Beta-testing TinyWall

[Seven64]

I do not like this new beta 1.9.3. You said, according to TW site; "TinyWall does not require you to know about ports, protocols and application details.
Now seems you do. I need a manual to figure out how to tighten up rules (which ports to allow and block). Most of my browsers and download manager just needed (HTTP(S) Client) to work just fine.
I think you have defeated your original goal of keeping it simple.

[Seven64]

Iron browser does not work with 1.93, Firefox works fine.

[ultim]

Quote:

Originally Posted by skudo12

Oh oh, I found an error log,
-http://sebsauvage.net/paste/?bd5857cad284843b#EfgdlTBEedFEDQLv8HHBT8neHAuKIH1hoQdWH8G6+t0=

it's located at programdata/tinywall

edit: deleted

[ultim]

Quote:

Originally Posted by Seven64

I do not like this new beta 1.9.3. You said, according to TW site; "TinyWall does not require you to know about ports, protocols and application details.
Now seems you do. I need a manual to figure out how to tighten up rules (which ports to allow and block). Most of my browsers and download manager just needed (HTTP(S) Client) to work just fine.
I think you have defeated your original goal of keeping it simple.

I know. The reasons why I did this I summarized in post #328. I will probably add back profile support in a later version in one way or another, but for now I believe this is the better solution. The previous way was only better for people who knew internet protocols and for advanced users/technology experts, but that is the minority of users. I will definetely think of a way to add back tighter rules and still keep the simplicity of the current system.

[ultim]

Quote:

Originally Posted by Seven64

Iron browser does not work with 1.93, Firefox works fine.

It works just fine. I think you are experiencing the same problem as skudo12, your whitellisting rules not taking effect. I'll solve this quickly and make a fix available.

[ultim]

1.9.4 is out, contains a single fix for the reported whitelisting problem. I believe this will also solve the problem for Seven64.

IF you have the previous buggy version installed (1.9.3), you do not need to uninstall it. Just get the new installer and run it, it will automatically upgrade and keep your settings.

IF you have 1.9.2 or older, you still MUST manually uninstall before installing any newer version.

[kupo]

ultim, problem solved with whitelisting
But it still persists when changing ports (fine tuning the rule).
It still has the same error log

[Seven64]

Quote:

Originally Posted by ultim

1.9.4 is out, contains a single fix for the reported whitelisting problem. I believe this will also solve the problem for Seven64.

This works, wow that was fast. Thanks.

[ultim]

Quote:

Originally Posted by skudo12

ultim, problem solved with whitelisting
But it still persists when changing ports (fine tuning the rule).
It still has the same error log

If everything works, don't worry about that particular log entry. For now it looks like it may stay there for a while, but it shouldn't have any additional side-effects (unless, of course, I am wrong again )

Off topic: Are you the developer of ZeroBin? I am quite impressed by the ingenuity of the idea.

[kupo]

Quote:

Originally Posted by ultim

If everything works, don't worry about that particular log entry. For now it looks like it may stay there for a while, but it shouldn't have any additional side-effects (unless, of course, I am wrong again )

Off topic: Are you the developer of ZeroBin? I am quite impressed by the ingenuity of the idea.

Nope!, I've read about it in ghacks and thought of starting to use it. I'm obsessed with encryption, LOL

[Seven64]

I cannot connect to VPN (L2TP/IPSec), has there been a change with this setting? Switch to auto-learn and it works, and back to normal and won't connect.

[Cutting_Edgetech]

I'm going to keep an eye on this Firewall. It may be a good replacement for LnS after it matures a little. Keep up the good work.

[kupo]

Quote:

Originally Posted by Cutting_Edgetech

I'm going to keep an eye on this Firewall. It may be a good replacement for LnS after it matures a little. Keep up the good work.

and because it works with the built-in Windows Firewall, you can be assured no nasty Windows Conflict or BSOD will appear.
ultim, do you still plan on adding IP blocking capabilities in TinyWall?

