Beta-testing TinyWall

Discussion in 'other firewalls' started by ultim, Oct 12, 2011.

  1. ultim
    Offline

    ultim Registered Member

    Hello, I am looking for people to help test my Windows Firewall controller, "TinyWall", freeware.

    So, how is TinyWall different?
    - Deliberately no-popup approach! Still simple to unblock apps
    - Windows Firewall tinkering protection
    - No knowledge of application ports is needed. In fact, you cannot edit rules in detail at all.
    - Comes with a list of known applications and associated ports lists. TinyWall automatically recognizes your app and only allows what is needed instead of giving full acess.
    - Firewall modes, special LAN access, temporary rules, open sockets listing, password lock, etc...

    For a complete feature list, please have a look at the website: http://tinywall.pados.hu/features.php

    Status: Seems to work fine, but needs more testing.

    The list of recognized apps is currently quite small, so in addition of telling me your oppinion, sending bug reports and feature requests, you can also help out by sending me program descriptions to include (to do that, send me the XML output from "DevelTool").

    NOTE: It is stated on the website, but here once more: To uninstall, you need to launch the UI as Admin (Elevate as necessary) then request uninstallation from the Maintenance tab in the settings.

    Hope you'll find it usefull.
    Download from http://tinywall.pados.hu/download.php.
    Last edited by a moderator: Oct 13, 2011
  2. kerykeion
    Offline

    kerykeion Registered Member

    This almost put a big smile on my face... until I found out it's only for Vista/7. But still, I believe this is a great non-intrusive firewall software for people who like it (got sold by its features)

    I'm on XP.
  3. tony62
    Offline

    tony62 Registered Member

    I actually really like it, upon playing around in a VM.

    Very intuitive with the 'Whitelist by -

    executable
    process
    window (just click on the application window on your screen)

    Here are some screens:

    2011-10-12_195718.png
    2011-10-12_195828.png
    2011-10-12_195859.png

    Thanks!
  4. tony62
    Offline

    tony62 Registered Member

    Few questions/suggestions:

    A window or tray menu link to view blocked processes connections.
    What is the 'Private zone'?
    What is the 'Prompt for profile association for recognized applications check box for'?
    Add application to allowed via connection's window
    Have connections window remember size & include a maximize button

    Thanks.
    Last edited: Oct 13, 2011
  5. kupo
    Offline

    kupo Registered Member

    Does it play well with a standard user account?
  6. ichito
    Offline

    ichito Registered Member

    I have XP...
    :(
  7. JoeBlack40
    Offline

    JoeBlack40 Registered Member

    It shows me pop-ups for new outgoing connections?If not,it's pretty useless for me.
  8. ultim
    Offline

    ultim Registered Member

    Firts of all, thank you all very much for your input and feedback. I really appreciate it.

    tony62:
    Thanks for the screenshots. I see some small UI corruption in the connections dialog (checkbox sliding into the list), which doesn't happen on my development machine. I'll try to workaround that.

    > A window or tray menu link to view blocked processes connections.
    Currently there is no feature to show blocked connections, but I see that it would be helpful. I'll sure implement it, I'm only unsure if I will do it in the current 1.0 version or in 1.1 after that.

    > What is the 'Private zone'?
    That is just information showing you in which firewall/network zone you currently are. It doesn't do anything, it is only informational. All applications you unblock will be allowed in the same zone only that you unblocked them in. So for example, if you have a laptop and you're surfing on a public WiFi (which puts you into the Public firewall zone), you can have a different set of applications enabled than at home.

    > What is the 'Prompt for profile association for recognized applications check box for'?
    TinyWall has a built-in list of safe applications that it can recognize and knows which communication profiles to allow for them (for example, Internet Explorer will be allowed ports 80/443 outbound, which is the 'Web browser' profile). If you are unblocking a reocgnized application, TinyWall will not ask you for the profile because it already knows how to handle that application. On the other hand, if you are unblocking an application that TinyWall doesn't know yet, you will get an extra prompt where you can tighten the rules on that app instead of giving it full access to the network. So here is how this option comes into play: if 'Prompt for profile association for recognized applications' is checked, you will always be asked for the profiles, even for recognized/known applications. This is basically just a UI/comfort setting and does not influence firewall operation.

    > Add application to allowed via connection's window
    Already thought about that and I am willing to do it, but the current inner workings of the controller app inhibit such a feature. I need some time to rework things. At latest, I will definetely implement it in the first post-1.0 release.

    > Have connections window remember size & include a maximize button
    Will do that right away.


    skudo12:
    > Does it play well with a standard user account?
    Yes, you can run the UI without Admin privileges and add new applications to the exceptions list. You will only be missing some minor features (Connections list, Uninstall capability, for these you need Admin rights). If you want to limit who can configure TinyWall, that's what the password lock feature is for. In relation to multiple user accounts, the only thing it doesn't like is fast user switching (that is, multiple users logged in at the same time). It will still work, but the tray app will only be usable from one account at a time. As soon as you quit the first instance you started, the other user's tray app will start to work.


