Beta-testing TinyWall

Discussion in 'other firewalls' started by ultim, Oct 12, 2011.

  1. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    279
    Hello, I am looking for people to help test my Windows Firewall controller, "TinyWall", freeware.

    So, how is TinyWall different?
    - Deliberately no-popup approach! Still simple to unblock apps
    - Windows Firewall tinkering protection
    - No knowledge of application ports is needed. In fact, you cannot edit rules in detail at all.
    - Comes with a list of known applications and associated ports lists. TinyWall automatically recognizes your app and only allows what is needed instead of giving full acess.
    - Firewall modes, special LAN access, temporary rules, open sockets listing, password lock, etc...

    For a complete feature list, please have a look at the website: http://tinywall.pados.hu/features.php

    Status: Seems to work fine, but needs more testing.

    The list of recognized apps is currently quite small, so in addition of telling me your oppinion, sending bug reports and feature requests, you can also help out by sending me program descriptions to include (to do that, send me the XML output from "DevelTool").

    NOTE: It is stated on the website, but here once more: To uninstall, you need to launch the UI as Admin (Elevate as necessary) then request uninstallation from the Maintenance tab in the settings.

    Hope you'll find it usefull.
    Download from http://tinywall.pados.hu/download.php.
     
    Last edited by a moderator: Oct 13, 2011
  2. kerykeion

    kerykeion Registered Member

    Joined:
    Jun 30, 2010
    Posts:
    240
    Location:
    Philippines
    This almost put a big smile on my face... until I found out it's only for Vista/7. But still, I believe this is a great non-intrusive firewall software for people who like it (got sold by its features)

    I'm on XP.
     
  3. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    I actually really like it, upon playing around in a VM.

    Very intuitive with the 'Whitelist by -

    executable
    process
    window (just click on the application window on your screen)

    Here are some screens:

    2011-10-12_195718.png
    2011-10-12_195828.png
    2011-10-12_195859.png

    Thanks!
     
  4. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    Few questions/suggestions:

    A window or tray menu link to view blocked processes connections.
    What is the 'Private zone'?
    What is the 'Prompt for profile association for recognized applications check box for'?
    Add application to allowed via connection's window
    Have connections window remember size & include a maximize button

    Thanks.
     
    Last edited: Oct 13, 2011
  5. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    Does it play well with a standard user account?
     
  6. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,227
    Location:
    Poland - Cracow
    I have XP...
    :(
     
  7. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,552
    Location:
    Romania
    It shows me pop-ups for new outgoing connections?If not,it's pretty useless for me.
     
  8. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    279
    Firts of all, thank you all very much for your input and feedback. I really appreciate it.

    tony62:
    Thanks for the screenshots. I see some small UI corruption in the connections dialog (checkbox sliding into the list), which doesn't happen on my development machine. I'll try to workaround that.

    > A window or tray menu link to view blocked processes connections.
    Currently there is no feature to show blocked connections, but I see that it would be helpful. I'll sure implement it, I'm only unsure if I will do it in the current 1.0 version or in 1.1 after that.

    > What is the 'Private zone'?
    That is just information showing you in which firewall/network zone you currently are. It doesn't do anything, it is only informational. All applications you unblock will be allowed in the same zone only that you unblocked them in. So for example, if you have a laptop and you're surfing on a public WiFi (which puts you into the Public firewall zone), you can have a different set of applications enabled than at home.

    > What is the 'Prompt for profile association for recognized applications check box for'?
    TinyWall has a built-in list of safe applications that it can recognize and knows which communication profiles to allow for them (for example, Internet Explorer will be allowed ports 80/443 outbound, which is the 'Web browser' profile). If you are unblocking a reocgnized application, TinyWall will not ask you for the profile because it already knows how to handle that application. On the other hand, if you are unblocking an application that TinyWall doesn't know yet, you will get an extra prompt where you can tighten the rules on that app instead of giving it full access to the network. So here is how this option comes into play: if 'Prompt for profile association for recognized applications' is checked, you will always be asked for the profiles, even for recognized/known applications. This is basically just a UI/comfort setting and does not influence firewall operation.

    > Add application to allowed via connection's window
    Already thought about that and I am willing to do it, but the current inner workings of the controller app inhibit such a feature. I need some time to rework things. At latest, I will definetely implement it in the first post-1.0 release.

    > Have connections window remember size & include a maximize button
    Will do that right away.


    skudo12:
    > Does it play well with a standard user account?
    Yes, you can run the UI without Admin privileges and add new applications to the exceptions list. You will only be missing some minor features (Connections list, Uninstall capability, for these you need Admin rights). If you want to limit who can configure TinyWall, that's what the password lock feature is for. In relation to multiple user accounts, the only thing it doesn't like is fast user switching (that is, multiple users logged in at the same time). It will still work, but the tray app will only be usable from one account at a time. As soon as you quit the first instance you started, the other user's tray app will start to work.