[ultim]

Quote:

Originally Posted by Seven64

I cannot connect to VPN (L2TP/IPSec), has there been a change with this setting? Switch to auto-learn and it works, and back to normal and won't connect.

Whoops, confirmed. Fix comes soon. As for auto-learn, when you enter auto-learn the confirmation dialog box tells you that TinyWall cannot auto-learn special exceptions. So it cannot learn VPN, you have to enable it manually.

Quote:

Originally Posted by skudo12

do you still plan on adding IP blocking capabilities in TinyWall?

Not now. I'll still have one more try at it indirectly, but if it doesn't work the way I want it to, then I'll leave it as it is currently. But no timeframe here, so who knows when. I've got other things on my TinyWall to-do list with higher priority.

[Jarmo P]

I became interested, after whole time running Windows 7 with just default firewall settings.

It is just Avira warns and disables the download.

Quote:

Warning

In order not to compromise your security, this page will not be accessed
The requested URL has been identified as a potentially dangerous website.
Further information as to why this page was blocked can be found here. A description of how to remove the block for this page is available here.



Requested URL: http://tinywall.pados.hu/ccount/click.php?id=1
Category/categories:
Malware

[ultim]

Quote:

Originally Posted by Jarmo P

I became interested, after whole time running Windows 7 with just default firewall settings.

It is just Avira warns and disables the download.

Thank you. I'll contact Avira and clear up the issue. This is an errouneuos malware report. Until then, try downloading v2 beta. That even has a digital certificate.

[Jarmo P]

I installed the beta. Allowed Firefox "by window" click. Did not connect. Nor did the IE. So I went to learn mode. Found out the culprit was Avira's webguard, which was then allowed.

Propably not much harm was done to computer, since thosed allowed programs could have been later disabled inbound connections. W7 firewall anyways allows all outgoing.

But and a big but. All seemed to now work and i "signed off to go to another user account, the limited one". My system is in finnish language, so those parenthesis only to tell what I did. Normally it would have shown my 2 accounts to choose one. Now it showed a blank screen with a text: 'No cable connected'. Then system went totally blank. Only thing to do was to press shutdown button from my laptop.

So I uninstalled the TinyWall from "Control Panel" and did a system restore to a point before installing the firewall control.

I remember vaquely that same 'cable not connected' problem happened also with Sandboxie and then installing Avira. So they were not totally compatible and I had to install first Avira and then Sandboxie.

Now I suspect either Avira or Sandboxie I am both running or them together are not compatible with TinyWall. Anyways I am too tired to try any again, but if this helps someone. Notice Avira means a free antivirus, it has no firewall.

EDIT
I could not get Antivir and TinyWall work also without Sandboxie. So I uninstalled Avira, installed Avast, Tinywall and Sandboxie, and now all seems to work.

[SnowWalker]

Quote:

Originally Posted by Jarmo P

I could not get Antivir and TinyWall work also without Sandboxie. So I uninstalled Avira, installed Avast, Tinywall and Sandboxie, and now all seems to work.

Just keep in mind that with avast! Web Shield running at default values the firewall is bypassed. Under the avast! Web Shield settings I have "Scan traffic from well-known browser processes only" checked. My reasoning is that I allow well-known browser processes by default anyway, so at least they get scanned by the Web Shield. The other few programs I allow are trusted (hopefully), and everything else is blocked.

[Jarmo P]

Quote:

Originally Posted by SnowWalker

Just keep in mind that with avast! Web Shield running at default values the firewall is bypassed. Under the avast! Web Shield settings I have "Scan traffic from well-known browser processes only" checked. My reasoning is that I allow well-known browser processes by default anyway, so at least they get scanned by the Web Shield. The other few programs I allow are trusted (hopefully), and everything else is blocked.