    JoeBlack40:
    > It shows me pop-ups for new outgoing connections?
    It does not show popups for new outgoing connecitons. That is on purpose and I truely believe it is better this way, becasue it is safer, less annoying, and through some other features (e.g. whitelist by window) is still just as easy to use.
    Last edited: Oct 13, 2011
  9. ultim
    Offline

    ultim Registered Member

    'Prompt for profile association for recognized applications'
    I guess I could rename it to just 'Always ask for profiles'. Would that be better?
  10. JoeBlack40
    Offline

    JoeBlack40 Registered Member

    I really appreciate your work and especially that your software is free.But i disagree with you.That's why i use third parties firewalls,because i want to be notified REAL TIME when a program asks for an outbound connection,that's all.Or you could implement a "learning mode" for those who don't want pop-ups.Just my opinion.
  11. ultim
    Offline

    ultim Registered Member

    That's fine. Different people use the same software for different purposes. In my case, I don't care about real-time notification. What I need is that only those applications access the internet that I have explicitly allowed, and otherwise the firewall should try to stay out of my way. If I allow only my web browser, I know that it will be allowed and all others will be blocked. I don't need notifications about the latter case.
  12. kupo
    Offline

    kupo Registered Member

    I agree with the author about not having notifications, wish you the best for your application and goodluck!
  13. alexandrud
    Offline

    alexandrud Developer

    1. While the program is in locked state you can delete rules from Manage window. What is locked, only the notifyicon menu items ?
    2. What does the menu Public Zone ?
    3. If you delete a rule from Application Exceptions the rule is not deleted from WFwAS, it still exists there.
    4. Make the systray icon to show the menu also on the left mouse button click, not just on the right button.
    5. Which method did you use to communicate from GUI to the service to avoid problems with standard user accounts ?
    6. And the most annoying thing, I can't uninstall it because TinyWall.exe is running. If I end the process from Task Manager, it restarts itself. First I had to go to services.msc and disable the service, and only after that I could uninstall it.

    Good work. :cool:
    Last edited: Oct 13, 2011
  14. Konata Izumi
    Offline

    Konata Izumi Registered Member

    Does this firewall make use Windows DEP/ASLR etc?
    Does it support IPv6?
    Does it have self-protection from tampering and termination?

    I suggest that it will have IP Blocking feature (ie Peerblock) and an easy way to import IP blocklists from Bluetack etc.

    I also like the author's approach! I will test sometime soon. :)
    Last edited: Oct 13, 2011
  15. ultim
    Offline

    ultim Registered Member

    Actually, both work. The mistake you are making is, changes are only applied when you click OK in the settings dialog. So you can remove or add multiple apps, and then click ok, then all your changes will be applied at once. This is also the point where you will be asked for a pssword if the firewall is locked down. Check it again, and it will be alright. In locked state, all configuration changes are locked.

    Does not do anything, it is only information showing which Windows Firewall zone you are currently in. Application changes will only be applied to the current zone.

    Will do, thanks for the tip.

    Named pipes, setting ACL on them.

    Thanks and good work on your Windows Firewall Control too.
    Last edited: Oct 13, 2011
  16. ultim
    Offline

    ultim Registered Member

    Hi Izumi,

    >Does this firewall make use Windows DEP/ASLR etc?
    Yes, TinyWall is written using .Net technology, which automatically makes use of DEP. ASLR is not needed because by the nature of the JIT compiler it is impossible for an attacker to tell the exact layout of the binaries on a foreign computer. So I guess you could say that ASLR is also enabled, although it is not the same technology that is used for native binaries.

    > Does it support IPv6?
    Yes.

    > Does it have self-protection from tampering and termination?
    Yes. It is of course not bulletproof, but everyone in computer security can tell that nothing is. However, TinyWall will surely survive a process kill and also some other forms of attack too. The configuration files are encrypted with a dynamic password and are also locked during execution, and there are some other safety mechanisms too. Also, TinyWall also tries to protect not only itself but also the Windows Firewall service.

    >I suggest that it will have IP Blocking feature (ie Peerblock) and an easy way to import IP blocklists from Bluetack etc.
    I haven't thought of that until now, but not a bad idea. However, not in the 1.0 version. I'll have to do some more research on that topic.
  17. ViVek
    Offline

    ViVek Registered Member

    Hi ultim.
    Do you have any plans to release XP version?
  18. ultim
    Offline

    ultim Registered Member

    Hi ViVek. I am really sorry to say this, but XP support is currently not planned.
  19. Konata Izumi
    Offline

    Konata Izumi Registered Member


    Thank you. I'm very looking forward to the IP blocking feature :)
  20. ViVek
    Offline

    ViVek Registered Member

    Ok, thank you :thumb:
  21. Konata Izumi
    Offline

    Konata Izumi Registered Member

    you should put MD5 hash of the installer on the download page so we can verify the integrity of our download.
  22. Rilla927
    Offline

    Rilla927 Registered Member

    This looks promising. It seems like a broad database for the FW to know every applications ports rather than to notify on inbound and outbound connections. Just my 2 cents.
  23. m00nbl00d
    Offline

    m00nbl00d Registered Member

    I just gave a quick reading at its features and I couldn't tell whether or not it's possible to define a hostname/domain as the remote address? It's handy for those times when IPs are constantly changing.
  24. ultim
    Offline

    ultim Registered Member

    To forum admin: Please change the download link (last line in opening post) to http://tinywall.pados.hu/download.php instead of a direct link to the file. I cannot seem to edit the post anymore.
  25. ultim
    Offline

    ultim Registered Member

    As stated in the opening post, you have to uninstall by going to the Maintenance tab in Manage.
    1) Elevate privileges from the menu if not done so already
    2) Go to Manage
    3) Select Uninstall under Maintenance