-{ Quote: "No pop-ups, if yes you will be like others...
But a place with blocked programs could be nice." }-
The popups could be optional ;D

No popups, but the Connections window has been extended to show (and whitelist) blocked applications.

-{ Quote: "No popups, but the Connections window has been extended to show (and whitelist) blocked applications." }-
But if the firewall is active in the connection window will only appear already allowed apps.
This is why a log or something like that with apps blocked is needed, and it would be nice if with a right click you can allow the app with some kind of pre-customized rules

-{ Quote: "But if the firewall is active in the connection window will only appear already allowed apps.
This is why a log or something like that with apps blocked is needed, and it would be nice if with a right click you can allow the app with some kind of pre-customized rules" }-
That is exactly what I'm talking about. It is already implemented in v2. It is part of the connections window, and it shows you (optionally, but it remembers) blocked apps from the past two minutes.

-{ Quote: "That is exactly what I'm talking about. It is already implemented in v2. It is part of the connections window, and it shows you (optionally, but it remembers) blocked apps from the past two minutes." }-

Excellent I can't wait to test the new version :)

-{ Quote: "Excellent I can't wait to test the new version :)" }-

Right, me too :)
I'm using v1 for some weeks and it runs very well.

I hereby, gladly and humbly, announce the first test release of TinyWall v2.

The focus this time was to introduce desired new features and correct some of the design defects of the previous versions. I hope you'll like all the various changes and as you will see, there are quite many.

But first, a few notes about this release:

This is a testing release, intended to find bugs and collect feedback. Even though I tried to make it a very reasonable release, please be prepared to meet some rough edges. Also, please report them back.
The documentation has not been updated yet, so the FAQ's and the website's content still apply only to version 1 of TinyWall. If you have any questions, feel free to ask in this forum and I'll answer with the best of my knowledge.
This testing release installs a "DevelTool" icon in the Start Menu. Please disregard it unless I tell you not to.
If you have any applications that you would like to be included in TinyWall's autorecognition database, feel free to make a request and I'll do my best. You will find instructions in a later post about how you can help to include new software. (For example, I am explicitly looking forward to include MS Outlook, so if you have one, any version, let me know.)
Until the final v2 is released, there is no guarantee that you will be able to keep your settings between upcoming releases.


So, I guess it is time for the release notes ... Drums-dadadada-da-da-dadadada... (Oh, and I'll make some further comments on the way :) )


Offer user to whitelist additional files that belong to the same application
Okay, this is a feature that required rewriting Intimidatingly Large Amounts of Code (ILAC). But it was totally worth it. Previously, TinyWall only knew about executables, but it could not tell if two executables were related (if one needed the other to work properly). Version 2 of TinyWall also knows about "applications", not just executables. Each application is a collection of executables in the eyes of TinyWall, and TinyWall will tell and offer you to automatically whitelist other executables if needed.
Here is an example: In version 1, users whitelisted (only) firefox.exe and wondered, why they still can't play videos from the web. What they didn't know is that Firefox executes its plugins in a separate executable, plugin-container.exe. So to play online media, they also needed to whitelist this file. Of course if you didn't know this, you were out of luck and blamed TinyWall (or used the autodetection feature which has found both files).
TinyWall v2 is much better at this. If you try to whitelist firefox.exe, TinyWall will tell you that it is not enough, and will even offer to automatically unblock all the other needed files for you! Now isn't that cool?
Domain blocklist support
Implemented by installing a custom hosts file, this feature will keep you safe from many malicious websites and increase your browsing speed by blocking trackers and ads. This feature is disabled by default, needs to be turned on explicitly. It can be easily switched on and off from the tray menu. TinyWall will keep the hosts file updated to ensure you always get the latest protection. (Currently the MVPS hosts file is used.)
Hosts file protection
A common web-related attack by malicious code is redirecting the user to fake sites to phish data or install further bad code. TinyWall will lock the hosts file to ensure its protection and prevent malicious redirection using the hosts file. (Needs to be turned on manually, but turns on automatically with the domain blocklist feature.)
Mouse picking of windows with higher privileges
In v1 when TinyWall's controller was not running elevated, it was impossible to whitelist another application that is running with Admin rights by mouse picking (by window). You either needed to use a different method or you needed to elevate TinyWall too. TinyWall v2 allows you to whitelist by window such applications without having to elevate TinyWall itself.
Saving of settings without breaking existing connections
This was an odd issue with TinyWall v1. I was actually surprised that no one reported it, even though I knew about it from day one. Unfortunately, this was more than just a bug, it was a real "design defect" that required rewriting ILAC (Intimidatingly Large Amounts of Code, remember?) to fix. The phenomenon was that when clicking Apply in the Manage window, TinyWall would break all existing TCP connections on the local computer. Interrupted downloads and whatnot were the results in other software. Anyway, this is all past now, since it is properly solved.
New updater system
This might sound less exciting than it actually is, but don't be mistaken. The new system will download compressed updates so they are faster, and it also allows TinyWall to update not just the installation as a whole, but also data components separately. For example, there is no need anymore to bump TinyWall's version and release a new installer just to update the database of applications. This also means you will get painless, nagless and installess updates in many cases. As already explained, it also allows the hosts file to be updated separately, you won't even notice.
Traffic rate monitor
This is a slick little feature in the form of a tray menu entry that will always tell you current total download and upload rate of your computer.
Connections window shows blocked applications
This is something that many of you have been asking for. The Connections window will now optionally show you what the firewall has blocked recently, and a right-click menu allows you to either unblock or close processes. Even multiple at once. The only trick is that the Connections window has to be open to record blocked applications (it won't show you blocked apps from before opening the window). This might sound a bit quirky and I easily could have gotten rid of this requirement, but unfortunately I have a (IMHO) very good reason to do things this way. If you're interested why, I can explain it in a post after this one (it's out of scope for a changelog).
Lightning-fast search for some recognized applications
TinyWall now has a way to rapidly detect some installed applications without having to search through the hard drive. When the installer ends with the "Automatically unblock applications" checkbox selected, you will notice that the application finder window won't pop up like in v1. Is it broken? No! TinyWall simply loads and you will find many applications already whitelisted! It just happens so fast that I decided there is no need to show a progress window, because you won't notice it anyway. You can still launch the old application finder from Manage, and it will find some additional apps for you: Unfortunately the rapid finder is not able to find every single app TinyWall knows about, but it is still very good.
Increased startup performance
I've gone to great lengths to decrease the startup times of both the service and of the GUI application. I've done crazy things like separating CPU-bound tasks from IO-bound tasks and executing them in parallel. I have a fast machine, but compared to the old version, even I can tell the difference.
Better support for Windows Networking, Remote Desktop and Remote Assistance
This is the only feature that I regret I cannot do better. The focus is on the word "Better". It is now at least possible to use these Windows features with TinyWall, but after each start Windows might ask you to redo some of its settings. In my own defence, it really is not my fault but some freaky Microsoft design decision. It is again out of scope but ask and I'll tell you more.
Remember the last used firewall mode
This is small-ish change, but nevertheless handy. TinyWall now saves the firewall mode between reboots (with the exception of the Disabled mode, which will not be remembered).
Binaries are signed by a digital certificate
I spent some money to buy a digital certificate usable for code-signing. (The previous donations helped a lot, but I still needed to throw in some money of my own because they weren't quite enough.) As a result, Windows will no longer tell you that TinyWall comes from an "unknown publisher". A digital certificate will assure users that my person has been checked, that I exist and it will identify all software releases coming from me. It means that as long as Windows is telling you that TinyWall has been published by "Károly Pados", you can be sure that 1) the TinyWall you have downloaded really is from me and is not some scam and 2) that it has not been modified by others, not been infected with a virus after its release, not been compromised and so on. I have long asked you people to trust my good intentions, in the sense that I am not making some trojan here, and the acquired digital certificate is to show that I really mean it.
Localizability
TinyWall v2 can be localized into other languages than English. All the UI and messages shown by the controller (except profile names) can be translated into other languages and TinyWall will pick the right language based on the current Windows version. I am not yet releasing the resource files for translators because this is only a beta and some text will likely change, but as soon as v2 reaches maturity I'll be ready, because TinyWall already supports it.


Wow! That was a lot of new features! There are also some fixes worth mentioning:


Fix: Controller issues with password lock
Fix: Don't lose settings in a virtual machine anymore
Fix: Custom ports were not applied to services
... and some other things I've forgot to take notes of


The testing version TinyWall v2 can be downloaded from TinyWall's own website (see the bottom of the download (http://tinywall.pados.hu/download.php) page). Looking forward for everyone's feedback.

p.s.: Can I copyright ILAC? ;D

Good additions. I do really have competition on this. :)

For the feature named "Offer user to whitelist additional files that belong to the same application", do you have a few predefined programs or you do search recursively in the folder/subfolders to find another exe files ?

-{ Quote: "Good additions. I do really have competition on this. :)

For the feature named "Offer user to whitelist additional files that belong to the same application", do you have a few predefined programs or you do search recursively in the folder/subfolders to find another exe files ?" }-

Hi, I have predefined programs. Picking up any file I find would be not only dangerous but would also result in thousands of firewall rules, possibly slowing down the system. But I am working on an auto-learn feature for v2, though I am unsure if it will make it into the next beta. There are still some practical issues to solve before I am ready to release it.

One small problem system tray icon stays the same in all modes (does not change color).

Very strange, got the icon to change to Orange (block all) then switched back to normal mode and it is still Orange even as a type this. It showing and saying Block all, but I am connected.

-{ Quote: "One small problem system tray icon stays the same in all modes (does not change color).

Very strange, got the icon to change to Orange (block all) then switched back to normal mode and it is still Orange even as a type this. It showing and saying Block all, but I am connected." }-

Thanks for spotting. Fixed. The actual firewall mode always changed correctly, only the icon and some text in the UI did not update to the new status.

I've tried it on vm, icon doesn't change.
About connections tinywall makes connections on remote adress. What about ? Looking for updates ?
For blocked applications is it hard to show full path ?
Can we start to translate in other language ?

-{ Quote: "I've tried it on vm, icon doesn't change.
" }-
It is only the icon and some text, but the mode change is working correctly. I have fixed it in in the source code, will be in the next release.

-{ Quote: "
About connections tinywall makes connections on remote adress. What about ? Looking for updates ?
" }-
Yes, updates. The remote address for the updates is 83.169.4.50 (same as tinywall.pados.hu). It shouldn't do that very often, once every two days if I remember correctly.

-{ Quote: "For blocked applications is it hard to show full path ?
" }-
Thank you for the suggestion, I will change it to show the full path. Is it okay if I show it in the tooltip of the list item?

-{ Quote: "Can we start to translate in other language ?" }-
There will still be a small number of new features, it would be better to wait with translation until only minor fixes are left. I will give you files to translate, please don't start extracting strings from the executable yourself.

I will wait for translation no problem :)

About the path i think it will be nice. I'll try it in the next release :)

-{ Quote: "
Traffic rate monitor
" }-

Just want to say I really appreciate all the time and effort you've put into this app and I really like it. I suspect the above is responsible for a significant increase in memory usage from the tray app. Would it be possible to make disabling it an option?

Installed the latest beta. Does TinyWall default the Network Discovery to enabled?

-{ Quote: "Does TinyWall default the Network Discovery to enabled?" }-
I knew I forgot something :D

-{ Quote: "Just want to say I really appreciate all the time and effort you've put into this app and I really like it. I suspect the above is responsible for a significant increase in memory usage from the tray app. Would it be possible to make disabling it an option?" }-
It is definetely not caused by the traffic monitor. Note that TinyWall consumes less RAM than reported by the Task Manager, but I'll see what I can do about it. It was long ago since I last looked at RAM usage, so there might be somehting I can do. But no promises. If you are concerned over memory usage, please read this (http://www.itwriting.com/dotnetmem.php).

What's about "unblock lan traffic" ? Is it about the problem in message #225 ?

-{ Quote: "What's about "unblock lan traffic" ? Is it about the problem in message #225 ?" }-

If enabled, traffic from/to your LAN will not be filtered by the firewall. You can use this to unrestrict communication on your local network while still being protected from the internet.

It is not related to #225. Even if this option is disabled, you can still communicate on your LAN by unblocking the right applications. But if this option is enabled, you do not need to unblock anything for the LAN to work.

TinyWall v1 also had this same option, but it was located in the Mode submenu.

Thansk :)
Have you solved the problem in message #225 ?

What about Network Selection Home, Work & Public through TinyWall? Is this included in this version? If no, then are you planning to add it?

-{ Quote: "Thansk :)
Have you solved the problem in message #225 ?" }-

#225 mentions Windows "homenet group". If I am right and the post's author meant the network browser (possibly, browsing the workgroup in specific), then it already impoved in v2, and it will be even better in the next beta because it will fully support Windows Network Discovery. But as I mentioned in the release notes, there might a bad interaction with Windows' behavior, we'll need more tests to figure this out exactly. I'd be very pleased if people on this forum could help test this with the next beta, because my computer networking setup is very limited here.

Tinywall service stops and starts every two seconds. This is on Vista 64. The services that Tinywall depend on appear to be running. Managed to uninstall and install V1 Tinywall to get the internet back.

DNS blocking is not working correctly in v2. If I uncheck DNS client in "Special Exceptions" (v2) I can connect to VPN (IPSec), in v 1.03 I cannot.
1.03 is doing the job of DNS blocking, not Version2.

Also can't stand the icon not showing the right mode. :'(

Looks like version2 will be excellent, after the bugs are worked out. :)

@cyberrufus:
I have profiled memory usage in detail and there is nothing wrong. The memory consumption you are seeing is just the CLR heap before garbage collection and other .NET stuff. The true amount of heap memory I use is around 5MB most times, and I've seen it peak around 12MB while using the Connections window. Also, this build contains debug information which also raises size somewhat. To sum it up, I see no issue here, and let me say it once more, don't trust the Task Manager. It is too dumb too know what it is counting.

@narenbisht:
I have actually no plans for it. Not now at least.

@jdd58:
Could you send me the "errorlog" file from C:\ProgramData\TinyWall? (You'd need to install v2 once more.) I failed to reproduce the problem on my computer, so I'd really this file from you. Thank you.

@Seven64:
DNS blocking does work. The current beta just ships with bad default settings. You just need to go to Manage and disable the default Windows rules on the first tab. It should be disabled. My bad.

@Everybody:
While testing TinyWall v2, please disable the default Windows rules in the first tab ("General") of Manage, unless you explicitly want to have it enabled.

Default windows rules are useless ? Or is it just a problem with this beta ?

I think I have found a bug.

