First look at Portmaster, an open source cross-platform network monitor
Portmaster is a free open source cross-platform network activity monitor that is available in an early version for Windows and the Linux distributions Ubuntu and Fedora.
Portmaster combines traditional network activity monitoring with additional features, such as the option to enforce the use of secure DNS or the automatic blocking of advertisement, trackers and malicious hosts using filter lists, which are commonly used by ad-blockers.
Portmaster is free to use, which usually leads to the question of how development is financed. The developers behind Portmaster reveal information on that on the official project website. Basically, what they plan to do is use a freemium model. Portmaster will be free for all users but extra services, a VPN is mentioned specifically, is available for users who sign-up for it. Money is earned through that, which is used to finance development.
Portmaster: first look
An alpha version of Portmaster is available for Windows and Linux. It is released for testing and development purposes at the time. Alpha software may include bugs and issues, and should not be installed on production machines.
The development team notes that the alpha tag is "more about missing features than instability" of the application. Planned features for the first beta release include importing and exporting options, support for custom filter lists, cryptographically signed updates, and a full-device network monitor.
Installation is straightforward on Windows; a reboot is required to complete the installation process. The interface is well-designed and modern. The main page lists recent network activity, including the total number of connections, and the percentage of allowed and blocked connections.
A click on an application or service in the network activity listing displays details, including name and path, and information about each connection that was made in the past.
Each connection is listed with the target, whether the data was encrypted, the IP addresses and countries of the IP addresses.
Settings can be defined for each individual application. Besides blocking all network activity, users may modify several connection specific options. To name a few:
- Switch between default network actions: allow, block, prompt.
- Block Internet or LAN connectivity.
- Block P2P/Direct Connections
- Block incoming connections.
- Configure outgoing rules.
- Apply filter lists, e.g. ad and tracker blocking, malware hosts
All of these can be defined globally, so that the preferences apply to all applications and services by default. Override options are available for individual apps.
The All Apps section lists all applications with current and past network activity. A search feature is available to find apps quickly in the listing. You may select any application or service to modify the default networking behavior.
The premium feature SPN, Safing Privacy Network, is also included as an alpha version. The service is inspired by Tor, as it routes connections through several network hops for improved privacy. The core difference to VPNs is the multi-hop architecture. Some VPNs, NordVPN for instance, support multiple connections as well, but these are usually not designed to hide information such as the destination from each other.
Closing Words
Portmaster is a promising network monitor: it is free, open source and available for different platforms. Windows and Linux versions are available, and a Mac version is planned for the future. The interface is well-designed, and while some features are missing, it is functional already.
It is too early to tell how it will stack up against other network monitors and firewalls such as Glasswire, Windows Firewall Control, or SimpleWall.
Now You: do you use a third-party network monitor or firewall?
Just tried to install portmaster on an offline system.
The installer tried to load (300MB) from the web, so it aborted the installation.
But the installer created an autorun and a startmenue entry
(I think theres more “crap” on my system,now)!
People have happily used Portmaster to install ports for many years, but I guess it’s a time of reinventing! And all the good names are used up, apparently.
I never use alpha software, and not much beta software. Usually not worth the headache.
I’m stupid. I made a mistake and installed this on my remote machine. It blocked everything on first launch. It didn’t even prompt for white/blacklist mode. Now I’m blocked out until I can drive over and allow my remote client through it.
“It is too early to tell how it will stack up against…Glasswire (sic).” True.
But one would need to allow GlassWire’s trial to expire in order to stack it up to the free Portmaster. As GW’s firewall would be disabled, there would be no comparison for that function.
Free GW details, third question down:
https://www.glasswire.com/faq/
The security features mentioned are, but not limited to “system file change detection, device list change detection, app info change detection, ARP spoofing monitoring,” “communicating with a known IP or domain threat,” “RDP connection detection” and WiFi Evil Twin Detection®.
GW’s full run down:
https://www.glasswire.com/features/
Granted, GW gets $39 USD for a single PC yearly subscription. A free Portmaster will then have that as an advantage.
I’ve been using GW ever since it came out, spanning eight Win7 and Win10 PCs. Currently I have the Elite version, purchased when a lifetime license was offered to long-time customers. I’ve used the Android app since it came out, too, in free mode (no firewall, I use AdGuard for that), spanning four google devices (aka “phones”).
Cheers.
Any real features besides blocking the same other firewalls do and show statistics in a ‘pretty modern interface’? (it is not pretty, it actually looks bad and simple).
for example, does it uses its own driver? if it is a yes, does that mean it filter or will filter svchost so you can really fine tune your blocking needs? what about support wildcards in program path names to allow or deny a folder and subfolders? what about automatically allow subprocesses? what about rules that you can be grouped and scheduled?