Aah the local proxy software like Avast's webshield. Been a long while since I used Sygate or kerio 2.1.5 firewalls and then had to make the default transparent webshield into a manually configured and direct firewall rules for browsers to unnormal remote ports.

I am sure this has been somehow bettered long time ago and maybe that "Scan traffic from well-known browser processes only" means that and a baddie cannot go out as easy pretending to be a browser.

I will have to see how it works:
Yes you are right. For some reason that option is not enabled on the webshield settings by default. If you go to http://www.grc.com/lt/leaktest.htm and download the basic tester and execute it, it passes the TW / Win7 firewall. It is not even seen in the TW Connections window. If that option is checked, the local proxy hole is not open for it and the "malware" that connects to remote TCP port 80 does not get out.

A few firewall tricks how that port 80 malware cannot get out without that settings help, using kerio 2.1.5 firewall:
1. Disable general "any application" loopback rule in a firewall. and make browser specific loopback rules to the webshield ports, or
2. like here: allow general loopback rule, that though excludes the webshield proxy ports, http://www.wilderssecurity.com/showp...4&postcount=13
and then make loopback rules for the browsers to the webshield ports, http://www.wilderssecurity.com/showp...7&postcount=14
Notice also the webshield rules.

This stuff of course a bit too much anal but could be maybe in theory implemented also to to TW -> Win7 rules I guess.

[ultim]

A false positive report has been submitted to Avira. If anyone is still having doubts while it gets re-analyzed, I encourage you to scan TinyWall using VirusTotal.com. It gets zero detections from 40 antivurs software.

Jarmo P:
I highly doubt the no 'No cable connected' problem you have described is related to TinyWall, I'd even go as far as saying it is impossible. TinyWall does not touch any system settings except for the Windows Firewall, and even for that it only manipulates rules. There are no drivers installed or hooks that intercept user logon/logout events etc. . The worst error you can get with TinyWall is loosing internet connection (if it misconfigures the firewall), but that is not the same as the operating system not detecting a connected cable. To the best of my knowledge.

Avira's Webguard passed my attention, it should be added to the default allow rules upon installation just as it is done with Avast's Webshield. Though that means programs will be able to bypass the firewall, but at least you won't loose connection for no obvious reason.

Unfortunately this is one of the few limitations of the Vista/Win7 Firewall, it does not allow filtering traffic over the loopback connection, so I won't be able to solve this alone. MailWasher and AdMuncher are also similar products affected. For all these applications, you have to choose between the web protection of these software or the protection of TinyWall. I simply have no way around it. Thankfully, these shields can be disabled separately so for example you can still use the filesystem protection of virus scanners while disabling local proxying, should you decide to do so.

[kupo]

If the user still wants to have web protection, he could use Comodo DNS, Norton DNS, or Open DNS. Disable the webshield of Avast and enable the the other Avast shields. . Now with that you still have the protection of Avast and the security of other company without the added overhead in using system resources of your computer.

[Jarmo P]

Quote:

Unfortunately this is one of the few limitations of the Vista/Win7 Firewall, it does not allow filtering traffic over the loopback connection, so I won't be able to solve this alone. MailWasher and AdMuncher are also similar products affected. For all these applications, you have to choose between the web protection of these software or the protection of TinyWall. I simply have no way around it. Thankfully, these shields can be disabled separately so for example you can still use the filesystem protection of virus scanners while disabling local proxying, should you decide to do so.

Yes, that is for me a very possible choice, I have my browser always Sandboxied. Don't know how good that Avast web shield's white listing is.

Could have been that there was somethig wrong with my Avira installation, anyways I am not going back.


About adding some program which need some Autolearn perhaps, and how good or bad it is:

I play fixed limit small stakes poker, so I have been trialling Holdem Manager 2 program. There was found by google search following.

Quote:

General Firewall Troubleshooting

Most firewalls provide the ability to grant certain programs varying levels of Internet access called exceptions. Exceptions deviate from “general” firewall rules. Do this by configuring the firewall and locating a section called “Program Control”, “Process Control”, “Application Control” or something along those lines.