If I enable the setting "Prevent modifications to hosts file" and "Block malware and..." the setting via right click "enable host blocklist" is not enabled. This is the way it should be work?

Which list do you use to block malware and ad? could you make this more transparent like peerblock? and add more option like p2p... so we can choose block only p2p, or ad's and p2p, or ad's and malware.... if something if blocked we should be able to see a notification or a log file, if this log appear in the "show blocked apps" list should be specified that has been blocked via host list so we don't click on allow if we see that svhost is being blocked.

In the Application Exceptions Tab would be nice if we can order the list according to the executable name, Path.... and maybe give some right click functionality like the properties of the files or check the files in VirusTotal...

Another useful feature would be to group the same exe's in a tree view to show the rules applied, pe if you allow an exe being blocked that already exists in the App list it will appear 2 times in the list each time with the different rules, so we have to options group it in a tree view or merge the rules

@Seven64:
DNS blocking does work. The current beta just ships with bad default settings. You just need to go to Manage and disable the default Windows rules on the first tab. It should be disabled. My bad.

@Everybody:
While testing TinyWall v2, please disable the default Windows rules in the first tab ("General") of Manage, unless you explicitly want to have it enabled." }-

Never even looked there, that works. Thanks!;D
Can you do a quick release for the tray icon? Very confusing going back to my desk and seeing mode normal and it is blocked, and vice versa. :-\

Errorlog file sent.

-{ Quote: "
If I enable the setting "Prevent modifications to hosts file" and "Block malware and..." the setting via right click "enable host blocklist" is not enabled. This is the way it should be work?
" }-
It is supposed to be that way. The "Block malware and..." option blocks based on ports, it is not the same as the domain blocklist feature. The port based blocking was already there in TinyWall v1 and I forgot to rename it in v2, which is why it is confusing. I'm going to correct that, thanks for the suggestion.


-{ Quote: "Which list do you use to block malware and ad?" }-
MVPS hosts.

-{ Quote: "could you make this more transparent like peerblock? and add more option like p2p... so we can choose block only p2p, or ad's and p2p, or ad's and malware..." }-
I'm sorry, I intend to keep this feature disabled by default. Also, I do not intend to replace PeerBlock, I just want to keep this as simple as possible. Note, that while peerblock blocks IPs, TinyWall is blocking domains. So they are two different mechanisms. You can install both at the same time (TinyWall+PeerBlock) and they will nicely work together.

-{ Quote: "in the "show blocked apps" list should be specified that has been blocked via host list" }-
I'd gladly do that, unfortunately it is technically not possible. The only reason PeerBlock can do that is because it installs its own filtering drivers. But TinyWall does no such thing, and hosts-based blocking does not even use the firewall. It simply overrides your DNS lookups.

-{ Quote: "In the Application Exceptions Tab would be nice if we can order the list according to the executable name, Path.... and maybe give some right click functionality like the properties of the files or check the files in VirusTotal..." }-
In the next beta there is a quick filter functionality in the Application Exceptions Tab, so you can easily filter the list. It is already implemented, you'll see it in the upcoming release. But I guess I can add sortable columns...
Also, the VirusTotal thing is a nice idea, I like it. But let me meditate on it first.

-{ Quote: "
if you allow an exe being blocked that already exists in the App list it will appear 2 times in the list each time with the different rules, so we have to options group it in a tree view or merge the rules" }-
Are you sure it appears two times? TinyWall always merges the rules, for the same path you should never see multiple exceptions. If you do then that is bug.

-{ Quote: "Default windows rules are useless ? Or is it just a problem with this beta ?" }-
Not useless, but to account for them, I'd have to create separate versions of TinyWall for each language version of Windows. So I decided that I'd rather disable all default rules in TinyWall and recreate them on my own. This way I can support all Windows languages. If this option is enabled, TinyWall will not disable the default Windows rules and they will let traffic through even if TinyWall is not allowing it.

So you should disable it (next versions will have it disabled by default), becuase that is how TinyWall was inteneded to work. I might even remove that option completely.

-{ Quote: "Can you do a quick release for the tray icon? Very confusing going back to my desk and seeing mode normal and it is blocked, and vice versa. :-\" }-

I'll have one soon, just a bit more patience please. I'd like to get something done before that.

-{ Quote: "Errorlog file sent." }-
Thank you, I received it. Did you add any exceptions on your own? Or does this happen right after a fresh install?

-{ Quote: "Thank you, I received it. Did you add any exceptions on your own? Or does this happen right after a fresh install?" }-

This happens right after a fresh install. I tried changing the settings and unticking the box you mentioned in your previous post but they won't "take".

-{ Quote: "

Are you sure it appears two times? TinyWall always merges the rules, for the same path you should never see multiple exceptions. If you do then that is bug." }-

No bug sorry, I checked it again and it's ok, my mistake.

A nice feature would be improve the initial scan so more common exe's can be found in order to allow them. At least show the exes in the process list to select which one do you want to allow it would be nice. Or even better the exe's pointed in "C:\ProgramData\Microsoft\Windows\Start Menu" the star menu of windows, so more or less you will see almost all the important exe's that you usually use.

Could be a bug, never saw this before. All I did was change mode to block all.
Noticed that the DHCP automatically got checked. Uninstalled, because something is defiantly wrong.

Simple feature request: Add a copy remote address in the context menu in the connections window.
An advice in Enable Hosts Blocklist: Consider to apply same functionality as HostsOptimizer, the functionality is stated here -http://forum.abelhadigital.com/viewtopic.php?f=8&t=4&sid=baeae6ba5cd0144a85ea3b534055294d
It will allow the use of hosts blocklist without slowing down Windows.

-{ Quote: "
A nice feature would be improve the initial scan so more common exe's can be found in order to allow them. At least show the exes in the process list to select which one do you want to allow it would be nice. Or even better the exe's pointed in "C:\ProgramData\Microsoft\Windows\Start Menu" the star menu of windows, so more or less you will see almost all the important exe's that you usually use." }-
That would be similar to automatically whitelisting any executable on the user's computer. Instead, I'm taking another approach, which is improving TinyWall's built-in recognition database. I have big plans for that, but it'll have to wait for after-v2.

-{ Quote: "This happens right after a fresh install. I tried changing the settings and unticking the box you mentioned in your previous post but they won't "take"." }-
Thanks, I've found the problem.

-{ Quote: "Could be a bug, never saw this before. All I did was change mode to block all.
Noticed that the DHCP automatically got checked. Uninstalled, because something is defiantly wrong." }-
No, this is okay. The older version behaved exactly like this, you probably were just never "lucky" enough to hit it. What happens is that TinyWall reloaded your settings while you were making changes. One possible reason was that the network profile (Home/Work/Public) changed. So the controller did't save your settings, because it would have overwritten not the profile that you were making changes for, but the new one. This would also explain why the DHCP setting changed. Since TinyWall loaded other settings, that new profile had DHCP enabled.

I see nothing wrong here. This is merely a safety mechanism and TinyWall is telling you that it didn't save your settings to prevent overwriting the wrong ones.

-{ Quote: "Simple feature request: Add a copy remote address in the context menu in the connections window.
An advice in Enable Hosts Blocklist: Consider to apply same functionality as HostsOptimizer, the functionality is stated here -http://forum.abelhadigital.com/viewtopic.php?f=8&t=4&sid=baeae6ba5cd0144a85ea3b534055294d
It will allow the use of hosts blocklist without slowing down Windows." }-

Copy remote address - okay.
Hosts optimizer - do you actually feel a difference when the MVPS hosts is "optimized"?

-{ Quote: "No, this is okay. The older version behaved exactly like this, you probably were just never "lucky" enough to hit it. What happens is that TinyWall reloaded your settings while you were making changes. One possible reason was that the network profile (Home/Work/Public) changed. So the controller did't save your settings, because it would have overwritten not the profile that you were making changes for, but the new one. This would also explain why the DHCP setting changed. Since TinyWall loaded other settings, that new profile had DHCP enabled.

I see nothing wrong here. This is merely a safety mechanism and TinyWall is telling you that it didn't save your settings to prevent overwriting the wrong ones." }-

"One possible reason was that the network profile (Home/Work/Public) changed"
How could it change, if I did not change the network profile? I am not on a Home network or work. ???

It's hard to create a software : everybody founds bugs :)

-{ Quote: ""One possible reason was that the network profile (Home/Work/Public) changed"
How could it change, if I did not change the network profile? I am not on a Home network or work. ???" }-
As I said, that is one possible explanation. There are also other scenarios when TinyWall decides to reload your settings. There is nothing (yet) to indicate that this is a bug. Let me know if this happens very often.

-{ Quote: "It's hard to create a software : everybody founds bugs :)" }-
That's okay, that is the purpose of testing. Bugs should be found, they should be reported and I should correct them. It is often not clear if something is a bug or intended behavior (sometimes not even for me...) so everything "fishy" should be reported just in case, and I'll determine if it is something to be fixed.

-{ Quote: "That would be similar to automatically whitelisting any executable on the user's computer. Instead, I'm taking another approach, which is improving TinyWall's built-in recognition database. I have big plans for that, but it'll have to wait for after-v2." }-

How will you do that?
Wait until 2.0.1? ;)

-{ Quote: "Wait until 2.0.1? ;)" }-
More like 2.x. But don't wait for it, use 2.0 when it comes out, coz it'll be just as good. A large database will only spare you a few mouse mouseclicks but it adds no "features" that would be worth waiting for.

-{ Quote: "How will you do that?" }-
Woah, wait... 2.0 is not even out yet and you're already asking for the version after that? :D I'll announce that feature list when it's ready :P I'll just say that I want to automate it's maintenance.
:D

Hi everybody!

I've incorporated all your feedback and here is the next test release. There are new features as well as bug fixes, and this is also a feature-complete version, meaning that no new major features will be introduced to v2.0 after this one. The focus from now on is on fixing issues.

Changelog:
- New: Quick filter for exceptions list (Manage window)
- New: Windows Network Discovery support
- New: Connections window supports initiating search on VirusTotal, ProcessLibrary and Google (and remote address to clipboard)
- New: Learning mode
- New: Connections window shows direction of blocked actions
- Enhancement: Better Connections form performance
- Enhancement: Exceptions list now supports sorting
- Enhancement: UI text improvements
- Fix: Getting the executable path from admin processes might crash
- Fix: Tooltips were hidden where they should not have been
- Fix: UI text and icons not updating when mode is changed
- Fix: Disable standard Windows rules by default and hide its option
- Fix: Crash on Vista when using port ranges
- Fix: Implement service-to-controller notifications (avoids multiple issues)
- Fix: Web browser profile conflicts with HTTP(s) client profile

As you can see, I have fixed all issues reported on the forum, had many additional fixes and also some new features and minor improvements.

Very notable is the new "Autolearn" feature, another way to easily whitelisting applications, though risky if your computer is already infected. Also notable are the various improvements in the Connections window, some of which are hidden in the contetx menu of the list items.

To fully enable/unleash Network Discovery, all three of Network Discovery, the Windows DNS Client and File and Printer Sharing must be enabled (only the last one is disabled by default).

Some basic profiles have changed internally, for that reason an automatic upgrade procedure is not supported. To install this new beta, you must manually uninstall the old one and install this. The link to download the latets beta can be found on th ebottom of the official download page (http://tinywall.pados.hu/download.php).

Let me know your experiences!

This one is working very well. I'm a little surprised it doesn't auto-detect Google Chrome though.

One question. What is the difference between the option to enable the hosts blocklist thru the tray icon vs the checkbox under the general tab?

-{ Quote: "This one is working very well. I'm a little surprised it doesn't auto-detect Google Chrome though." }-
Thanks for reporting. Fixed in the next release.

-{ Quote: "One question. What is the difference between the option to enable the hosts blocklist thru the tray icon vs the checkbox under the general tab?" }-
Absolutely no difference. The tray menu option is just a shortcut. But I will probably change the tray option to "Enable blocklists" and it will enable/disable all blocklists at the same time in the future.

Here is a short tutorial on how you can help to include additional apps in the database. Just four easy steps:


Start the DevelTool from the Start menu.
Under the first tab, click "Browse" to select the executable you want included.
Click create.
Send me the XML-output you get in the larger text area. Include some small additional info about the application (name, url, which profiles does it work with in TinyWall).


See the pictures below for illustrations corresponding to each step.

Found a bug. When my pc wakes from sleep it is unable to find my wireless network. If I change the firewall to allow outgoing I have internet access but windows still shows me as not connected to a network. Once internet access is achieved I can re-enable normal mode.

I don't know if this is a bug or intentional but when on learning mode and reboot it switches back to normal mode, overall very good software.

Running very smooth for me, thanks for the quick update :) .

-{ Quote: "Found a bug. When my pc wakes from sleep it is unable to find my wireless network. If I change the firewall to allow outgoing I have internet access but windows still shows me as not connected to a network. Once internet access is achieved I can re-enable normal mode." }-
I'm going to check it, thx.

-{ Quote: "I don't know if this is a bug or intentional but when on learning mode and reboot it switches back to normal mode, overall very good software." }-
Intentional. Because learning mode leaves the computer unprotected, I'm trying to prevent the user to forget TinyWall in learning mode. It is the same reason why the disabled mode is also not remembered.

Hi,

how could I enable PING on my windows 7 machine with tinywall v1? I know there exists a default windows rule for this. But if I enable windows default rules in TW v1 this won't get enabled as incomming rule and if I enable it myself in the windows firewall settings it won't stay enabled.

-{ Quote: "Hi,

how could I enable PING on my windows 7 machine with tinywall v1? I know there exists a default windows rule for this. But if I enable windows default rules in TW v1 this won't get enabled as incomming rule and if I enable it myself in the windows firewall settings it won't stay enabled." }-

Do you mean to ping from the machine, or ping to the machine with TinyWall on it?
To ping from the machine (send a ping), you need to enable ICMP under the Special Exceptions tab.
TinyWall does not yet allow the machine to be pinged (to receive a ping).

Error every time Tinywall v2 beta starts
231929
What is this starts with tinywall v2 beta
231930

-{ Quote: "TinyWall does not yet allow the machine to be pinged (to receive a ping)." }-
sad, 'cause I used to ping my windows clients from a server and let him go to sleep if no client is online...

-{ Quote: "Error every time Tinywall v2 beta starts
" }-

Thanks for reporting the error. Luckily the screenshot contains just enough information for me to get a good idea of what is going wrong. Fix will be in the next release.

-{ Quote: "What is this starts with tinywall v2 beta
" }-
That is the window of the tray application, it disappears automatically after the tray loads. You probably don't see it disappear because the tray crashes for you with the above error. Next build will solve both problems.