I mean, all the firewalls you mentioned are either an overpriced pretty interface like Glasswire that doesn’t add anything special, WFC is just a front end of Windows Firewall which is bad because Windows Firewall will automatically allow outgoing connection for Store apps you install and that can’t be blocked once you set Windows Firewall to “Block” the outgoing connections.
Yeah you can “protect windows firewall” but WFC is slower, it reminds me how nice the features and interface were from Private Winten but it was so slow and it had the same issues by being just Windows Firewall skin.
Simplewall is okay, but too simple since it uses the same WFP features, so it is not a skin but it has the same features pretty much as Windows Firewall.
The best firewall some years ago was Tinywall but now Fort Firewall is the best one. Fort, like you like to mention is ‘free and open source’ the difference is the guy developing it is a genius and he doesn’t seem to seek making you to ‘sign up’ for accounts like Portmaster people which is already a way to say “well, we don’t care about your privacy, only about your payment method and we will want to make money off this with premium features and services”.
But what matters is the features, and Fort Firewall as far as I know is the only one that can filter svchost so it is easy to really block what you want, if a process is not ‘split’ in their own svchost instance to be recognized you can “make trackable” the service, you restart the service or computer and done, but on win11 I only had to do that to CryptSvc, InstallService and DnsCache (the important one) and then I don’t see any “Host Process for Windows Services” requesting connection, it’s all individual svchost services.
It has wildcards to filter folders, so you have a folder with all your tools or games folder? well easy to allow them to have connections. It also has statistics, a basic traffic graph (someone could request improvement), it has an easy way to add IP lists, it can allow subprocesses like Tinywall does (which the dev took the idea from). The only thing missing for now is rules for individual programs, you can make global rules, but sometimes couple programs might use the same IP, so it is good to finally restrict access to individual programs if needed. But he is currently working on it so it should be available in couple months.
Also, Fort doesn’t have like popup blocking alert, you only get a little alert on tray icon but he said he will add that eventually, I won’t use it but I guess some people want that.
There are not allowed connections, only blocked ones, but I find Process Hacker 3 fine to check which connections are allowed, the only problem is svchost so that’s why I wish Fort had their own version of it, which dev said would add anyway.
Anyway, the UI is not pretty but he is working on it and eventually even dark mode will be added to it, but it is based on QT.
Doesn’t seem like this Portmaster really offer anything special, so will they do it? I mean the really advanced features? or it will be just a pretty skin like glasswire and that’s it?
Most people fall for pretty skins and they never seem to really look for quality features that can make the firewalling great, especially in today’s internet where everything gets ‘hidden’ more and more.
So what features are different from any other firewall? with the ‘alpha is about lack of features’ I guess we can just say “oh well, we will have to see” but this doesn’t look like a tool that will have really good advanced features that will help everyone advanced or not too tech savvy users.
Just look like it has the same features as others, so nothing special, but they surely wanted to worry more about the UI than the features for sure.
Better late then never, saw the Post a while back, but only now read through the comments.
thanks for the feedback, I understand you desire for more/better features, we are working on so many, and because of our origins in security you can count on them being first of too nerdy and then warped up in a pretty UI.
Our goal is to bring better Privacy to more people not to have the most features from the start, so with each feature we add we consider how to integrate and display it, and yes this takes more time, and resources, but we believe serving more people is better in that regard.
If you have more feedback, please don´t hesitate to write us an email.
Thanks for the Post! and the great comments.
Raphael from Safing
Nah, your goal is to push sales down people’s throats with a half-baked, not always working, false advertising software. With enough refreshes in my browser I can bypass your software’s amazing blocking ability. I’ve recorded that and notified you but of course, I got shut down.
It’s stupid annoying to use Portmaster’s UI. If you have it in interactive mode, good luck using that stupid ridiculous tiny window that you have to activate with 3 clicks. You’d think that by now you’d realize it but no, you keep advertising the stupid VPN service. That’ll solve it.
Cash grab. That’s what portmaster attempts to be, and a poor one at that. Extremely disappointed to see anyone talk about portmaster as an actually viable solution or alternative to anything but a trash can housing dead rats.
Yes, they are using it to promote/sell their SPN service.
I don’t feel they have the infrastructure to make that viable, and as I’m in the USA, I’d hate to think how that service would stifle me download speeds. It’s a very niche product, and I’m not in the habit of giving firewalls actual access to the Internet! Call me cynical, but you can’t even use Portmaster without granting it access to the Internet. As for DoH, no thanks- I like to control my own filters etc.
It makes me laugh how people so blindly trust Cloudflare and Quad9… not to mention the millions of morons who trust Google!
I’m sure one day ‘secure’ DNS will be mandatory, but until then, no thanks.
