Reply to thread

Message

<blockquote data-quote="ForgottenSeer 97327" data-source="post: 1015788">[USER=56053]@bellgamin[/USER]In Windows-XP era, a decent firewall had to deal with all sorts of intrusions to prevent &#039;trusted&#039; applications being a mule for malicious code. That is why Comodo Firewall always scored best in firewall leaktests, because it had a full fletched HIPS. Today even the Grand Lady of MT and WS advises to disable the HIPS of Comodo Firewall with Cruel Sister settings, because there are simply to many &#039;sponsors&#039; or LoLbins which could be used as a mule for malware seeking outbound connections (and containment of applications when they are trying to get in at first launch is a more effective approach than a HIPS trying them to stop them going out).When Glasswire first appeared on WS, I used it for a while and what I can remember that it checked outgoing applications on VirusTotal. The effectiveness of this check depends on whether Glaswire repeats this check every time a program tries to go outbound (I used the free version, so don&#039;t know). When Glaswire&nbsp; has a setting to trust applications, my guess is that these applications are NOT checked again at VT, but simply allowed. This would make Glaswire blind for applications being misused as mule or piggyback for malware going outbound.Bottem line: I fear a real world test with staged attacks would show Glaswire to be of little use. I think the benefit of Glaswire for corporations is that IT-managers are able to track which applications have a lot of outbound traffic (to prevent employees leaking information or hostile third-parties to steal information). I think it is designed as a data usage monitor to discover information-theft/leak, not as intrusion prevention tool.The name glasswire also indicateds that it shows (glass = transparent) what goes over the wire.</blockquote>

[QUOTE="ForgottenSeer 97327, post: 1015788"] [USER=56053]@bellgamin[/USER] In Windows-XP era, a decent firewall had to deal with all sorts of intrusions to prevent 'trusted' applications being a mule for malicious code. That is why Comodo Firewall always scored best in firewall leaktests, because it had a full fletched HIPS. Today even the Grand Lady of MT and WS advises to disable the HIPS of Comodo Firewall with Cruel Sister settings, because there are simply to many 'sponsors' or LoLbins which could be used as a mule for malware seeking outbound connections (and containment of applications when they are trying to get in at first launch is a more effective approach than a HIPS trying them to stop them going out). When Glasswire first appeared on WS, I used it for a while and what I can remember that it checked outgoing applications on VirusTotal. The effectiveness of this check depends on whether Glaswire repeats this check every time a program tries to go outbound (I used the free version, so don't know). When Glaswire has a setting to trust applications, my guess is that these applications are NOT checked again at VT, but simply allowed. This would make Glaswire blind for applications being misused as mule or piggyback for malware going outbound. Bottem line: I fear a real world test with staged attacks would show Glaswire to be of little use. I think the benefit of Glaswire for corporations is that IT-managers are able to track which applications have a lot of outbound traffic (to prevent employees leaking information or hostile third-parties to steal information). I think it is designed as a data usage monitor to discover information-theft/leak, not as intrusion prevention tool. The name glasswire also indicateds that it shows (glass = transparent) what goes over the wire. [/QUOTE]

Verification