-{ Quote: "sad, 'cause I used to ping my windows clients from a server and let him go to sleep if no client is online..." }-
I'll make a configuration option to enable pinging the client machines in the next build of v2.

you are no longer referenced in google, if I type the keyword tiny wall it doesn't found your website.

-{ Quote: "I'll make a configuration option to enable pinging" }-
Thanks!

Do you plan to support rules based on the network setting (private, public, ...)

-{ Quote: "you are no longer referenced in google, if I type the keyword tiny wall it doesn't found your website." }-
If you search for tinywall (written together), then it shows up.

-{ Quote: "Thanks!

Do you plan to support rules based on the network setting (private, public, ...)" }-
Basic support is already there. The rules you select for one network type will only be applied to that network type. If the user/Windows switches the network type, TinyWall will automatically apply the rules that you defined the last time you used that network.

There are some small limitation though. You cannot change the netwrok type from TinyWall, for that you still need to use the Windows GUI. Also, Windows supports multiple active network types at the same time, while TinyWall will always only select one. These limitations might be lifted in a future version.

-{ Quote: "If you search for tinywall (written together), then it shows up." }-

Sorry for the mistake :-[

@ultim
Can you tell which windows services or startup apps needed for Tinywall so that i can avoid unwanted UAC on Windows startup.

-{ Quote: "@ultim
Can you tell which windows services or startup apps needed for Tinywall so that i can avoid unwanted UAC on Windows startup." }-
At a minimum mpssvc, eventlog and the winmgmt services. Plus of course the services that these depend on (indirect dependencies). Whenever TinyWall loads, it should automatically set these into the right state, so unless another program or another user disables something, the UAC prompt should only come once. Note that TinyWall also checks the indirect service dependencies, which are determined automatically at runtime.

The "check updates" does not work for me everything else works.

Hi,

Sorry for the late answer, I've been very busy with other things the past week.

That message is ok, I disabled updates server-side on purpose to prevent people from updating the previous beta to the current one (because that update is not supported). It'll be re-enabled with the stable release of 2.0.

Hi,

I am new here and to Tinywall. I have ditched McAfee as I am not happy with the flexiblity, control, and event logging of their firewall.

I have a blocked event that I would like your thoughts on. The destination address is a link-local address. If I unblock it it comes back again.

232025

Any idea what is causing it, and what I should do about it?

I am on Vista 32bit, connected via wifi to a router / dsl modem. The local network is mixed Vista / XP / W7 / W8 Beta / Apple / Squeezebox.

I have uPnP, media streaming, and file and folder sharing enabled (uPNP is also enabled on the router).

Thanks.

-{ Quote: "
I have a blocked event that I would like your thoughts on. The destination address is a link-local address. If I unblock it it comes back again.
" }-

I guess you've found a bug. If you unblock it using the Connections window, it always adds the "Outbound" exception for unrecognized processes, meaning it will allow outgoing TCP and UDP connections/packets. In your case, however, the protocol is IGMP, so it is still blocked. The only problem is I also do not like the idea of using Blind trust in this case, but I'll try to come up with something. Anyway, thanks for reporting.

I've been using TinyWall for a week or two. I'm having the following issues:

1. After reboot TinyWall starts either in normal mode (even if it was in Allow Outgoing mode pre-reboot), or sometimes the tray icon isn't visible. To get the tray icon back, I have to kill TinyWall.exe's (2 instances) from TaskManager, and then run it again (even though it also restarts itself, or at least one instance of it restarts).

2. Sometimes it blocks firefox from allowing access to certain mail or https address like gmail (maybe all https). I can access gmail using chrome in normal mode and with firefox if I set TinyWall to Allow Outgoing. fwiw, i tried changing firefox.exe rule from 'Web browser' to 'Blind trust' but I still cannot access gmail. I think this type of thing happens most often when my computer wakes from sleep mode or when I switch between wireless/LAN or VPN to non-VPN or stuff like that.

3. There's been other times when something that has been allowed in TinyWall rules doesn't work in normal mode and I'm forced to use 'Allow outgoing' instead.

fwiw, I was using Windows Firewall Control before but uninstalled it because of compatibility issues with Avast and several other issues. I'm probably going to try Windows Firewall Notifier next since TinyWall isn't working for me either.

what langage is tinywall wrote in? just curious :)

C# :thumb:

Hi pajenn,

-{ Quote: "
1. After reboot TinyWall starts either in normal mode (even if it was in Allow Outgoing mode pre-reboot), or sometimes the tray icon isn't visible. To get the tray icon back, I have to kill TinyWall.exe's (2 instances) from TaskManager, and then run it again (even though it also restarts itself, or at least one instance of it restarts).
" }-

I dont know which version you've been using, but up until the latest test release TinyWall always booted up in normal mode, deliberately not saving the previous mode. This has been changed in one of the 2.0 test releases. As for the icon not showing at all, I have never seen that issue and the fact that you see two processes running tells me that the icon has booted up. So my guess is that it is loaded, but Windows hides it away among the "unused" tray icons. There should be a small arrow on left side of the tray area to expand all icons, TinyWall should be there.

-{ Quote: "
2. Sometimes it blocks firefox from allowing access to certain mail or https address like gmail (maybe all https). I can access gmail using chrome in normal mode and with firefox if I set TinyWall to Allow Outgoing. fwiw, i tried changing firefox.exe rule from 'Web browser' to 'Blind trust' but I still cannot access gmail. I think this type of thing happens most often when my computer wakes from sleep mode or when I switch between wireless/LAN or VPN to non-VPN or stuff like that.
" }-

There are some ports which are blocked for browsers, but most are open. So for a browser to be blocked the website has to be using some strange non-standard port, but since even most of those are unblocked, the probability of hitting this problem is very rare. Which website was it? GMail, specifically, is known to work, so I would look for a problem elsewhere, not in TinyWall. The fact that it doesn't work even with "Blind trust" (which gives the app full access to the network) supports my theory.

-{ Quote: "
3. There's been other times when something that has been allowed in TinyWall rules doesn't work in normal mode and I'm forced to use 'Allow outgoing' instead.
" }-
This can happen, if the app was not given enough access in TinyWall or the application's profile (for TinyWall's recognized apps) is faulty. Which application was it? I'll look into it.

Since the last test release there have been many improvements, for example Windows 8 CTP support, the ability to run under newer versions of the .Net Framework, bugfixes and support for uninstalling from the control panel. The reason this release is taking so long is because I had a change in plans regarding TinyWall v2. I decided to delay 2.0 because I am about to implement a very large change. I am getting rid of all communication profiles.

Just to be clear, these are the profiles like "SSH client", "SSDP", "NetBIOS" and so on. You are probably asking why. There are a couple of reasons.

The profiles ended up something different than I orignally planned. I originally wanted to make them represent application types, like the "Web browser" or "E-mail client" profiles do. However, it turned out that this is very often not possible, and for practical reasons I needed to start creating profiles for internet protocols. Most users do not know much, if anything, about protocols.
Most users will not know if and when they need to use protocols like SOCKS, RDP or even FTP. This was confusing for even some advanced users, because it is unclear what protocols a profile includes. Does the FTP profile include support SCP over SSH? Though FTP is not SSH, most FTP programs support SSH. Does the "E-mail client" profile include support for LDAP to use a remote addressbook? Is my program not working because I am missing a protocol or is it a problem independednt of TinyWall?
Even with the right profiles, correct operation is not 100% guaranteed. A lot of providers run services on non-standard ports or with obscure configuration. In such a case, one of the generic profiles needs to be used anyway (Outbound, Blind trust).
Profile names are not localizable.
Whether something can only access the local network is specified in the profile and not for an application. This is just simply wrong. A user does not want to say that all applications using protocol X can only access the LAN, he wants to say that a specific application is not allowed to access the internet.
In many cases, no specific profile can be used anyway. This happens for example with applications unrecognized by TinyWall in many cases, or even for some recognized applications, if it is required by how the app works (torrent clients, many IM apps etc).
Profiles do change from time to time. They need to be renamed, corrected, deleted, merged and some of these actions simply breaks a user's configuration. These maintenance actions often prevent automatic updates (to prevent breaking user configuration), or it prevents fixes to profiles (to keep updates working).

So anyway, these "profiles" ended up being much different then how I imagined them and they keep making me a lot of trouble. I could fix *some* of the above, but even though it would require a lot of work, multiple issues would still remain so I think it is not worth the effort to start patching it.

In the new system that I am designing, there will be only a very few profiles like "Block", "Allow outgoing", "Unrestricted" and an option to specify additional ports. To be honest, the security impact is likely neglible, and since this is how most other firewalls work, in the worst case TinyWall will only get as bad as the others ;) (just joking) But really, don't worry about the security impact. While it definetely exists in theory, in practice it is close to non-existent.

So this explains the longer than usual release period.

-{ Quote: "Hi pajenn,

I dont know which version you've been using, but up until the latest test release TinyWall always booted up in normal mode, deliberately not saving the previous mode. This has been changed in one of the 2.0 test releases. As for the icon not showing at all, I have never seen that issue and the fact that you see two processes running tells me that the icon has booted up. So my guess is that it is loaded, but Windows hides it away among the "unused" tray icons. There should be a small arrow on left side of the tray area to expand all icons, TinyWall should be there.



There are some ports which are blocked for browsers, but most are open. So for a browser to be blocked the website has to be using some strange non-standard port, but since even most of those are unblocked, the probability of hitting this problem is very rare. Which website was it? GMail, specifically, is known to work, so I would look for a problem elsewhere, not in TinyWall. The fact that it doesn't work even with "Blind trust" (which gives the app full access to the network) supports my theory.


This can happen, if the app was not given enough access in TinyWall or the application's profile (for TinyWall's recognized apps) is faulty. Which application was it? I'll look into it." }-

Thanks for the reply and good luck with the development of TinyWall. Here's more info in case it can help you.
1. I was using Windows 7 Home Premium 64-bit with SP1 and TinyWall v1.0.3. the only other security software I had running were avast free and keyscrambler. I always have the 'always show all the icons and notifications on the taskbar' option checked so hiding unused icons was not the issue.

2. the https issue happened sometimes (but not consistently) with gmail and another https://mail... site. however, i'm now trying Windows Firewall Notifier, and that thing is started happening again, so it wasn't just with TinyWall.

Here is an interim release that fixes reported issues, as well as some more. The only exception is the wifi connectivity issue after computer sleep reported by jdd58, I could not reproduce/verify that. I've seen no problems after wakeup from sleep and I also could not find a reason why this should be happening, so if anyone experiences that, please report it because I need more info.

This release is still with the old profile system, the removal of profiles as described in a previous post is happening on a different development branch. To be honest, this here and now would probably have been a release candidate if I hadn't started reworking the profiles, so sorry about the delay, I just want 2.0 to be a really solid version. Anyway, here is the changelog:

- Support Windows 8 CTP.
- Support .Net Framework 4.
- Uninstaller is now started from the Control Panel instead of from TinyWall.
- Make Blind trust default for unblocking unknown apps from Connections window (temporary workaround)
- Add special exception to make local machine pingable.
- Rearchitect blocklist settings
- Better error logging
- Remove configuration option to enable default Windows firewall rules
- Increased startup performance
- Controller may hang missing database.
- Fix: Restrict outgoing UPnP connections more to prevent enabling unwanted traffic.
- Fix: Do not crash if traffic monitoring queries fail.
- Fix: Column sorting of lists needs two clicks the first time to work.
- Fix: Service may crash because of race condition
- Fix: Controller crash if tray menu is opened too early while loading.
- Fix: Tray window shows up too long upon startup
- Fix: Some files are not uninstalled properly
- Profile updates

The link to the latest beta can be found on the bottom of the official download page (http://tinywall.pados.hu/download.php). Built-in updater is still disabled.

I installed it (your latest beta release) on my Windows 7 Home Premium laptop today (Lenovo, AMD). After some complaining by Avast, it eventually installed OK, and seems to be working fine.

There were a few messages while installing that I suspect were due to Avast trying to block it as an "unknown" exe file, it wanted to sandbox it...

It seems to be very light, and a good alternative to the "big" named competitors.

V.W.

Please, can anyone tell me where can I view or manage Tinywall packet filtering rules?

Thanks in advance

joter

New beta running nice and smooth here. Thanks Ultim.

-{ Quote: "Please, can anyone tell me where can I view or manage Tinywall packet filtering rules?
" }-

Hi joter! Right click the tray icon of TinyWall and select Manage. Than, in the 2nd and 3rd tabs you can add and remove exceptions. Each exception might translate to multiple firewall rules internally.

To view the detailed firewall rules, you can use the built-in management interface of Windows. The easiest way to start it is to execute "wf.msc" (from the command line or from the Start menu). But you cannot edit the rules from this interface as long as TinyWall is installed as running.

Cheers,
ultim

This new beta has been working fine on 32 and 64 bit Vista for several days.

No issue with sleep with the latest beta although I did change my wireless adapter recently. I changed from a USB adapter to a PCI slot adapter for a better signal.

Beta 1.9.2 running very nice, no problems. :)

I think this is just the kind of FW controller I was looking for. Thanks Ultim!

I downloaded the V2 beta a couple of days ago. I think I have the latest, but I downloaded v1.9.1 from the official site after Seven64 got 1.9.2? I haven't tried the stable version, but the beta seems great.

It's working well with avast!, the only tricky thing was I had to add an exception for C:\Program Files\AVAST Software\Avast\Setup\avast.setup to get the updates to work properly. I had to do this while avast! was trying to update because avast.setup seems to appear only while avast! is actually trying to update, and I couldn't figure out any way to add it without clicking on the executable while running.

Thanks again! I was avoiding third party software firewalls and wanted to use Windows firewall to full effect but wasn't smart enough to figure it out, but Tinywall seems to work well.

-{ Quote: "I downloaded the V2 beta a couple of days ago. I think I have the latest, but I downloaded v1.9.1 from the official site after Seven64 got 1.9.2? I haven't tried the stable version, but the beta seems great." }-
If you look at properties in the .exe file it shows 1.9.2, but "about" still shows 1.9.1. I have had no problems with new beta, there has been many improvements over the stable version.

-{ Quote: "If you look at properties in the .exe file it shows 1.9.2, but "about" still shows 1.9.1. I have had no problems with new beta, there has been many improvements over the stable version." }-
Thanks Seven. I see it now in the .exe for the installer.

1.0.4 was released, a very minor update. The only change to 1.0.3 is that it will correctly notify the user of 2.0 when it becomes available.

EDIT:

Changelog 1.0.4:
- Give appropriate instructions to the user when upgrading to future major (>=2.0) releases.