They are selling paranoia over privacy. How do we know we can trust them? No offence, but Portmaster would have unfettered access to the Internet, and knows all of your Internet business. Hmm…
One of their developers left the company recently, siting ‘differing views’ (about the company’s present/ future direction. There must be more to it, he could have just ‘disappeared’ and said nothing, but he made a public announcement in Reddit.
Anyway, if people truly require their SPN, fair enough… but I’m not up to anything dodgy. / -:
Well, to reply to my own posting…
Yesterday I watched their YouTube video about the latest (1.3) version. Raphael and Daniel seem like really dedicated, open and honest people. Upon reflection, my comments were rather harsh and I now regret making them. DoH can be switched off- and I feel I went off on a tangent!
They are entrepreneurs, they are running a business, they provide a free version of their firewall program. No-one is forced to purchase their SPN product- which does sound good if you require that level of privacy.
I wish them well with their venture, I hope people contribute to them if they feel they gain good value from their product. It’s open source, people can check the code, I don’t feel they are doing anything shady. That video made me feel a lot better about trusting them, and I like their vision and appreciate their honesty.
Thank you for kind words about Fort Firewall, I’m an author.
It lacks many features of other firewalls, but slowly improves.
> for example, does it uses its own driver?
Portmaster has own driver. But all decisions are made by user-mode part.
I.e. driver pauses a new connection and sends info to user-mode. User-mode checks the info and sends the decision to driver.
So, potentially all Fort’s features (svchost fine filtering, wildcard in program paths etc) can be easily implemented in Portmaster.
I don’t use such model (pause connections and make decision by user-mode), because it’s slow for programs with many short lived connections (e.g. torrents).
I have the feeling of repeating myself, because I am, yet for those who’d ignore the thrilling cyber adventures of Daddy Hawack and who’d wonder what his answer to the article’s question is, here goes:
Do I use a third-party network monitor or firewall? The winner — I mean the answer — is : yes.
Anxiously waiting for a developed answer? If no then bon voyage, otherwise I’ll complete by stating that I’ve used for years DNSCrypt-proxy which combines encrypted DNS (DoH and DNScrypt protocoles), anonymous DNS requests (only with resolvers accepting the DNScrypt protocol), blacklists (domain and IP), whitelists, cloaking, forwarding, captive portals… Multi-platform moreover.
A specially skinned answer because otherwise laziness may have invited me to honor silence :=)
That’re all good, well known strategies. But what’s your IPS/IDS model?
What’s yours?
Depends of the environment. I’m no longer in business, devices are home located.
Prevention system-wide is basically DNSCrypt-proxy with a substantial list of blocked domains and ips,
together with a few Windows tweaks lowering the attack risk. No universal anti-this and you name it solutions.
Prevention browser-wide is of course uBlock Origin together with a few other security/privacy oriented extensions. When I go surfing off-shore I enable the Netcraft Extension. Many enhanced Firefox privacy/security tweaks. I don’t use any other browser.
Remains detection. Frankly never encountered an attack at home over 22 years.
Of course I never install an application or software before getting info and mainly that of VirusTotal.
Once in a while I check the system with the Hitmanpro application. I think that over several years it never detected anything substantial, not to mention false positives here and there.
Again, this is in a home environment. When you consider companies’ issues regarding intrusion obviously IPD/IDS is too often inadequate.
Having used Portmaster for a little while, here are a few thoughts. It is an effective firewall, however, I found that some apps will route through the DNS service and/or system services, so you have to be on the lookout if you don’t have “prompt” set.
Two annoyances I have with Portmaster itself is that 1) it makes a connection to it’s developer site once every hour, supposedly for updates. There is no way to set how frequent the update checks are, and if you turn off the update checks, the Firewall thinks it is very ill and so permanently displays a yellow problem indicator, even though nothing is wrong with it.
2) It frequently pings “dns-check.safing.io” several times a second if you choose to block it. I have a custom DNS setup that works for me, but Portmaster doesn’t like, so this check is blocked because otherwise it tries to reset my DNS settings in the OS every now and then, which breaks the internet for a few minutes.
Ultimately I removed it. It wasn’t worth the headache for me.
It is open source, hopefully someone will fix it.
Not sure you can consider it open source if the software auto-installs updates it gets from a server that’s not github, and those releases are not made public, and you cannot choose not to allow those, which version to install, or say.. downgrade to last year’s version when the UI was somewhat workable as opposed to today’s version which is TRASH.
So in a very, very loose sense, yes, it’s… got some source code public somewhere.
I am personally quite pleased with the onboard (integrated) Firewall possibility from the software Eset internet security 15 series. https://www.eset.com/int/firewall/
More info at – https://help.eset.com/eis/15/en-US/idh_config_epfw_basic_group.html
Sorry, totally not related! I do not know what I was thinking! :-)