassWire.
Looking forward to the paid version, this is awesome :)
Beautiful. I can easily see using this regularly on my Windows machines.
Some items:
1) It'd be nice to be able to scroll around directly on the graph using mouse gestures (middle-click drag?).
2) Graphing of bandwidth seems to be off somehow. If I do a speedtest.net, my ~104Mbps transfer shows up on the graph as 38 Mbps and the graph scale shows a max of 20 Mbps. http://imgur.com/QkZMVvj
I use Speedtest quite a bit and I think they estimate your speed via a system that doesn't require you actually hit their transfer rate. I could be wrong though... we'll look closer and see what's going on there.
I agree dragging right/left on the graph would be cool. Thanks for the complements and feedback!
The graph shows a discrepancy when downloading from other sources as well. Steam is reporting 4MB/s while GlassWire shows around ~3.3Mb/s (hard to really estimate).
Also, the Apps tab under Graphs says 250Mb for Steam. I have no idea what this value is supposed to reflect. Similarly, the Traffic tab shows a similar value (but slightly different value) for HTTP traffic which Steam is the only user of right now.
Be great if there could be the data rates / current speed on the graph > traffic view. That's one thing I am missing - takes too long to figure out which app is doing something.
I actually just signed on to HN to comment on this news. Great job, first of all for a good solution to a real problem. Next, great design: finally an application that does not pale in comparison to its Mac counterparts.
> GlassWire keeps an up to date list of known suspicious hosts and alerts you if you contact one. Suspicious hosts are often related to botnets, malware, and other malicious behavior
How is this implemented exactly? Does the app phone home? Does it do some sort of RBL check (if so, against which servers)?
GlassWire checks for software updates and also does an RBL check. You can see it on the graph and block GlassWire if you want, but then you won't be alerted to new versions and your malicious hosts will become outdated. We don't list our malicious host list sources but I guess we could, I'll have to think about it more. We don't get the hosts from our users or access any user data at all. Your graph data is private on your machine, unless you set up our remote monitoring feature and that data also never goes through our servers at all.
Sorry, I should've been more specific - does your app talk to your servers when it's up for reasons other than checking for updates? If yes, is there a way to switch it all off?
Really great work! I installed it yesterday and I have to say that I like it. It's different from most AV/security products in that it is very low-profile -- probably because it is intended for a more technically-inclined audience. It doesn't bother you when you try to do stuff, it doesn't really spam notifications, and it doesn't nag you to buy useless shit.
Is there any way to opt-in to share network stats? I, personally, would not mind and I think it would lead to a stronger product.
Here is a small suggestion. I actually didn't know I could close the tray notifications. When I looked closer at the notification, I saw the X in the top right corner. The X looks just like the background; maybe you should make it a little darker or somehow add more contrast.
Also, I think I may have discovered a bug. GlassWire thinks that Microsoft Word has transferred 253.7 MB, when it was actually Microsoft Silverlight (I was watching Netflix and had MS word open for a while). http://i.imgur.com/84qFF42.png
Our firewall uses the Windows firewall system so it doesn't add instability to your computer. I was afraid it would sound kind of lame to talk about the awesome firewall when it's more of a firewall manager.
I think the monitoring feature is the most useful thing because you can go back in time and see your network activity for up to 30 days, or of course clear your history if you want.
For Mac there is Little Snitch but for Windows I haven't seen anything that has a "network time machine" like we have and also gives notifications like we do. The way GlassWire organizes the data is kind of unique.
I made this application for myself due to my own paranoia.
Would you or others care to share the story of how they got hacked?
The only time I've been aware of getting hacked, my friend handed me his computer and said, "You're a nerd, find me a live pirate stream of the Big Game. Quick, people are coming over!" Friend may be too strong a word, but I gave it a shot even though I thought it hopeless. I went to some sketchy pirate sites, and I clicked on a link. A popup launched, and immediately there was an error; "Shockwave has crashed."
"Do you install updates?"
"No, why?"
Another time, my brother was lamenting that he couldn't take pictures with his phone because his SD card broke. I never used mine, so I pulled it out and handed it to him. A few days later I had to get some information immediately and the only device available was my phone. I was on a website and an error popped up; it was to the effect of "Can't download someapp.apk because you don't have an SD card."
I know saying just 'Wow, what a beautiful, useful app' doesn't really add much to the discussion, but it's all I can muster.
Beautiful app. Amazingly designed. Insanely useful with zero configuration. Would love to pay money for this, especially if you can bring this sort of zero click usability to a LAN environment.
ITT: people care way more about the superficial qualities of security software than, ya know, security.