-{ Quote: "1.0.4 was released, a very minor update. The only change to 1.0.3 is that it will correctly notify the user of 2.0 when it becomes available." }-
Please let us know with "change logs" about what is happening. Thank you! :)

I cant print to my HP 5510 network printer. Ive added the software Im printing from, Ive allowed network traffic in my private LAN, and Ive enabled printing in the manage window to no avail. Any ideas?

-{ Quote: "I cant print to my HP 5510 network printer. Ive added the software Im printing from, Ive allowed network traffic in my private LAN, and Ive enabled printing in the manage window to no avail. Any ideas?" }-
Hi whitedragon551,

Install the v2 beta and use the learning mode. Set the firewall into learning mode, print once on the network printer then set the firewall back to normal mode. TinyWall will learn to allow printing and network printing should work after that.

White list by window does not work (operation failed) on first try, second time it works. Beta version 1.9.2

-{ Quote: "White list by window does not work (operation failed) on first try, second time it works. Beta version 1.9.2" }-
Can you reproduce it?

It's also happening to me but it's purely random..
Another random bug I'm noticing is that "Current Zone" will show as Public, but I'm on Private Zone, any rules available at Private Zone is still functional but it won't show in manage rules. This bug usually happens when the start-up of TinyWall is sluggish, but when it's fast, it will show the right Zone

-{ Quote: "Can you reproduce it?" }-

Yes, where are the logging files to send located?

-{ Quote: "It's also happening to me but it's purely random..
Another random bug I'm noticing is that "Current Zone" will show as Public, but I'm on Private Zone, any rules available at Private Zone is still functional but it won't show in manage rules. This bug usually happens when the start-up of TinyWall is sluggish, but when it's fast, it will show the right Zone" }-

Same here but it always shows public when it should be private zone. I fired up Sumo since it was not in the rules and it was let right out.

-{ Quote: "Yes, where are the logging files to send located?" }-
Logfiles are produced when the service crashes. There is also some minimal logging done on notable events into the Windows Eventlog. Please send me the C:\ProgramData\TinyWall\errorlog (if there is any), if this file exists that is a likely reason for the "Operation failed" messages.

-{ Quote: "Same here but it always shows public when it should be private zone. I fired up Sumo since it was not in the rules and it was let right out." }-
I'm checking the zone issue. What is Sumo?

I'm soon done with the changes, all that is left is to figure out what to do with the lists of Special Exceptions,
since those are the only user elements that cannot be localized ATM.

Sumo = Software Update Monitor

-http://www.kcsoftwares.com/index.php?software

If I uninstall TinyWall then re-install the zone is correctly shown as private. When the PC is rebooted the zone is incorrectly shown as public.

TinyWall is usually the last program to load at start-up so maybe there is a conflict with another software at that time.

-{ Quote: "Logfiles are produced when the service crashes. There is also some minimal logging done on notable events into the Windows Eventlog. Please send me the C:\ProgramData\TinyWall\errorlog (if there is any), if this file exists that is a likely reason for the "Operation failed" messages.

Another problem I found after erasing with "Privacy Eraser Pro" and rebooting TinyWall icon does not show, after clicking TinyWall from the start menu it shows up grey, and no error log.

The issue with the zones was that the controller didn't pick up the new zone if it changed while TinyWall was already running. So there should be no need to reinstall TinyWall, I guess it will already show the correct zone on your computer if you restart just the controller. The service (and thus the firewall) was still working with the correct zone, this was purely a UI problem.

As for the errorlog, the picture you show is from "Program Files", but that is not the correct folder. It should be ProgramData.

I've never tried "Privacy Eraser Pro", but even though it *should* be safe to run it (at least judging by the feature list of its website), according to your report it interferes with the automatic startup of TinyWall. I will check it on a virtual machine when I get back to my main machine in a couple of days, but for now all I can advise is to check that the Windows service of TinyWall is running. That is the problem most times if the controller shows a grey icon when it shouldn't be.

-{ Quote: "I've never tried "Privacy Eraser Pro", but even though it *should* be safe to run it (at least judging by the feature list of its website), according to your report it interferes with the automatic startup of TinyWall. I will check it on a virtual machine when I get back to my main machine in a couple of days, but for now all I can advise is to check that the Windows service of TinyWall is running. That is the problem most times if the controller shows a grey icon when it shouldn't be." }-


Re-installed TW cleaned the registry now it does not happen, keeping my finger crossed.

Blocklists Port-based malware, and Domian-based malware and ad blocklist.
Where are these lists? I know about the Host list from the stable version. What has been added?
Thanks.

-{ Quote: "Blocklists Port-based malware, and Domian-based malware and ad blocklist.
Where are these lists? I know about the Host list from the stable version. What has been added?
Thanks." }-
Port-based malware list is located in the inbound rules for Windows Firewall. The Domain-based and ad block list is in hosts file.

I noticed a bug, latest beta.
1.)Make sure your Private Zone rules are empty.
2.)Make rules for Public Zone (you must be on a public network).
3.)Make your Public Network to become Home Network in Set Network Location.
The result will be, all your public rules will be available in Private Zone and your public zone rules will vanish.
EDIT: Nevermind the report, I'm realize my mistake
Question: Is there a default rule to enable pinging in the command line?

Hello, I've started using this and for the most part am very impressed with the apparent power/simplicity.

One issue I've just noticed is that auto-learn gives any application attempting to get outbound the "blind trust" profile. What do you think about changing this (or add another mode e.g. "Autolearn - Strict") so that only the particular IP/port that was used at the time is allowed?

For example, I might like to use the online help features or auto-updating in some document viewer, and so want to allow access to very specific IPs. But I wouldn't want some malicious script that runs later to be able to transmit data to some other IP (e.g. in Russia/China).

This could be a neat way to have really specific rules in the FW without requiring much knowledge from the user at all.

One other criticism: The icon is kind of ugly when in normal mode :D It looks much prettier in any other mode. Consider getting rid of the wall that covers the green shield?? So petty I know :)

Edit: Following on from my first comment, you might consider a mode that can do auto-learning on only a particular application or window. For example I enabled auto-learning and used one application how I normally would, and then re-enabled normal protection. In that time iTunes helper and some Apple mobile device service dialled out (not that I care in this case, but you never know what lurkers you have hanging around). To avoid things getting too complicated maybe you could have:

Auto-learn (all applications)
Auto-learn (single applications)

With a checkbox somewhere to indicate that you'd like auto-learn to operate 'strictly'. Just throwing out ideas.

-{ Quote: "I noticed a bug, latest beta.
1.)Make sure your Private Zone rules are empty.
2.)Make rules for Public Zone (you must be on a public network).
3.)Make your Public Network to become Home Network in Set Network Location.
The result will be, all your public rules will be available in Private Zone and your public zone rules will vanish.
EDIT: Nevermind the report, I'm realize my mistake
Question: Is there a default rule to enable pinging in the command line?" }-
Yes, this seems to be bug that I described a post earlier.

-{ Quote: "Hello, I've started using this and for the most part am very impressed with the apparent power/simplicity.

One issue I've just noticed is that auto-learn gives any application attempting to get outbound the "blind trust" profile. What do you think about changing this (or add another mode e.g. "Autolearn - Strict") so that only the particular IP/port that was used at the time is allowed?

For example, I might like to use the online help features or auto-updating in some document viewer, and so want to allow access to very specific IPs. But I wouldn't want some malicious script that runs later to be able to transmit data to some other IP (e.g. in Russia/China).

This could be a neat way to have really specific rules in the FW without requiring much knowledge from the user at all.

One other criticism: The icon is kind of ugly when in normal mode :D It looks much prettier in any other mode. Consider getting rid of the wall that covers the green shield?? So petty I know :)

Edit: Following on from my first comment, you might consider a mode that can do auto-learning on only a particular application or window. For example I enabled auto-learning and used one application how I normally would, and then re-enabled normal protection. In that time iTunes helper and some Apple mobile device service dialled out (not that I care in this case, but you never know what lurkers you have hanging around). To avoid things getting too complicated maybe you could have:

Auto-learn (all applications)
Auto-learn (single applications)

With a checkbox somewhere to indicate that you'd like auto-learn to operate 'strictly'. Just throwing out ideas." }-

Hi, thank you for the suggestions.

The reason I chose to use less strict rules in the auto leanring mode is because a lot of applications do not use specific ports. Chat clients, torrent apps, many multimedia apps and almost all games, they use different hosts and ports each time they run or a large port range. Because of some silly websites even web content for browsers can be tricky. If I created strict rules, in many/most cases all these apps wouldn't work even after the auto-learning mode.

I like the idea to create a checkbox that puts the learning mode into a more strict operation though. Auto-learning on a specific application is also an interesting idea. Unfortunately I have already delayed the current release a lot, and I must say "stop" to new features at some point or else I'm never going to make a public release. Be prepared to see some of your ideas in a post-2.0 version though. The toughest part of these features is to find a good balance between user-friendliness and security.

I know the icon is not the prettiest, but it is the best I could find on the net that was available for no charge. I'd gladly accept a nicer donated icon if someone were to have one.

@ultim

When do you think the final version will be released?


Regarding the icons take a look to this:
http://www.iconarchive.com/search?q=firewall

-{ Quote: "When do you think the final version will be released" }-
I will release a new beta soon this week, including the resources needed by translators. After that the next release will mostly depend on how fast the translators are, but it will be an RC which includes the translations (and fixes if necessary), and if no major issue pops up, the final 2.0 soon afterwards. A timeframe is hard to guess, so I'd rather avoid it, especially since I don't want to put any pressure on the translators - I'm just thankful to them for doing any localization at all.

-{ Quote: "Regarding the icons take a look to this:
http://www.iconarchive.com/search?q=firewall" }-
That is where I got the current logo from :D

-{ Quote: "I know the icon is not the prettiest, but it is the best I could find on the net that was available for no charge. I'd gladly accept a nicer donated icon if someone were to have one." }-

Icon looks fine to me, much better then PFW's icon. ;D
I PM you the error log.

A new MVPS HOSTS file is out, updated: March-30-2012
I guess we have to update manually if using TW beta version, and leave "Prevent modifications to hosts file" uncheck.
It was checked and the old host file was back.

-{ Quote: "A new MVPS HOSTS file is out, updated: March-30-2012
I guess we have to update manually if using TW beta version, "Prevent modifications to hosts file" uncheck.
Left it checked and the old host file was back." }-

Normally TinyWall would update the hosts alone automatically, but since the updates are disabled in the current beta that won't happen. The next version coming this week will have the new hosts file, so there's still no need to rush things manually... But if you insist on manually installing a hosts file, you also need to disable the domain blocklist feature.

Thanks, I'll wait.

-{ Quote: "Be prepared to see some of your ideas in a post-2.0 version though. The toughest part of these features is to find a good balance between user-friendliness and security." }-

Re: user-friendliness, the best way is probably to eventually have expanded the list of known applications, each with rules tailor-made for it. Of course this takes time. So a check-box to let people do their own version will go a long way, I will definitely remember to bug you in the future :)

-{ Quote: "I know the icon is not the prettiest, but it is the best I could find on the net that was available for no charge. I'd gladly accept a nicer donated icon if someone were to have one." }-

The little green shield that is visible in the GUI when you select for the firewall to be enabled looks good. The icon in the system tray is different though - IMO you should use the icon from the GUI as the system tray icon (as you already do with each of the other coloured icons apart from the green one).

-{ Quote: "Icon looks fine to me, much better then PFW's icon." }-

I know right! I almost uninstalled PFW immediately when I saw the icon :D Order of preference when evaluating security app:

1. Icon looks nice
2. GUI looks nice
3. Easy to configure
4. Actually works :D

TinyWall has won another "5/5 Excellent" award, this time from soft82.com. If they're giving out 5/5 ratings for version 1, they will probably need to intruduce a 6th level for version 2 ;D

Minor suggestion to the Connections Windows
-Add option for Always on Top ;D
-Auto refresh (So that users can see in real time connections being created and cancelled)

Here is 1.9.3. As I've announced earlier this release almost completely gets rid of profiles. Also, now I use Windows Installer instead of InnoSetup as the installer technology, which I believe provides a better experience, robustness and error-resiliency.

But YOU MUST UNSINSTALL THE PREVIOUS VERSION before installing this one. Repeat after me: "I will not try to install this before uninstalling any previous versions."

So, time for the changelog. This might be a bit inaccurate because looking at the git commits I cannot always tell which bugs were already there and which fixes are transparent to you because of the profile-related changes, but I'll give it my best shot:

- Completely new installer
- Simplified exception window, no profiles
- Updated, better looking UI by using TaskDialogs where it makes sense
(for example, try whitelisting a known app with multiple exes, like firefox)
- Multiple profile updates and new supported apps
- Updated hosts file
- Memory usage optimizations
- CLR4 is now the default runtime (but CLR2 is still supported)
- Make UI language configurable
- Fix: Possible service crash on invalid update URL
- Fix: Invalid UI state if network type is changed while TinyWall is running
- Fix: Broken auto-learning mode
- Fix: When searching for related exe, also look in the selected exe's directory.

I am also freezing strings and making the Localization Pack available. You will find the link to the pack just under the download link for v2. The zip file includes all information and resources you need to translate TinyWall into a non-english language. Get everything from http://tinywall.pados.hu/download.php .

This version seems buggy, I need to reboot so that newly created allow rule take effect. But if I remove an allowed app, it took place immediately.

-{ Quote: "This version seems buggy, I need to reboot so that newly created allow rule take effect. But if I remove an allowed app, it took place immediately." }-

Interesting... works fine for me. Anyone else having similar issues?

I'll try to reinstall it.. What's the difference between allow outgoing and the default rule for unknown app?

Well, after reinstall, importing the rules worked without restarting.
Then I tried to remove the rule for firefox (applied without restarting)
I whitelisted firefox again (rule was not applied).
EDIT: Base on my observations, what's happening is that the allow rule will show in the GUI of Tinywall but the rule does not appear in the Windows Firewall GUI. If I log off (not reboot), the rule still does not take effect. With this, I think the problem is related with the Tinywall Service?

Oh oh, I found an error log, ;D
-http://sebsauvage.net/paste/?bd5857cad284843b#EfgdlTBEedFEDQLv8HHBT8neHAuKIH1hoQdWH8G6+t0=

it's located at programdata/tinywall

I do not like this new beta 1.9.3. You said, according to TW site; "TinyWall does not require you to know about ports, protocols and application details.
Now seems you do. I need a manual to figure out how to tighten up rules (which ports to allow and block). Most of my browsers and download manager just needed (HTTP(S) Client) to work just fine.
I think you have defeated your original goal of keeping it simple.

