Using Glass Wire, A Free Windows Firewall & Security Tool
About a month ago one of our team found a security product we have since used to solve a few mysteries on Windows boxes. Glass Wire is free firewall and network monitor with a clean user interface. It may be the cleanest and easiest way to great information on that Chinese IP address your computer is sending data to. Glass Wire provides a user with information on:
Visual Network Monitoring: See what apps are using the network, how much they are using, and when. Resolution of the remote computer is automatic so there is no need to copy/past IP addresses out of the logs and into a resolver.
Internet Security: Know who and what your computer is communicating with. Glass Wire has also incorporated a toolbox of network security tools providing file change detection, device list change detection, app info change detection, ARP spoofing monitoring, and alerts when your computer is communicating with an IP address that is known to be hostile.
Bandwidth Usage Monitoring: Glass Wire lets you know total bandwidth used and what applications, traffic, or hosts are bandwidth hogs.
Internet Privacy Protection: See all your network activity and what apps are sending data to where on the internet. Glass Wire allows you to see shared connections of the web sites you visit so you know who else is getting your browsing information.
Firewall: Each time a new application requests to access the internet you will receive an alert from Glass Wire that lets you choose to allow the app to the net or not.
Discreet Alerting: No worry about hordes of pop-ups to close as your do your thing. Glass Wire lets you snooze alerts so they won’t bother you. You can review alerts later with ease.
Best of all you can set up multiple systems and monitor them remotely in the Glass Wire interface.
But enough about what it can do… Why does Protocol46 care? Well, aside from a easy tool to keep grandma’s computer clean and monitored remotely (sorry gramgram… 🙁 no time for cookies today) we want to know how good is it as a forensic or clean up tool. In the case of forensics you are going to have to install Glass Wire on the system, so you will lose the integrity of the system for evidentiary purposes. If you are just doing a destructive forensic assessment looking for malware with reckless abandon then slap this bad boy on because it will get you answers fast. If you are working to clean up a Windows system that Uncle Bob loaded with malware this will help you make sure its all off.
Additionally, when something new is detected that you have no idea about you can upload the exe file that Glass Wire found to VirusTotal (VirusTotal.com) and get an answer if it is friend or foe.
All this is great! What’s the catch?
Glass Wire is free… as in kittens. So there has got to be a catch. Glass Wire is also close source so we are now naturally made suspicious of what else may be going on. We currently have a Glass Wire loaded system talking through a packet capture in the Protocol46 Labs. Stay tuned for what we find!
In the mean time if you want to try this puppy out for yourself go to https://www.glasswire.com/ to download your own copy.