For registration issues or problems with Holdem Manager connecting to the PostgreSQL database, it is imperative to allow FULL Internet access for the following five processes:

C:\Program Files\Holdem Manager 2\HoldemManager.exe
C:\Program Files\Holdem Manager 2\HudFuncsApp.exe
C:\Program Files\Holdem Manager 2\HMUpdate.exe (available only during an update)
C:\Program Files\PostgreSQL\8.x\bin\pg_ctl.exe
C:\Program Files\PostgreSQL\8.x\bin\postgres.exe


Add exceptions to the firewall to allow the four programs listed above FULL Internet access. Then restart the computer for the changes to take place.

Once restarted, there should no longer be any type of firewall issues which prevent Holdem Manager or PostgreSQL from operating properly.

Problem was the correct path informations were 'Program Files (x86)' and 'PostgreSQL\bin' and myself not knowing any about Windows 7, so I rather resorted to TW Autolearn mode. It gives "server rights" to all those programs. I doubt they all need that and some traditional popup firewall could have been more specific. The Holdem Manager 2 program i ran from my limited account using "run as admin" or how ever it is spelled in english language Windows and it seemed to learn without any difficulties.

Only 'C:\Program Files\Holdem Manager 2\HMUpdate.exe' could not be found even if I tried manually update the program. I tried to 'Add application -> Browse for file' and put another file. but it could not be manually edited? So I'll have to resort to Autolearn another time

Perhaps the unnecessary incoming rights are not so bad since these programs usually are not capably to act as server who dont need them, I think.

[majoMo]

Quote:

Originally Posted by ultim

( ... ) MailWasher and AdMuncher are also similar products affected. ( ... )

It seems you can also add AdFender for these kind of app..

[Seven64]

Quote:

Originally Posted by ultim

Whoops, confirmed. Fix comes soon.

Has VPN been fixed yet? Have to use 1.92 for now.

[Jarmo P]

I'm really starting to like and admire your work Karoly in TinyWall and I think this is a keeper for me. It works and you can be sure it is basic Windows 7 you are running and your applications you use, which is what computers are made of.

For some people here in wilders, the computers are for running security stuff and and even if they never get a single virus in their system, their are so paranoid that they go to leaktests. And compare what system hardens their computer against anything best. Finally they go to something like Comodo lool.

See, in my XP times i was quite a bit interested in the security progs, obsessed I could say. Started with Sygate (actually in windows 95 times i think), which was easy well behaved traditional firewall and a good learning. Then kerio 2.1.5 which satisfied my nerdy wishes more than maybe any other security product. Tried a few traditional HIPS, first one almost was too hard to get rid of, dont remember its name. Then SSM, with oh so many popups. Finally ProcessGuard free, which was a good program actually if you wanted to know what programs started but not too many popups.

But no, i was not happy with my system working well with Sygate or kerio 2.1.5 and PG and my well behaved security apps running me. Had to try Kerio 4 versions, all with blue screens or loosing internet connection. And then Comodo, slowing my system down etc. Was many years ago, so not same as the current thread of its problems or users problems I was laughing to read today. Well a few antimalware scanners too and SpywareBlaster

In final days of my XP I became a sound user and only Sygate and Sandboxie and them not much running me anymore.

So I got my Windows 7 laptop last december. And thought: First Norton security system trial away and then: This computer NEVER gets a second party firewall. It gets Sandboxie and a free antivirus and thats it.

Your work is perfect for people who want their firewall check the outbound connections too and not totally happy with windows firewall. Perfect too for old geeks like me lol.

EDIT
I noticed you have avast! Antivirus in 'Special Extensions'. I checked the Windows firewall rules and I think did not see anything else except avastsvc.exe there. For the updates to work, avast.setup needs be there too. I had to put TW a few times in the learning mode before it got it.