Iron browser does not work with 1.93, Firefox works fine.

-{ Quote: "Oh oh, I found an error log, ;D
-http://sebsauvage.net/paste/?bd5857cad284843b#EfgdlTBEedFEDQLv8HHBT8neHAuKIH1hoQdWH8G6+t0=

it's located at programdata/tinywall" }-
edit: deleted

-{ Quote: "I do not like this new beta 1.9.3. You said, according to TW site; "TinyWall does not require you to know about ports, protocols and application details.
Now seems you do. I need a manual to figure out how to tighten up rules (which ports to allow and block). Most of my browsers and download manager just needed (HTTP(S) Client) to work just fine.
I think you have defeated your original goal of keeping it simple." }-

I know. The reasons why I did this I summarized in post #328. I will probably add back profile support in a later version in one way or another, but for now I believe this is the better solution. The previous way was only better for people who knew internet protocols and for advanced users/technology experts, but that is the minority of users. I will definetely think of a way to add back tighter rules and still keep the simplicity of the current system.

-{ Quote: "Iron browser does not work with 1.93, Firefox works fine." }-
It works just fine. I think you are experiencing the same problem as skudo12, your whitellisting rules not taking effect. I'll solve this quickly and make a fix available.

1.9.4 is out, contains a single fix for the reported whitelisting problem. I believe this will also solve the problem for Seven64.

IF you have the previous buggy version installed (1.9.3), you do not need to uninstall it. Just get the new installer and run it, it will automatically upgrade and keep your settings.

IF you have 1.9.2 or older, you still MUST manually uninstall before installing any newer version.

ultim, problem solved with whitelisting ;D
But it still persists when changing ports (fine tuning the rule).
It still has the same error log ;D

-{ Quote: "1.9.4 is out, contains a single fix for the reported whitelisting problem. I believe this will also solve the problem for Seven64." }-

This works, wow that was fast. Thanks.:)

-{ Quote: "ultim, problem solved with whitelisting ;D
But it still persists when changing ports (fine tuning the rule).
It still has the same error log ;D" }-
If everything works, don't worry about that particular log entry. For now it looks like it may stay there for a while, but it shouldn't have any additional side-effects (unless, of course, I am wrong again :D )

Off topic: Are you the developer of ZeroBin? I am quite impressed by the ingenuity of the idea.

-{ Quote: "If everything works, don't worry about that particular log entry. For now it looks like it may stay there for a while, but it shouldn't have any additional side-effects (unless, of course, I am wrong again :D )

Off topic: Are you the developer of ZeroBin? I am quite impressed by the ingenuity of the idea." }-
Nope!, I've read about it in ghacks and thought of starting to use it. I'm obsessed with encryption, LOL

I cannot connect to VPN (L2TP/IPSec), has there been a change with this setting? Switch to auto-learn and it works, and back to normal and won't connect.

I'm going to keep an eye on this Firewall. It may be a good replacement for LnS after it matures a little. Keep up the good work.

-{ Quote: "I'm going to keep an eye on this Firewall. It may be a good replacement for LnS after it matures a little. Keep up the good work." }-
:thumb: and because it works with the built-in Windows Firewall, you can be assured no nasty Windows Conflict or BSOD will appear. ;D
ultim, do you still plan on adding IP blocking capabilities in TinyWall?

-{ Quote: "I cannot connect to VPN (L2TP/IPSec), has there been a change with this setting? Switch to auto-learn and it works, and back to normal and won't connect." }-
Whoops, confirmed. Fix comes soon. As for auto-learn, when you enter auto-learn the confirmation dialog box tells you that TinyWall cannot auto-learn special exceptions. So it cannot learn VPN, you have to enable it manually.

-{ Quote: "do you still plan on adding IP blocking capabilities in TinyWall?" }-
Not now. I'll still have one more try at it indirectly, but if it doesn't work the way I want it to, then I'll leave it as it is currently. But no timeframe here, so who knows when. I've got other things on my TinyWall to-do list with higher priority.

I became interested, after whole time running Windows 7 with just default firewall settings.

It is just Avira warns and disables the download.

-{ Quote: "Warning

In order not to compromise your security, this page will not be accessed
The requested URL has been identified as a potentially dangerous website.
Further information as to why this page was blocked can be found here. A description of how to remove the block for this page is available here.



Requested URL: http://tinywall.pados.hu/ccount/click.php?id=1
Category/categories:
Malware" }-

-{ Quote: "I became interested, after whole time running Windows 7 with just default firewall settings.

It is just Avira warns and disables the download." }-
Thank you. I'll contact Avira and clear up the issue. This is an errouneuos malware report. Until then, try downloading v2 beta. That even has a digital certificate.

I installed the beta. Allowed Firefox "by window" click. Did not connect. Nor did the IE. So I went to learn mode. Found out the culprit was Avira's webguard, which was then allowed.

Propably not much harm was done to computer, since thosed allowed programs could have been later disabled inbound connections. W7 firewall anyways allows all outgoing.

But and a big but. All seemed to now work and i "signed off to go to another user account, the limited one". My system is in finnish language, so those parenthesis only to tell what I did. Normally it would have shown my 2 accounts to choose one. Now it showed a blank screen with a text: 'No cable connected'. Then system went totally blank. Only thing to do was to press shutdown button from my laptop.

So I uninstalled the TinyWall from "Control Panel" and did a system restore to a point before installing the firewall control.

I remember vaquely that same 'cable not connected' problem happened also with Sandboxie and then installing Avira. So they were not totally compatible and I had to install first Avira and then Sandboxie.

Now I suspect either Avira or Sandboxie I am both running or them together are not compatible with TinyWall. Anyways I am too tired to try any again, but if this helps someone. Notice Avira means a free antivirus, it has no firewall.

EDIT
I could not get Antivir and TinyWall work also without Sandboxie. So I uninstalled Avira, installed Avast, Tinywall and Sandboxie, and now all seems to work.

-{ Quote: "
I could not get Antivir and TinyWall work also without Sandboxie. So I uninstalled Avira, installed Avast, Tinywall and Sandboxie, and now all seems to work." }-
Just keep in mind that with avast! Web Shield running at default values the firewall is bypassed. Under the avast! Web Shield settings I have "Scan traffic from well-known browser processes only" checked. My reasoning is that I allow well-known browser processes by default anyway, so at least they get scanned by the Web Shield. The other few programs I allow are trusted (hopefully), and everything else is blocked.

-{ Quote: "Just keep in mind that with avast! Web Shield running at default values the firewall is bypassed. Under the avast! Web Shield settings I have "Scan traffic from well-known browser processes only" checked. My reasoning is that I allow well-known browser processes by default anyway, so at least they get scanned by the Web Shield. The other few programs I allow are trusted (hopefully), and everything else is blocked." }-

Aah the local proxy software like Avast's webshield. Been a long while since I used Sygate or kerio 2.1.5 firewalls and then had to make the default transparent webshield into a manually configured and direct firewall rules for browsers to unnormal remote ports.

I am sure this has been somehow bettered long time ago and maybe that "Scan traffic from well-known browser processes only" means that and a baddie cannot go out as easy pretending to be a browser.

I will have to see how it works:
Yes you are right. For some reason that option is not enabled on the webshield settings by default. If you go to http://www.grc.com/lt/leaktest.htm and download the basic tester and execute it, it passes the TW / Win7 firewall. It is not even seen in the TW Connections window. If that option is checked, the local proxy hole is not open for it and the "malware" that connects to remote TCP port 80 does not get out.

A few firewall tricks how that port 80 malware cannot get out without that settings help, using kerio 2.1.5 firewall:
1. Disable general "any application" loopback rule in a firewall. and make browser specific loopback rules to the webshield ports, or
2. like here: allow general loopback rule, that though excludes the webshield proxy ports, http://www.wilderssecurity.com/showpost.php?p=796744&postcount=13
and then make loopback rules for the browsers to the webshield ports, http://www.wilderssecurity.com/showpost.php?p=796747&postcount=14
Notice also the webshield rules.

This stuff of course a bit too much anal but could be maybe in theory implemented also to to TW -> Win7 rules I guess.

A false positive report has been submitted to Avira. If anyone is still having doubts while it gets re-analyzed, I encourage you to scan TinyWall using VirusTotal.com. It gets zero detections from 40 antivurs software.

Jarmo P:
I highly doubt the no 'No cable connected' problem you have described is related to TinyWall, I'd even go as far as saying it is impossible. TinyWall does not touch any system settings except for the Windows Firewall, and even for that it only manipulates rules. There are no drivers installed or hooks that intercept user logon/logout events etc. . The worst error you can get with TinyWall is loosing internet connection (if it misconfigures the firewall), but that is not the same as the operating system not detecting a connected cable. To the best of my knowledge.

Avira's Webguard passed my attention, it should be added to the default allow rules upon installation just as it is done with Avast's Webshield. Though that means programs will be able to bypass the firewall, but at least you won't loose connection for no obvious reason.

Unfortunately this is one of the few limitations of the Vista/Win7 Firewall, it does not allow filtering traffic over the loopback connection, so I won't be able to solve this alone. MailWasher and AdMuncher are also similar products affected. For all these applications, you have to choose between the web protection of these software or the protection of TinyWall. I simply have no way around it. Thankfully, these shields can be disabled separately so for example you can still use the filesystem protection of virus scanners while disabling local proxying, should you decide to do so.

If the user still wants to have web protection, he could use Comodo DNS, Norton DNS, or Open DNS. Disable the webshield of Avast and enable the the other Avast shields. ;D. Now with that you still have the protection of Avast and the security of other company without the added overhead in using system resources of your computer. ;)

-{ Quote: "Unfortunately this is one of the few limitations of the Vista/Win7 Firewall, it does not allow filtering traffic over the loopback connection, so I won't be able to solve this alone. MailWasher and AdMuncher are also similar products affected. For all these applications, you have to choose between the web protection of these software or the protection of TinyWall. I simply have no way around it. Thankfully, these shields can be disabled separately so for example you can still use the filesystem protection of virus scanners while disabling local proxying, should you decide to do so.
" }-
Yes, that is for me a very possible choice, I have my browser always Sandboxied. Don't know how good that Avast web shield's white listing is.

Could have been that there was somethig wrong with my Avira installation, anyways I am not going back.


About adding some program which need some Autolearn perhaps, and how good or bad it is:

I play fixed limit small stakes poker, so I have been trialling Holdem Manager 2 program. There was found by google search following.

-{ Quote: "General Firewall Troubleshooting

Most firewalls provide the ability to grant certain programs varying levels of Internet access called exceptions. Exceptions deviate from “general” firewall rules. Do this by configuring the firewall and locating a section called “Program Control”, “Process Control”, “Application Control” or something along those lines.

For registration issues or problems with Holdem Manager connecting to the PostgreSQL database, it is imperative to allow FULL Internet access for the following five processes:

C:\Program Files\Holdem Manager 2\HoldemManager.exe
C:\Program Files\Holdem Manager 2\HudFuncsApp.exe
C:\Program Files\Holdem Manager 2\HMUpdate.exe (available only during an update)
C:\Program Files\PostgreSQL\8.x\bin\pg_ctl.exe
C:\Program Files\PostgreSQL\8.x\bin\postgres.exe


Add exceptions to the firewall to allow the four programs listed above FULL Internet access. Then restart the computer for the changes to take place.

Once restarted, there should no longer be any type of firewall issues which prevent Holdem Manager or PostgreSQL from operating properly." }-

Problem was the correct path informations were 'Program Files (x86)' and 'PostgreSQL\bin' and myself not knowing any about Windows 7, so I rather resorted to TW Autolearn mode. It gives "server rights" to all those programs. I doubt they all need that and some traditional popup firewall could have been more specific. The Holdem Manager 2 program i ran from my limited account using "run as admin" or how ever it is spelled in english language Windows and it seemed to learn without any difficulties.

Only 'C:\Program Files\Holdem Manager 2\HMUpdate.exe' could not be found even if I tried manually update the program. I tried to 'Add application -> Browse for file' and put another file. but it could not be manually edited? So I'll have to resort to Autolearn another time

Perhaps the unnecessary incoming rights are not so bad since these programs usually are not capably to act as server who dont need them, I think.

-{ Quote: " ( ... ) MailWasher and AdMuncher are also similar products affected. ( ... )" }-
It seems you can also add AdFender for these kind of app..

-{ Quote: "Whoops, confirmed. Fix comes soon." }-

Has VPN been fixed yet? Have to use 1.92 for now.:'(

I'm really starting to like and admire your work Karoly in TinyWall and I think this is a keeper for me. It works and you can be sure it is basic Windows 7 you are running and your applications you use, which is what computers are made of.

For some people here in wilders, the computers are for running security stuff and and even if they never get a single virus in their system, their are so paranoid that they go to leaktests. And compare what system hardens their computer against anything best. Finally they go to something like Comodo lool.

See, in my XP times i was quite a bit interested in the security progs, obsessed I could say. Started with Sygate (actually in windows 95 times i think), which was easy well behaved traditional firewall and a good learning. Then kerio 2.1.5 which satisfied my nerdy wishes more than maybe any other security product. Tried a few traditional HIPS, first one almost was too hard to get rid of, dont remember its name. Then SSM, with oh so many popups. Finally ProcessGuard free, which was a good program actually if you wanted to know what programs started but not too many popups.

But no, i was not happy with my system working well with Sygate or kerio 2.1.5 and PG and my well behaved security apps running me. Had to try Kerio 4 versions, all with blue screens or loosing internet connection. And then Comodo, slowing my system down etc. Was many years ago, so not same as the current thread of its problems or users problems I was laughing to read today. Well a few antimalware scanners too and SpywareBlaster

In final days of my XP I became a sound user and only Sygate and Sandboxie and them not much running me anymore.

So I got my Windows 7 laptop last december. And thought: First Norton security system trial away and then: This computer NEVER gets a second party firewall. It gets Sandboxie and a free antivirus and thats it.

Your work is perfect for people who want their firewall check the outbound connections too and not totally happy with windows firewall. Perfect too for old geeks like me lol.

EDIT
I noticed you have avast! Antivirus in 'Special Extensions'. I checked the Windows firewall rules and I think did not see anything else except avastsvc.exe there. For the updates to work, avast.setup needs be there too. I had to put TW a few times in the learning mode before it got it.

Jarmo P:
Autolearn gives full rights to unknown applications at the moment to ensure that an auto-learned application will work for sure even if it uses randomized ports. But yes, basically it can be made more secure without loosing functionality. I'll see if I can make it more secure for 2.0 (depends on how much changes it needs, if the risk of introducing new bugs is too high, I'll leave it for later).