This looks way easier and prettier than open sourced NIDS and HIDS like snort and OSSEC, and I think that's why I'm supremely skeptical they hired enough security people versus frontent people.
GlassWire isn't a replacement for an antivirus. I think the only way to see all network activity is by tapping into the wire itself. I made GlassWire to give myself an easy way to see what my computer was doing in the background but I do understand there are always going to be ways to bypass it along with any other application.
I'm not sure you are clear on what distinguishes a host based intrusion detection system, network based intrusion detection system, and antivirus. The feature list you are advertising sounds like a NIDS and HIDS, well known security software used in any secured network. I realize your software isn't antivirus like Norton or ClamAV. I am suggesting you might not be familiar with popular open source software that seems to accomplish your same feature set that large companies often use.
Intrusion detection systems are in a different business. They use stats or fingerprints to flag bad traffic/behaviour, then log alerts. Glasswire is an inspection tool to see what apps are doing net traffic wise on your computer.
Beautiful! And just a future feature request for the paid version: Would it be possible to limit the bandwidth allotted to an individual application? I know it's a monitoring tool, and that would be more of an administration tool feature, but I think it could fit in with the concept.
Beautiful UI! Just curious: why not block connection attempts from new programs automatically? By the time a user has noticed and blocked future connections, it may well be too late.
On a related note, I recently tested a number of firewalls for Windows using Comodo's HIPS and Firewall Leak Test Suite[1]; the only one I found that passed all tests with virtually no setup or changes was SpyShelter Firewall[2]. Not an endorsement by any means, just an observation.
I use Little Snitch on my Mac. I found myself just "allow"ing everything all the time anyway. I think most users just get used to pressing "OK" and stop even paying attention to what they are agreeing to. I know I get lazy and do that myself. Instead I wanted to briefly alert the user and let them make their own decision, then we also added in some malicious host monitoring and other features to help. Users can use our "network time machine" feature to go back and time and see exactly what happened in the past. I haven't seen another product that does that.
Have you tried using Little Snitch along with Privoxy?
I find the combination works very well. You get two ways to block things
(Little Snitch rules and Privoxy rules) and because Privoxy is so easy to
restart you can make "Deny" your default behavior since if the site doesn't
show properly, just restart privoxy and hit refresh.
Great looking app btw. Haven't had to work on a windows box in a long
time but if I do I'm definitely going to try this out.
I believe the point is not being a firewall, but rather let the user know what's going on. Firewalls may cause all sort of problems for the common user by blocking by default, and still don't reveal privacy violations (e.g., whitelisted applications generating traffic at unexpected moments).
Looks pretty but I dont know how well this will help with detecting a compromised system. Once a system has been compromised cant it lie about its network usage?
Yes a system can lie about its network usage. I answered a similar question below, check this link https://news.ycombinator.com/item?id=8223296
GlassWire shouldn't be your only security tool.
It was a piece of security software modeled after OpenBSD's pf firewall which let you define policies around network, file, and registry access for applications. You were able to setup really fine-grained policies as well, for example to only allow access to the C:\temp directory for list and read access, but to deny delete access, and to ask the user to accept/reject if it tries to open a file for writing.
So instead of monitoring access after the fact, CoreForce let you actively grant permissions and would either silently deny or interactively prompt you when an application went outside the resources you granted.
I don't think that's even possible. The best you could do is analyze a program and see if it does things that are "suspicious". Otherwise it's just going to match known binaries/strings.
It'd take an amazingly complicated scanner to detect if GlassWire was, for instance, capturing your DNS requests and sending them somewhere. Or allowing updates to get loaded into its process space. I'd guess you'd need a nearly general AI to determine if any program is malicious.
Not to be a downer, but I don't see how this is any better than a real firewall like Comodo.
If you cannot block new connections, it is likely the valuable information on your computer has been siphoned off, or glasswire bypassed before you noticed it on those fancy but useless graphs.
Impressive software. Simple (looking, and to use) and beautiful; but with plenty of technical depth/value. I've been running it on my machine all day, and plan to roll it out to others in my local network.
I'm definitely curious to see what the paid features will be...
Shamelessly bikeshedding, since I can't use the app until you have an OS X version, but would be nice if it could query my router via SNMP to get whole-network usage.
That's what I currently do via NetUse, but this looks quite a bit better.
+1 on this, it's tricky to find a good SNMP monitor with the right MIBs for ADSL modems. (I hate SNMP, I once had a router I could crash with snmpbulkwalk)
Great app! Serious question: why hasn't something like this become a standard app if not OS feature? It is something I have always wanted. Want something similar for Android phone too.