I couldn't fully understand your other problem with Holdem Manager, can you try formulating it once more please?

Seven64:
About fixing VPN, I'm a bit short on spare time these days (and I'm doing TinyWall in my spare time) but I'll try to make a fixed release soon.

I mean't it would be great if it is possible with Autolearn mode to differentiate between allowing outgoing and incoming listening connections instead both as I see now. The ports I could not care less in a firewall control designed for basic users in a learning mode.

The Holdem Manager was just a story Karoly I wanted you hear. Keep on the good spare time work in this, think it already is fine as it is I think.

For "smart" learning mode I agree with Jarmo, the ports don't matter, just the IPs/domains. e.g. if Microsoft Excel likes to connect to www.microsoft.com this would be fine with me no matter what the port.... but if some script later makes it connect on the same port but to www.virus.ru, we'd have a problem :)

-{ Quote: "If the user still wants to have web protection, he could use Comodo DNS, Norton DNS, or Open DNS. Disable the webshield of Avast and enable the the other Avast shields. ;D. Now with that you still have the protection of Avast and the security of other company without the added overhead in using system resources of your computer. ;)" }-

I was under the impression that Avast's web shield was for scanning files as they download. Would a different DNS replace that?

It would be nice to post the progress of TinyWall, either positive or negative.
Thanks.

Sorry for no updates in a long time. This week I had my most difficult exam in my whole studies (I'm at the end, pretty much all that's left is my final thesis) and I was occupied by learning for it. Add that to my other mandatory responsibilities that I have in my student-organization, and I had zero time (or more like negative) left.

Anyway, that stress is now over and the RC shouldn't be long due. The only thing "in the way" is me going home for the weekend, but I might be able to solve even that. (I do have a laptop but the development environments on my laptop and on my main computer have diverged quite a bit).

So to sum up, stay tuned... :D

Thx for your reply, myself I am like wtf when ever something changes in my life. But if you absolutely must then keep them adjustments Karoly, we love you!

Jarmo

Good luck for your exam :)

Good luck! It's one reason why I don't join organizations in my university, it takes away my time, ;D

Hello Everybody!

Here are the fruits of my latest work. Changelog for 1.9.5 follows.

- Avoid unnecessary inbound rules while auto-learning
- Do not create firewall exceptions for local communication while auto-learning
- Profile updates for antivirus software
- Memory savings and faster rule merging in service
- Fix: Broken VPN support
- Fix: Accessability issues

The VPN fix has been long due but there are also some other interesting changes. First of all, the memory usage improvements are impressive in this build, I've managed to shave off almost 5MB of dynamic memory usage. Two other changes improve the security of auto-learned rules. First, inbound rules are only created if an app actually received an inbound connection request, otherwise it will be learned as outgoing only. This improves security of applications that act only as clients. Second, since Windows Firewall is incapable of filtering local-to-local connections anyway, TinyWall will not create exceptions anymore for applications whose both communication endpoints are on the local machine. This means applications will not get exceptions if they are not trying to get out of the machine even if they communicate over the network stack, which makes sense. This also improves security.

The last thing is, there has been some changes to improve support for accessability, like better support for screen readers, making sure that everything is accessible using keyboard-only, correcting tab-order and so on. The reason is, I've received note that unlike other firewalls, TinyWall can be used very well for example by blind people, but there were still a few things to be adjusted to make it even better in this respect. So I am now announcing that I intend not to forget these users and I will try to keep TinyWall accessible to them in the future.

To update to the latest version, get it from http://tinywall.pados.hu/download.php (bottom of page). If you are using 1.9.3 or newer you can just install the new one and it will update while keeping your settings. If you use a pre-1.9.3 version, be absolutely sure that you've uninstalled it first before installing this one. Starting from the *next* version, I am enabling automatic updates.

Update (Vpn) working fine, thanks.
Question, setting browser for maximum security (Http(s) client) is this correct? ???

-{ Quote: "Question, setting browser for maximum security (Http(s) client) is this correct? ???" }-

Yes, that should be fine for most websites, assuming you are not using some kind of proxy or tor. You might also get some problems on a small number of streaming-media sites. But unless you see problems, the settings you show are a very good starting point.

What about PeerBlock, what ports is "Out TCP *"

Thanks.

-{ Quote: "What about PeerBlock, what ports is "Out TCP *"

Thanks." }-
An asterix means "all ports". So your picture means that peerblock is allowed to make outgoing TCP connections to all ports.

-{ Quote: "To update to the latest version, get it from http://tinywall.pados.hu/download.php (bottom of page). If you are using 1.9.3 or newer you can just install the new one and it will update while keeping your settings. If you use a pre-1.9.3 version, be absolutely sure that you've uninstalled it first before installing this one. Starting from the *next* version, I am enabling automatic updates." }-

I had some problems with Avast sandboxing the tinywall.exe. I downloaded the file and excuted it. Then tinywall.exe or something got put into a sandbox. Then i repaired the install from control panel. But no tinywall icon. So i removed the Tinywall from windows control panel and installed again, this time no problems.

Now it seems to work great :) There is no cumulative damage done I hope?

I noticed there was also the update button on 1.9.4 Manage/Maintenance panel, but is that for the program update or some white listing updates?

Hi, I have being using today the latest version 1.9.5, I have noticed that the learning mode create the rules always allowing all the traffic.
I would be nice if the learning mode would be able to create the specific rules allowing only the connections that the programs have established during the learning mode period.
It's this possible?

what the option "promt for exception details" does?"

When you whitelist something, instead of using the default rule, a window will pop-up for you to "fine-tune" the rule.

-{ Quote: "I had some problems with Avast sandboxing the tinywall.exe. I downloaded the file and excuted it. Then tinywall.exe or something got put into a sandbox. Then i repaired the install from control panel. But no tinywall icon. So i removed the Tinywall from windows control panel and installed again, this time no problems.

Now it seems to work great :) There is no cumulative damage done I hope?

I noticed there was also the update button on 1.9.4 Manage/Maintenance panel, but is that for the program update or some white listing updates?" }-

There shouldn't be any "cumulative damage". Sanboxing should prevent exactly that :D In general, trying to sandbox a security app is always a bad idea. But a reinstall outside the sandbox should solve it.

-{ Quote: "Hi, I have being using today the latest version 1.9.5, I have noticed that the learning mode create the rules always allowing all the traffic.
I would be nice if the learning mode would be able to create the specific rules allowing only the connections that the programs have established during the learning mode period.
It's this possible?
" }-
That's a very old option. It will make TinyWall pop up the exception's settings dialog whenever you whitelist something.

-{ Quote: "Hi, I have being using today the latest version 1.9.5, I have noticed that the learning mode create the rules always allowing all the traffic.
I would be nice if the learning mode would be able to create the specific rules allowing only the connections that the programs have established during the learning mode period.
It's this possible?
" }-
No, not possible. TinyWall as of 1.9.5 will create two kinds of auto-learned rules. For programs that do not accept connections it will allow only but any outbound traffic, for programs that have also been connected to during learning mode it will also allow incoming traffic. There is no possibility to create stricter rules based on ports, remote machines etc in the learning mode.

-{ Quote: "When you whitelist something, instead of using the default rule, a window will pop-up for you to "fine-tune" the rule." }-

Make sure "prompt for exception details" is disabled in the options.

I've passed the exam! Thank you for wishing me good luck! :D

Congratulations :)

-{ Quote: "For programs that do not accept connections it will allow only but any outbound traffic, for programs that have also been connected to during learning mode it will also allow incoming traffic." }-
Windows Firewall contains already pop-ups for relevant software in case they need inbound connections. Like Skype, Internet Explorer, uTorrent, etc. You should not create inbound rules for any of the programs. 98% of the programs that a user uses will not even require inbound connections to be allowed. Why should an application to be opened to connect to it from outside ?

-{ Quote: "Windows Firewall contains already pop-ups for relevant software in case they need inbound connections. Like Skype, Internet Explorer, uTorrent, etc. You should not create inbound rules for any of the programs. 98% of the programs that a user uses will not even require inbound connections to be allowed. Why should an application to be opened to connect to it from outside ?" }-

First, this only happens in the auto-learning mode, so it is not the default behavior of TinyWall. The goal of this learning mode is to make sure that programs that want to access the internet work correctly, so creating inbound rules is a must for server programs. When entering the learning mode, users already get a warning dialog about the dangers of this mode.

Second, when TinyWall is installed, there are no firewall popups at all. So you cannot argue that Windows Firewall already has popups for this case.

Third, it is still more secure than the Windows Firewall popup, because Windows Firewall wants to create an inbound rule whenever an application starts listening for connections. TinyWall will ony create inbound rules if there has actually been at least one inbound connection. TinyWall will not create inbound rules if an application listens without actually receiving at least one connection.

-{ Quote: "First, this only happens in the auto-learning mode, so it is not the default behavior of TinyWall. The goal of this learning mode is to make sure that programs that want to access the internet work correctly, so creating inbound rules is a must for server programs. When entering the learning mode, users already get a warning dialog about the dangers of this mode." }-
Yes, for programs that want to access the internet. Not for programs from internet that tries to access your computer.
-{ Quote: "Second, when TinyWall is installed, there are no firewall popups at all. So you cannot argue that Windows Firewall already has popups for this case.
" }-
But, why would need TinyWall accepting inbound connections to my computer ?
-{ Quote: "
Third, it is still more secure than the Windows Firewall popup, because Windows Firewall wants to create an inbound rule whenever an application starts listening for connections. TinyWall will ony create inbound rules if there has actually been at least one inbound connection. TinyWall will not create inbound rules if an application listens without actually receiving at least one connection." }-
Svchost.exe listens a lot and receives hundreds of inbound connections. Will you automatically create an inbound rule to allow everything for svchost.exe ? How do you handle with this case ?

In my opinion, creating inbound rules is a wrong thing. Even torrent clients don't require inbound rules for them. It is the developers task to design their applications to fit with Windows and also with Windows Firewall.

I have a question. If the rules list is blocked and the rules cannot be deleted or modified from WFwAS, when you install a new program, like uTorrent which have a checkbox where users allows it to auto register itself to Windows Firewall, this installer can register a new rule or it is denied by TinyWall ?

Nice work with TinyWall. It is good to have competition. :)

-{ Quote: "Yes, for programs that want to access the internet. Not for programs from internet that tries to access your computer." }-
What I meant is, for programs that want to use the internet, in some way. You might want to have a XAMPP installation, for example. Web servers do not work without incoming connections. Same is true for a lot of other programs, some chat protocols, multimedia gaming servers and so on.

-{ Quote: "Svchost.exe listens a lot and receives hundreds of inbound connections. Will you automatically create an inbound rule to allow everything for svchost.exe ? How do you handle with this case ?
" }-

svchost belongs to the category of "Special Exceptions" and TinyWall will not learn exceptions for it. TinyWall will not learn rules for programs that have special exceptions, so it will not automatically create inbound (or outbound) rules for svchost.

-{ Quote: "In my opinion, creating inbound rules is a wrong thing. Even torrent clients don't require inbound rules for them. It is the developers task to design their applications to fit with Windows and also with Windows Firewall." }-

Although I agree in theory, in the real world there are many programs that do not work without inbound connections. TinyWall must make sure that it is easily possible to use any kind of program. Torrent clients are also affected, even if they work when inbound connections are denied, you will usually get higher download speeds if you allow incoming connections. But many programs need incoming connections to even basically work.

Anyway, a user can visit the list of exceptions after auto-learning and remove inbound rights and make rules tighter. This is still much more easier than creating the rules from scratch in the first place.

-{ Quote: "
I have a question. If the rules list is blocked and the rules cannot be deleted or modified from WFwAS, when you install a new program, like uTorrent which have a checkbox where users allows it to auto register itself to Windows Firewall, this installer can register a new rule or it is denied by TinyWall ?
" }-
It can register the new rule but it will be immediately removed by TinyWall after that. There are a few milliseconds of an open time-window before the new rule is removed.

The latest beta seems pretty good to me. I guess I can make the next release the final 2.0. There is just a single bug report to investigate.

The new version is running good. It seems the rules are to loose by allowing * Outbound. Why cant you have the tighter rules (Http (S)) by default, and the * Outbound as second choice?
Now I have to delete everything found by TW and set tighter rules.

-{ Quote: "I like the idea to create a checkbox that puts the learning mode into a more strict operation though. Auto-learning on a specific application is also an interesting idea." }-

Just thought I'd jog your memory on this feature request. This will be a kind of holy grail I think, getting the best out of usability and security. Still planning to implement it?

I got a new connection. It has an USB stick connection that does not have a router. So I noticed it needed totally new rules than my former cable connection.

Witn my new internet connection i have also a a new cable modem connection. And TW now shows "Current zone: Public" after i answered to some prompt.

I am not knowing if the new cable modem is in a router mode or if it even has one. But if so, should the zone be private instead?

I'm looking for a firewall that blocks ads and malicious IP addresses but allows some configuration. Will this added to windows firewall do that?

-{ Quote: "I'm looking for a firewall that blocks ads and malicious IP addresses but allows some configuration. Will this added to windows firewall do that?" }-
No, but it does have an option to use a hosts file that has your needs.

-{ Quote: "No, but it does have an option to use a hosts file that has your needs." }-
thanks for the info - I'm looking for a firewall that can blacklist sites automatically from updates

-{ Quote: "I'm looking for a firewall that blocks ads and malicious IP addresses but allows some configuration. Will this added to windows firewall do that?" }-

I use PeerBlock to block "ads and malicious IP". Plus it can block some or all the countries that you want, with Tinywall it's a sweet combination.

-{ Quote: "I use PeerBlock to block "ads and malicious IP". Plus it can block some or all the countries that you want, with Tinywall it's a sweet combination." }-

that's the combo i'm running at present - runs real well on win server 2008. this is a nice little firewall :)

Suggestion, in the application exception window, show the rule next to the program. Thanks.

There seem to be an issue where the computer cannot connect to some WLANs if TinyWall is installed and the latest Windows updates are applied. I can reproduce the problem but I am unable to find what I need to whitelist. If I whitelist svchost.exe as whole it works fine again, but of course I want to find the specific service that is responsible for it (instead of having to whitelist basically all Windows services). Has anybody has any clues what needs to be whitelisted? This is a must-fix/figure-out before a release is made. :(

-{ Quote: "thanks for the info - I'm looking for a firewall that can blacklist sites automatically from updates" }-
TinyWall will keep your hosts file automatically up-to-date (once I re-enable the update server when releasing v2), but PeerBlock is surely a much more sophisticated solution. PeerBlock is able to block more hosts because it works completely differently and it also allows you selectively use certain/multiple lists. Its lists are also updated more often.

The hosts-based solution of TinyWall is a generic solution that will perform well without compromises, but for advanced users or security enthusiasts I definetely recommend PeerBlock. TinyWall and PeerBlock supplement each other very well.

I know you are busy, but I hope you release the new version soon. MVPS HOSTS has been [Updated May-23-2012]. :)

-{ Quote: "There seem to be an issue where the computer cannot connect to some WLANs if TinyWall is installed and the latest Windows updates are applied. I can reproduce the problem but I am unable to find what I need to whitelist. If I whitelist svchost.exe as whole it works fine again, but of course I want to find the specific service that is responsible for it (instead of having to whitelist basically all Windows services). Has anybody has any clues what needs to be whitelisted? This is a must-fix/figure-out before a release is made. :(" }-

i was testing/configuring multiple APs yesterday and encountered an issue where it would hang on "identifying", then classify the network as "public" and fail to grab an IP via DHCP - is this the same issue you're talking about?

-{ Quote: "i was testing/configuring multiple APs yesterday and encountered an issue where it would hang on "identifying", then classify the network as "public" and fail to grab an IP via DHCP - is this the same issue you're talking about?" }-

If it works again correctly when TinyWall is in Disabled mode (grey icon), then yes, it seems to be the same issue. If you are not worried about Windows' own services accessing the internet, then the easy workaround for now is to whitelist svchost.exe.

-{ Quote: "There seem to be an issue where the computer cannot connect to some WLANs if TinyWall is installed and the latest Windows updates are applied. I can reproduce the problem but I am unable to find what I need to whitelist. If I whitelist svchost.exe as whole it works fine again, but of course I want to find the specific service that is responsible for it (instead of having to whitelist basically all Windows services). Has anybody has any clues what needs to be whitelisted? This is a must-fix/figure-out before a release is made. :(" }-

I think this is solved now - couldn't sleep, so I played the WLAN/TinyWall/Services/Process Hacker juggling game.

Short version: disconnect from WLAN (gets you to public profile management in TinyWall.) Create a new exception for TCP/IP NetBIOS Helper (lmhosts) and allow outgoing UDP and TCP traffic. Do not restrict it to local network. At least for me, I can now connect to my router and have the network identified immediately. Interesting part is that this rule is required even if you disable the lmhosts service. ???

Longer version: Without the rule in place, the connection process stalls after attempting to talk netbios with the router:
Connection history
-----
UDP 68 0.0.0.0 67 255.255.255.255 Out
IGMP 0 192.168.1.2 0 224.0.0.22 In
HOPOPT 0 224.0.0.22 0 192.168.1.2 In
UDP [53533] 192.168.1.2 5355 224.0.0.252 In
HOPOPT 5355 224.0.0.252 [53533] 192.168.1.2 In
[port 53533 varies, is a dynamic port]
UDP 137 192.168.1.2 137 192.168.1.1 In
HOPOPT 137 192.168.1.1 137 192.168.1.2 In
UDP 137 192.168.1.1 137 192.168.1.2 In
HOPOPT 137 192.168.1.2 137 192.168.1.1 In
...zZz... then finally DHCP offer comes through!
UDP 68 192.168.1.2 67 255.255.255.255 Out

If you disable lmhosts, the system process seems to take on the port 137 communication process, but you still need the lmhosts exception. I tried a rule that allowed in/out TCP/UDP traffic for lmhosts only on port 137 with no success, though I'm not sure why it didn't work. Someone else want to try adding the exception to their public TinyWall ruleset and see if that helps?

Edit: whoops, didn't think the attachments would be inline.
Connection list without the rule in place (http://img6.imageshack.us/img6/9023/prerulewifidelay.png)
Rule added, lmhosts service set to Automatic (http://img826.imageshack.us/img826/2654/postrulelmhostsenabled.png)
Rule added, lmhosts service disabled (http://img256.imageshack.us/img256/5218/postrulelmhostsdisabled.png)
Working exception config (http://img151.imageshack.us/img151/9923/rulesuccess.png)
Failed rule attempt #1 (http://img228.imageshack.us/img228/7094/rulefail1.png)
Failed rule attempt #2 (http://img36.imageshack.us/img36/92/rulefail2.png)

-{ Quote: "If it works again correctly when TinyWall is in Disabled mode (grey icon), then yes, it seems to be the same issue. If you are not worried about Windows' own services accessing the internet, then the easy workaround for now is to whitelist svchost.exe." }-

gotcha - that worked w/my laptop connecting to a VPN gateway AP at work.

-{ Quote: "I think this is solved now - couldn't sleep, so I played the WLAN/TinyWall/Services/Process Hacker juggling game. ...
" }-

Wow, that really seems to be it. I can confirm (that at least on my laptop) this solves the issue. I'd never have thought that it is because of this service (even after seeing port 137) because NetBIOS over TCP is disabled on my computer - not the service itself, but in the TCP/IP adapter configuration dialog. Anyway, this seems to work.

TECHNICAL RANT:
As a side note, you mention that it does not work if you only allow outgoing. For me, it already works if I allow *only* UDP outgoing packet. Which is strange enough alone, because I can hardly imagine that UDP packets are usefull (in this scenario) without being able to receive any replies. But wait, it gets stranger! I started cross-referencing the default exceptions of the factory-default Windows Firewall, and the lmhosts service is not whitelisted anywhere. Port 137 is whitelisted, but for "System", not for any service specifically. WTF?

And here's a second, even bigger WTF! lmhosts really must not be restricted to the local network, so it obviously is not needed to talk to your router (which is on the local net). So what is it for? Also of note, that this problem/issue only seems to exist since the Windows Updates of last month, so this is some newly introduced behavior. And, as noted both by sysinfo and me, it even exists if the service is disabled, either shut down completely or in configuration.
END OF RANT

Either way, although I'm pretty convinced that MS has done some messy things in their last updates, I cannot do anything but live with it and make a default special rule in TinyWall for it.

The only thing left to figure out is the minimum amount of privileges needed. For me it works if I give it UDP out only, but sysinfo reports that more is needed. Could you make some more tests maybe?

-{ Quote: "The only thing left to figure out is the minimum amount of privileges needed. For me it works if I give it UDP out only, but sysinfo reports that more is needed. Could you make some more tests maybe?" }-

Ok, now I think it's fixed - here's hoping. I hadn't tried "*" for UDP out, and that does work. I did some tests with different port ranges, and you have to allow Out UDP on port 67 for the lmhosts service. "But that's a DHCP port!" (well, that's what I said anyway.) And yes, it is but it's what lmhosts needs. I had only tried port 137 before since that's the netbios talk port. Why it works this way, I have no idea. Also, I think that maybe it needs to not be restricted to the local network because at the start of the connection process, you have no IP so the firewall sees the DHCP connections as 0.0.0.0 talking to 255.255.255.255?

Whatever the case, the rule below works now for me and seems to be the least privileged exception.

LMhosts UDP rule (http://img214.imageshack.us/img214/4281/workinglmhosts.png)

Edit: maybe found the cause of the change as well: Microsoft KB2688338 (https://technet.microsoft.com/en-us/security/bulletin/ms12-032) from May 8th, changed how Windows Firewall handles outbound broadcast packets. (CVE entry (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0174))

Is it possible for you to make a rule/option to block all Internet traffic unless you are connected to your VPN? This link shows instructions:
http://practicalrambler.blogspot.com/2011/05/how-to-block-all-internet-traffic.html

Hi sysinfo,

When I wrote earlier about MS having done some messy things in their recent updates, I have to take that back, because now it makes perfect sense. I should have figured this one out by myself, but I didn't put enough time into investigating it. Instead you invested your time and I am very thankful to you for that.

-{ Quote: "Is it possible for you to make a rule/option to block all Internet traffic unless you are connected to your VPN? This link shows instructions:
http://practicalrambler.blogspot.com/2011/05/how-to-block-all-internet-traffic.html" }-

Hi, this is currently unlikely to happen.

-{ Quote: "I would be nice if the learning mode would be able to create the specific rules allowing only the connections that the programs have established during the learning mode period.
It's this possible?
" }-

-{ Quote: "No, not possible. TinyWall as of 1.9.5 will create two kinds of auto-learned rules. For programs that do not accept connections it will allow only but any outbound traffic, for programs that have also been connected to during learning mode it will also allow incoming traffic. There is no possibility to create stricter rules based on ports, remote machines etc in the learning mode." }-

I think this is the same idea that we discussed a month or two ago:

-{ Quote: "I like the idea to create a checkbox that puts the learning mode into a more strict operation though. Auto-learning on a specific application is also an interesting idea. Unfortunately I have already delayed the current release a lot, and I must say "stop" to new features at some point or else I'm never going to make a public release. Be prepared to see some of your ideas in a post-2.0 version though. The toughest part of these features is to find a good balance between user-friendliness and security.
" }-

Did you mean, it's not possible in the current version, or not actually possible/feasible to implement at all? I am really hanging out for something with this feature :(

-{ Quote: "Did you mean, it's not possible in the current version, or not actually possible/feasible to implement at all? I am really hanging out for something with this feature :(" }-

I meant it is not possible in the current version. Technically it sure is possible, but don't hold your breath. Now that TinyWall only creates inbound rules when necessary, this is not high on my todo-list right now.

I'm pretty excited so I'm just going to take a deep breath, close my eyes and say it bravely...

TINYWALL 2.0 IS RELEASED! (http://tinywall.pados.hu/download.php)

It came 3.5 months later than I originally planned, but frankly, I'm glad it did. I mean, there was a good reason for the delay, many bug fixes, new features, redesigns and so on, and all this good stuff wouldn't have gone into 2.0 if I had been "punctual". Of course, it's all thanks to you. I mean the whole community, this forum, other forums, the e-mails I received and many other people that have unwaveringly tested and reported issues and wishes. And I cannot stress enough how thankfulll I am to all of you. Because 1.0 of TinyWall has been downloaded over 36.000 times, and this is not even counting all the sites that worked around my download-counting link! So thank you, and I especially thank the community on this forum, being the most helpfull of all.

Now that I managed to hype up all of you, I must admit there is not much new in this release IF you were already using the latest beta. But it does fix the most recently reported connectivity issue when KB2688338 is installed (which is pretty important), it improves a bit on accessability and there is also a French translation thanks to EboO. Additional languages are gonna pop up in future updates (German and Hungarian were promised too, but I'm still waiting for them). But, and a big but, FYI and for all who didn't follow the development process, here is a nice and complete list of all the new features and enhacements in 2.0 compared to version 1: http://tinywall.pados.hu/docs/whatsnew.html

So, you might be asking, what's next? I guess as more people start using 2.0, some minor issues will pop up, so I'm gonna wait and see first, and fix them in small incremental updates like I did with the first version. Then once things are calm, I'll start working on the next major update. Because, just to let you know, I'm still full of ideas and I have lots of fun things on my mind that didn't make it into 2.0. What will it be called? 2.1? 3.0? Who knows, but TinyWall will keep on improving.

Great job !

More than 36000 donwload is really nice, long life to Tinywall :)

There are malicious programs that use scvhost to connect, are these blocked, or allowed?

-{ Quote: "There are malicious programs that use scvhost to connect, are these blocked, or allowed?" }-
svchost ist generally blocked. Only some special services of svchost are allowed, like the dns or dhcp client (see special exceptions dialog in TinyWall). Most other services of svchost, or svchost not running as a service are blocked.

-{ Quote: "svchost ist generally blocked. Only some special services of svchost are allowed, like the dns or dhcp client (see special exceptions dialog in TinyWall). Most other services of svchost, or svchost not running as a service are blocked." }-

Ok, thanks.

-{ Quote: "Thanks for the reply. Are you saying if a bad program uses svchost it will get through, no way to stop it?" }-

svchost can run as many different services. If the virus infects a non-whitelisted service of svchost, it will stay blocked. But if it infects the dhcp service, for example, it will get through.

But there isn't any other firewall that can stop viruses that infect legitim processes, unless the port or the domain of the virus is blocked. No firewall can stop viruses that infect good programs. Some HIPS software might prevent processes getting infected, but they don't stop infected processes. However, your antivirus should stop or recognize such infections. This is one reason why it is important to use both a firewall and an antivirus software.

But let's say you don't use an antivirus, and your virus somehow manages to get admin privileges (which is required to infect svchost). Even then it might be stopped, if it happens to use a port or domain blocked by one of TinyWall's port or domains blocklists. So by enabling blocklists in TinyWall, you can increase security even in case of infections. Also, TinyWall restricts many svchost services to the local network. For example, even if the dhcp service gets infected, it would bever be able to reach the internet with TinyWall, because TinyWall restricts dhcp to the local network.

-{ Quote: "svchost ist generally blocked. Only some special services of svchost are allowed, like the dns or dhcp client (see special exceptions dialog in TinyWall). Most other services of svchost, or svchost not running as a service are blocked." }-

I was concerned about a program calling home using the backdoor.
We posted at the same time, thanks for the additional info.
I am learning, so excuse me if I ask to many questions.

Great job Ultim! I love this nonintrusive FW. My favourite is the "whitelist by window" simply genius imo.
Only have one minor problem though.
Tinywall needs to be turned off when logging in with OpenVpn. Doesnt seem to learn on learn mode or whitelisting the executable. No biggie really since once connected I can enable TinyWall again.

*edit*

Forgot I had the beta version when I wrote the above. I have now upgraded to the live version and the OpenVpn issue is gone. TW learns the rules once and after that I can connect with OpenVpn with Tinywall enabled on "normal". :thumb:

This the first time i am using, i have blocked apps based on my choice....What i wanted to know that does it protect the PC on its own or depends on windows FW and it just serves as a controller?

-{ Quote: "This the first time i am using, i have blocked apps based on my choice....What i wanted to know that does it protect the PC on its own or depends on windows FW and it just serves as a controller?" }-
It depends on Windows Firewall. It is just an interface which helps you to easily configure WFwAS.

-{ Quote: "It depends on Windows Firewall. It is just an interface which helps you to easily configure WFwAS." }-
ok, thanks

The first independent review of TinyWall 2.0 is already out: http://www.davescomputertips.com/2012/06/tinywall-the-best-thing-since-sliced-bread/

Please allow me to cite the last paragraph:-{ Quote: "
So, do I believe TinyWall is indeed the best thing since sliced bread? Well, that’s a very bold statement but – in terms of added security combined with the sheer brilliance of its effective simplicity – it sure comes close. Would I recommend TinyWall… heck yes!! Anyone looking for a light, simple and effective way to enhance overall protection should certainly check TinyWall out – TinyWall is now a permanent part of my security arrangements. " }-

Blocklists is a security feature & enhancement over windows fw, so why it is disabled by default? Majority of users dont change the settings so I think this is an important feature & should be enabled by default.