This is excellent - I was looking for similar functionality just recently in the Windows networking system. I look forward to seeing what the paid features are!
Here's my minor feature request (I'm sure you'll get a hundred or so today) - how about a config setting to turn on an automatic virus scan of the executable on first network activity? I imagine this would not be enabled by default for performance reasons, but I'd like to run it this way for a few days before reverting to default settings.
ejp, you can manually do a virus scan of an exe on first network activity. Click the desktop alert then mouse over the file name and click "virus scan". This uses your own antiviruse software, not ours. Therefore if your antivirus is not up to date your scan won't be. We also thought about adding a virustotal.com upload there. Maybe we will add this as an option that's turned off by default. I worried that some users may complain about too much CPU usage. Thanks for the feedback/compliment!
That used to do almost exactly the same as glasswire is advertising, 10 years ago. It died in 2005 when symantec acquired the company and killed the product.
Doing this generically is a hard thing. I'd say pull apart http://netusage.iau5.com/ and see how that works. I feel like ISP usage APIs are mainly an Australian thing (and some of those will work via screen scraping).
Supporting Telstra, TPG, Internode and iiNet would get you a large number of Australians, but I have no idea how you'd do the same for Comcast or Time Warner Cable.
Contact details are in my profile and I'm happy to be a guinea pig for this kind of thing.
---
maybe related...
I remember when switched to linux some years ago, the software I really missed was ZoneAlarm and still haven't find a nice alternative (for fast and easy control of the outbount(!)/inbound net trafic). I liked that I could block and unblock the internet access of each application from the systray icon.
Any suggestions?
What I would like to have:
1. a notification in real time:
"Application FooApp tries to access internet (ip, port, etc)" and options like "Allow Now | Allow Today | Allow Always | Never Allow" (in the gui...)
So I will get informed that an application is starting to send data.. and I could block it.
I think it's much easier to set the filters and k control list for the applications while you are using the pc rather than setting them up all at once.
2. "Internet & Bandwidth Usage Monitoring" similar to the Glasswire screenshots. (Stats, Application List that access the internet, hosts, etc) and feature to block with a click some of these (apps,ports,hosts) or all
You can use your VPN with GlassWire and it works OK but we haven't tested in detail. I used GlassWire with my own VPN and I didn't see any obvious problems so far.
I just tested GlassWire with OpenVPN on Windows 7 64-bit. I get an instant bluescreen as soon as the GlassWire driver is installed and started and OpenVPN is connected. The order doesn't matter, as soon as both applications are active, boom. Please investigate. I had to manually remove the driver, because the bluescreen occurred during installation and corrupted the deinstallation routine.
Awesome thanks, I'll have to check this out tonight! Just a feature that I'm thinking of right now that would be nice is if it alerted you that your VPN dropped or was disconnected.
Yep, I second that feature request. My OpenVPN connection with redirect-gateway enabled sometimes looses its route definitions and suddenly all my traffic goes directly to the internet instead.
I wish there was something like this for my wifi router (or in the Tomato Firmware) because that way if there is a malware in the phone, or my laptop I can immediately know about it without installing this on each device.
Also I hope it has list of known malware hosts for which it should give a huge red alert dialog if a connection is made to it.
I agree. I wonder what the best way would be for GlassWire to tap into the majority of routers? If you have some ideas please let me know. We're still investigating.
Isn't the best "trojan" horse that one, that comes as a security programm?
I'm always afraid, that software programs that aren't open-source steal sensitive data from my computer and upload it to the web. I experienced, how easy that is and no user ever knows, especially on MS Windows.
This is really pretty, but I don't use anything in this vein except for Spybot Search and Destroy. I wonder what other HNers are think about that: am I asking for trouble? I haven't had any problems in years. I'm a Windows user, and I run SS&D every month or so (I don't run the resident process).
This looks brilliant and is badly needed on Windows. However the fact that it's free gives me pause, especially since we're talking about privacy software that is not open source.
What usually happens with freeware like this is that it becomes adware or dies. I think you have enough features to charge for it now.
Thank you! The bottom of our index page explains that we plan to make a paid version with more features in the future. We're working on a list of paid features. I don't think it would be appropriate for a privacy type application to include adware so please don't worry about that.
As long as you keep the main functionality free - because more people need to be using this sort of app, and I feel having to pay would be a pretty significant obstacle.
I am not able to connect to a remote server. I don't know why!
This is what I am doing:
1- Allowing server access in Server tab in Settings on one computer.
2- Trying to connect from another machine using the credentials.