There are 3 options to whitelist an app, whitelist by processes, executables & window. Which one is the best/comfortable or recommended option for majority of users? And I think it would be good if that option has the word Recommended in bracket.

I dont know what are the different effects of the 3 options & hope any apps will work with any options chosen. Just would like to know what would be the best order to apply the options i.e for ex - one should try first whitelist by window, if any prob then try executables & if any prob try processes. What would be the best order to apply options?

-{ Quote: "Blocklists is a security feature & enhancement over windows fw, so why it is disabled by default? Majority of users dont change the settings so I think this is an important feature & should be enabled by default." }-

Blocklists are disabled by default, because there are some theoretical (non-security) dangers. The ports blocklist might prevent legitim applications to function properly, while the hosts file might slow down the computer. If the user has to enable these manually, in case of problems it will be clear for him what settings are responsible. I might enable blocklists by default in a future version though, I have already though about it.

-{ Quote: "There are 3 options to whitelist an app, whitelist by processes, executables & window. Which one is the best/comfortable or recommended option for majority of users? And I think it would be good if that option has the word Recommended in bracket." }-

There is no best method. All three do exactly the same thing, the only difference is personal preference or comfort. For most users, "Whitelist by window" is probably the most comfortable, but there are some rare cases where it will not work. The other methods are not worse in any other way though. For "Whitelist by process" you might only see a portion of the processes in the list if TinyWall's controller is not running elevated. "Whitelist by executable" can always be used, but is probably the least comfortable because you have to manually navigate through your filesystem and you also need to know which executable started a process. But the one and only difference between the three methods, if you can use all three, is comfort. The catch is that you are not always able to use all three (as described above).

Is the TinyWall site down? I keep getting this message:

This page intentionally has nothing but text
explaining why this page has nothing but text
explaining that this page would otherwise have been left blank,
and would otherwise have been left blank.

Would like to look it over but no joy at this time.

@focus

You can download from here: http://www.softpedia.com/get/Security/Firewall/TinyWall.shtml

http://tinywall.pados.hu/ works fine for me.

-{ Quote: "http://tinywall.pados.hu/ works fine for me." }-

Doesn't for me. I get the same thing as focus.

-{ Quote: "@focus

You can download from here: http://www.softpedia.com/get/Security/Firewall/TinyWall.shtml" }-

Thanks.

-{ Quote: "Is the TinyWall site down? I keep getting this message:

This page intentionally has nothing but text
explaining why this page has nothing but text
explaining that this page would otherwise have been left blank,
and would otherwise have been left blank.

Would like to look it over but no joy at this time." }-

You should only get that page for pados.hu. The URL for tinywall however is not pados.hu, but tinywall.pados.hu . Are you saying that you are visiting tinywall.pados.hu and you still get the same page as for pados.hu?

-{ Quote: "You should only get that page for pados.hu. The URL for tinywall however is not pados.hu, but tinywall.pados.hu . Are you saying that you are visiting tinywall.pados.hu and you still get the same page as for pados.hu?" }-

I get that page when I visit tinywall.pados.hu.

-{ Quote: "I get that page when I visit tinywall.pados.hu." }-
I guess the reason would be the missing https support on the site. Try it without a secure connection and it will work. I'll set up SSL support for tinywall.paods.hu a bit later, until then you'll need to ensure simple http.

-{ Quote: "I guess the reason would be the missing https support on the site. Try it without a secure connection and it will work. I'll set up SSL support for tinywall.paods.hu a bit later, until then you'll need to ensure simple http." }-

I actually just thought about that being the issue, thanks for confirming. BTW excellent app.

-{ Quote: "You should only get that page for pados.hu. The URL for tinywall however is not pados.hu, but tinywall.pados.hu . Are you saying that you are visiting tinywall.pados.hu and you still get the same page as for pados.hu?" }-

Yes, but after the further on SSL clues after my last post I found that if I disabled Https Everywhere the site loaded fine. Thanks.

-{ Quote: "I actually just thought about that being the issue, thanks for confirming. BTW excellent app." }-


why it's not signed

or is it signed and i'm doing something wrong ?

-{ Quote: "why it's not signed

or is it signed and i'm doing something wrong ?" }-

No particular reason, SSL was simply not configured for the website. Now it's done and should be working correctly over https too.

-{ Quote: "No particular reason, SSL was simply not configured for the website. Now it's done and should be working correctly over https too." }-

Working ok over HTTPS, thanks.

What happens when a program, which have access to the internet, is updated? Some firewalls shows popups after updating that the exe-file was changed because changing exe is a risk.

Werderforever

-{ Quote: "What happens when a program, which have access to the internet, is updated? Some firewalls shows popups after updating that the exe-file was changed because changing exe is a risk.

Werderforever" }-

Nothing happens. The current version of TinyWall (2.0) does not monitor program files for changes.

Many thanks for your reply. Is this feature planned in further Versions?

Another question, I have a big Problem with Tinywall. I cannot access my printer.

With beta all was okay, but not with relesed Version. Do you have an idea?

Werderforever

-{ Quote: "Many thanks for your reply. Is this feature planned in further Versions?
" }-

It has already crossed my mind, and even though this is not a definitive answer, probably no.


-{ Quote: "
Another question, I have a big Problem with Tinywall. I cannot access my printer.

With beta all was okay, but not with relesed Version. Do you have an idea?
" }-
I do not own a network printer, so unfortunately I have no experience with that.

Here are some ideas to get it to work:
1. Try the automatic learning mode. Enter learning mode, print one document, then switch back to normal mode. Printing should work now.
2. If some system services are involved in network printing, step 1. may not work. In that case, try to enable "File and printer sharing" in TinyWall's configuration, then try printing again.
3. If 1 & 2 fail, open the Connections window first, show blocked connections, then try to print once and look at what got blocked. At the end whitelist the blocked things.

Please let me know if and which of these steps worked.

Here is a small update, 2.0.1.

Changelog:
- Added Brazilian Portuguese and Japanese translations, fixes to French translation.
- Fix: Sporadic communication errors between TinyWall's controller and service.
- Fix: License file does not open from the settings window.
- Updated application database

As you can see, code changes are minimal. The two most important things are the translation additions and updates, as well as the application database update. 2.0.1 includes new or updated support for Google Drive, IE of Win8, Microsoft Outlook 2003-2010, Windows Live, Pidgin and CCleaner. Of course, if you have automatic updates turned on you will also get the new database without installing 2.0.1, but then it my take some days because TinyWall does not check very often for updates.

Sorry, that I have not described the problem with all details.:thumbd: Please excuse me!
I have had checked the steps 1,2 and 3 before I posted my problem and the problem still is there.


I have tested Tinywall on two other Computers in my home and they work perfectly with the Printer (Epson BX635FWD over LAN). But These Computers have Windows 7.
The problem occured on my PC with Windows 8 Release Preview.

Hope this Information helps

Werderforever

So you only have printing problems on Windows 8. I'll try to look into it, I have Win8 RP myself but I have no network printer as I have mentioned. It would certainly help me a lot if you could tell me what ports are blocked (and what processes) while you try to print. That would narrow down the possibilities. Remember to open the Connections window of TinyWall before you try to print.

Please take a look at the attachment. When I uninstall Tinywall (I have made it because I need the printer at the moment) it looks like the attachment.

With installed Tinywall I cannot see the inklevel because there is no connection.
I have allowed all Epson-Files during learning mode.

Werderforever

Tomorrow I test again!

-{ Quote: "Here is a small update, 2.0.1.
Changelog:
- Added Brazilian Portuguese and Japanese translations, fixes to French translation.
- Fix: Sporadic communication errors between TinyWall's controller and service.
- Fix: License file does not open from the settings window.
- Updated application database " }-

I guess I should have uninstalled first?
Now TinyWall is mention twice in the "Notifications Area Icons" No biggie, just wanted to let you know. Thanks for the update. :thumb:

-{ Quote: "I guess I should have uninstalled first?
Now TinyWall is mention twice in the "Notifications Area Icons" No biggie, just wanted to let you know. Thanks for the update. :thumb:" }-

That's just because of the tray area not being refreshed properly. Only one instance is running, if you hover over the old icon, it should disappear immediately. There is no need to uninstall 2.0.0 to install the update.

Hello,
Only 6 month old and the best firewall I see, Congrats!!
I will try to help to make TinyWall better and better by reporting bugs and etc.

Please keep the size tiny and Please do not bloatware this tiny, lovely Wall of protection ;)

Regards.

-----------------------------------

1- Ok, I saw "DevelTool", What is it exactly? What can I do with it? I have no idea!
2- Maybe a bug: I ran DevelTool to play with a bit and went to "Update Creator" tab then pushed that big "Create" button and error happens:
(My OS is Windows7 Ultimate SP1 x64)

233467

Here is error text:
See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.ArgumentException: The path is not of a legal form.
at System.IO.Path.NormalizePath(String path, Boolean fullCheck, Int32 maxPathLength)
at System.IO.Path.GetFullPath(String path)
at System.Diagnostics.FileVersionInfo.GetFullPathWithAssert(String fileName)
at System.Diagnostics.FileVersionInfo.GetVersionInfo(String fileName)
at PKSoft.DevelToolForm.btnUpdateCreate_Click(Object sender, EventArgs e)
at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ButtonBase.WndProc(Message& m)
at System.Windows.Forms.Button.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


************** Loaded Assemblies **************
mscorlib
Assembly Version: 4.0.0.0
Win32 Version: 4.0.30319.1 (RTMRel.030319-0100)
CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v4.0.30319/mscorlib.dll
----------------------------------------
TinyWall
Assembly Version: 2.0.1.0
Win32 Version: 2.0.1
CodeBase: file:///C:/Program%20Files/TinyWall/TinyWall.exe
----------------------------------------
System
Assembly Version: 4.0.0.0
Win32 Version: 4.0.30319.1 built by: RTMRel
CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Core
Assembly Version: 4.0.0.0
Win32 Version: 4.0.30319.1 built by: RTMRel
CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll
----------------------------------------
System.Windows.Forms
Assembly Version: 4.0.0.0
Win32 Version: 4.0.30319.1 built by: RTMRel
CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
Assembly Version: 4.0.0.0
Win32 Version: 4.0.30319.1 built by: RTMRel
CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.

When i try to update the software,here is what i got.Even elevated,the issue remains.Win Vista Premium x32.

Hi ultim,

some new information about the network printer problem. I have tried another Win7-PC and its the same problem. So I can say its not only Win 8 problem.

Allow outgoing = same problem
Disable Firewall = same problem
Uninstalling Tinywall = All is fine

But this not the solution. I want to keep Tinywall.

I have added two sreenshots. The three spool drivers beginning with "E" I have added. But in the connection screen I cannot see some of them.

Do you have a solution? Please let me know when you need additional info.

Werderforever

-{ Quote: "Hi ultim,

some new information about the network printer problem. I have tried another Win7-PC and its the same problem. So I can say its not only Win 8 problem.

Allow outgoing = same problem
Disable Firewall = same problem
Uninstalling Tinywall = All is fine

But this not the solution. I want to keep Tinywall.

I have added two sreenshots. The three spool drivers beginning with "E" I have added. But in the connection screen I cannot see some of them.

Do you have a solution? Please let me know when you need additional info.

Werderforever" }-

Hi,

233488

Hi Veteran,

many thanks for your reply. File and printer I have had enbled, but it doesn´t solved the problme. The other posibilities I don´t have tried, because I don´t want to open too much in the Firewall.

Werderforever

-{ Quote: "Hi Veteran,

many thanks for your reply. File and printer I have had enbled, but it doesn´t solved the problme. The other posibilities I don´t have tried, because I don´t want to open too much in the Firewall.

Werderforever" }-

You're Welcome, buddy ;)
I suggest you to try other options just for testing and see if they solve your problem or not; If enabling them helped you so then you know the problem comes from where and if they didn't help then leave them disable.

I found a thing about TinyWall UI :argh:
It's better to use a checkmark in front of Active mode so users know which mode is active right now. Please see the attached pic for more ;D

233491

I think this is better :thumb: what do you think?

One more thing: See the "Allow Outgoing icon", It's red. Red in many ways means don't allow, don't cross, don't go... maybe another color or icon for "Allow Outgoing icon"? ("Block all icon" is also not all right, Yellow/Orange color for blocking all?) what do you think?


Something else about UI :lurking:

233498


A bug or not a bug:
On my laptop I have "Connectify (http://www.connectify.me/)" so it's been possible to share my Internet over WiFi so my brother can use it too.

I have created Application Exception's list of my desired programs in TinyWall and everythings was ok but when I enabled connectify I noticed that my Application Exception's list in TinyWall gone! and I had to recreate my list! BUT after disabling connectify, surprisingly my original Application Exception's list is back!!

Now, why enabling connectify make Application Exception's list go away and disabling connectify make it back?

I don't know is it a bug or not ???

Anyway, I really love TinyWall. Thanks ultim :thumb: If I find anything else I'll post here :)
[Sorry for my English]

Now I have checked all "Optional", but its still not working...

Werderforever

-{ Quote: "Now I have checked all "Optional", but its still not working...

Werderforever" }-

I am Sorry buddy, my knowledge is limited in this area you have problem.
Hope ultim find a way.

I hope this too.

Many thanks for your effort and help! :)


Werderforever

-{ Quote: "I found a thing about TinyWall UI :argh:
It's better to use a checkmark in front of Active mode so users know which mode is active right now. Please see the attached pic for more ;D

I think this is better :thumb: what do you think?

One more thing: See the "Allow Outgoing icon", It's red. Red in many ways means don't allow, don't cross, don't go... maybe another color or icon for "Allow Outgoing icon"? ("Block all icon" is also not all right, Yellow/Orange color for blocking all?) what do you think?" }-

But you can already see on the tray icon what mode you are in. If you have the brick wall you know you are on the normal mode.
I can see your point on the red icon though. Could be confusing I guess... Personally I havent found any use of allowing only outgoing, but I guess there are?

-{ Quote: "I hope this too.

Many thanks for your effort and help! :)


Werderforever" }-

You are Welcome my friend :)

-{ Quote: "But you can already see on the tray icon what mode you are in. If you have the brick wall you know you are on the normal mode.
" }-

I know, but a tiny checkmark won't take a lot space and it's better in my opinion ::)

-{ Quote: "I can see your point on the red icon though. Could be confusing I guess... Personally I havent found any use of allowing only outgoing, but I guess there are?" }-

Yes, I use them usually 8) and It's important part of a firewall I guess :shifty:

Hi im new to this