I am not able to connect. Does anyone else face the same issue?
I haven't installed the app, so I don't know if this is part of some alert functionality, but why are there Twitter and Facebook API links in the code? https://i.imgur.com/QPIYUfQ.png
You can post your graph to Facebook or Twitter if you want to (completely optional). Check out the hashtag #GlassWire on Twitter. Some people have already posted some graphs. We have no relationship with Facebook or Twitter.
I just installed this on a Surface Pro 3. First off great app, but just wanted to give you a heads up: The icons in the taskbar and notification area are blurry due to a HDPI screen. A good portion of the interface is cut off or broken likely due to scaling issues.
It doesn't seem to do what it says.
According to it, Outlook initiated it's first Network connectivity just now. A point in time where I had already sent and received mails for some hours.
At least it so much better looking than other windows apps…
If you check the final installation window it warns you that you should reboot to catch all ongoing connections, but we plan to improve this in the future so a reboot isn't necessary. We didn't want to force users to reboot because I think that would suck.
My mistake, but you should at least make that information more visible. Unless there is a yellow or red sign, or some box to check the readme I do not assume installers will tell me about important things in the post-install window.
While this is great for certain types of attacks, I wouldn't be surprised if the really smart attacks try to fly under the radar, by distributing traffic and activity. Does this app somehow help detect that?
Minor nit, not everyone has their notification area at the bottom right of the display (I use a vertical taskbar on the left). It'd be neat if the notifications showed up near the notification area.
really love the color scheme and design on your website. sorry I don't have any more relevant feedback to add. I deal with colors, UX and UI all day long and this was refreshingly lovely.
This has been an application idea I've been wanting to build for a long time, but not having much networking know-how when it comes to these things, I put it on a to-do list.
We're working on a Mac version. Also I agree Little Snitch is cool.
We concentrate more on visualizing network activity and we have a "network time machine" feature our UI allows you to go back and forth in time. Also I don't like how Little Snitch always pops up those alerts. I wanted the user to see the alerts but not have to always "OK" every little network activity. I felt like users tend to just press "OK" all the time anyway...
Downloaded it, love the idea and UI. My only niggle about the app now is that it could use better support for hidpi (the text is a bit jumbled). Other than that, great work!
This is awesome. I would be happy to pay for your upcoming "pro" version. Do you already have an in-app mechanism that will warn me when this is available?
It should show the app that connected, not just IE. Is it only showing IE for you over and over? If so it must be a bug. Please report it to our contact page.
greenwalls, thank you for a lovely looking product. It is definitely a keeper even this early in development. I'm looking forward to seeing it grow.
I've encountered an issue with the Anti-Virus scan function. I'm using Symantec Endpoint Protection (SEP) and the SEP logs indicate that GlassWire does not perform any scans what so ever. A response to this would be greatly appreciated!
other than that am gonna say what everyone ELSE is thinking, Security + Microsoft, give me(us) a break, last time i checked the word security does NOT exist in Windows
am surprised how THIS made it to the top of HN, probably has something to do with those users who were defending IE's developer tools ;)
considering you are also monitoring physical changes to the box (network interface changes for example), would it be within scope to monitor workstation locking/unlocking and hibernation? same question with removal/addition of plug-and-play devices (HDDs for example)
Instead of monitoring locking/unlocking we monitored idle time instead. You'll notice the graph turns shaded when your computer is idle so if you see some strange spikes you can go back in time on the graph and investigate.
Thank you. We will test with that theme, thanks for the details. My CPU is nowhere close to 2% when GlassWire is minimized and I have an older PC with 8.1. Please send details if you have time via email or our forum. GlassWire checks for software updates. If you block GlassWire from accessing the network then you won't hear about new versions.
The only true network data is via some kind of tap on the actual wire. We're considering adding a plug-in so you can do that but there are so many awesome tools out there for that already I'm not sure if we should. GlassWire is for everyday users to understand what's going on with their computer. There will always be ways to bypass the OS but I think GlassWire will still help in many situations.
The only true way to fully monitor the network is by tapping the actual wire. We started off wanting to make a malware tool but we found it was not reasonable so we tried to add more network monitoring and privacy features. The GlassWire software does look for malicious hosts and other changes to the system that could indicate malware but of course without directly monitoring the wire there is no way to see everything your machine is doing on the network. GlassWire works with your antivirus and is not meant to be an antivirus.
The graph visualization is prime, and I love that the peaks are "rounded" out instead of sharp declines (sharp declines would make it look more like a live stock ticker).
Extremely well done, and exactly something I have been looking for. I will keep an eye out for the Mac version.