    JoeBlack40:
    > It shows me pop-ups for new outgoing connections?
    It does not show popups for new outgoing connecitons. That is on purpose and I truely believe it is better this way, becasue it is safer, less annoying, and through some other features (e.g. whitelist by window) is still just as easy to use.
     
    Last edited: Oct 13, 2011
  9. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    279
    'Prompt for profile association for recognized applications'
    I guess I could rename it to just 'Always ask for profiles'. Would that be better?
     
  10. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,552
    Location:
    Romania
    I really appreciate your work and especially that your software is free.But i disagree with you.That's why i use third parties firewalls,because i want to be notified REAL TIME when a program asks for an outbound connection,that's all.Or you could implement a "learning mode" for those who don't want pop-ups.Just my opinion.
     
  11. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    279
    That's fine. Different people use the same software for different purposes. In my case, I don't care about real-time notification. What I need is that only those applications access the internet that I have explicitly allowed, and otherwise the firewall should try to stay out of my way. If I allow only my web browser, I know that it will be allowed and all others will be blocked. I don't need notifications about the latter case.
     
  12. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    I agree with the author about not having notifications, wish you the best for your application and goodluck!
     
  13. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    987
    Location:
    Romania
    1. While the program is in locked state you can delete rules from Manage window. What is locked, only the notifyicon menu items ?
    2. What does the menu Public Zone ?
    3. If you delete a rule from Application Exceptions the rule is not deleted from WFwAS, it still exists there.
    4. Make the systray icon to show the menu also on the left mouse button click, not just on the right button.
    5. Which method did you use to communicate from GUI to the service to avoid problems with standard user accounts ?
    6. And the most annoying thing, I can't uninstall it because TinyWall.exe is running. If I end the process from Task Manager, it restarts itself. First I had to go to services.msc and disable the service, and only after that I could uninstall it.

    Good work. :cool:
     
    Last edited: Oct 13, 2011
  14. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    Does this firewall make use Windows DEP/ASLR etc?
    Does it support IPv6?
    Does it have self-protection from tampering and termination?

    I suggest that it will have IP Blocking feature (ie Peerblock) and an easy way to import IP blocklists from Bluetack etc.

    I also like the author's approach! I will test sometime soon. :)
     
    Last edited: Oct 13, 2011
  15. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    279
    Actually, both work. The mistake you are making is, changes are only applied when you click OK in the settings dialog. So you can remove or add multiple apps, and then click ok, then all your changes will be applied at once. This is also the point where you will be asked for a pssword if the firewall is locked down. Check it again, and it will be alright. In locked state, all configuration changes are locked.

    Does not do anything, it is only information showing which Windows Firewall zone you are currently in. Application changes will only be applied to the current zone.

    Will do, thanks for the tip.

    Named pipes, setting ACL on them.

    Thanks and good work on your Windows Firewall Control too.
     
    Last edited: Oct 13, 2011
  16. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    279
    Hi Izumi,

    >Does this firewall make use Windows DEP/ASLR etc?
    Yes, TinyWall is written using .Net technology, which automatically makes use of DEP. ASLR is not needed because by the nature of the JIT compiler it is impossible for an attacker to tell the exact layout of the binaries on a foreign computer. So I guess you could say that ASLR is also enabled, although it is not the same technology that is used for native binaries.

    > Does it support IPv6?
    Yes.

    > Does it have self-protection from tampering and termination?
    Yes. It is of course not bulletproof, but everyone in computer security can tell that nothing is. However, TinyWall will surely survive a process kill and also some other forms of attack too. The configuration files are encrypted with a dynamic password and are also locked during execution, and there are some other safety mechanisms too. Also, TinyWall also tries to protect not only itself but also the Windows Firewall service.

    >I suggest that it will have IP Blocking feature (ie Peerblock) and an easy way to import IP blocklists from Bluetack etc.
    I haven't thought of that until now, but not a bad idea. However, not in the 1.0 version. I'll have to do some more research on that topic.
     
  17. ViVek

    ViVek Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    535
    Location:
    Moon
    Hi ultim.
    Do you have any plans to release XP version?
     
  18. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    279
    Hi ViVek. I am really sorry to say this, but XP support is currently not planned.
     
  19. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544

    Thank you. I'm very looking forward to the IP blocking feature :)
     
  20. ViVek

    ViVek Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    535
    Location:
    Moon
    Ok, thank you :thumb:
     
  21. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    you should put MD5 hash of the installer on the download page so we can verify the integrity of our download.
     
  22. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,699
    This looks promising. It seems like a broad database for the FW to know every applications ports rather than to notify on inbound and outbound connections. Just my 2 cents.
     
  23. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I just gave a quick reading at its features and I couldn't tell whether or not it's possible to define a hostname/domain as the remote address? It's handy for those times when IPs are constantly changing.
     
  24. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    279
    To forum admin: Please change the download link (last line in opening post) to http://tinywall.pados.hu/download.php instead of a direct link to the file. I cannot seem to edit the post anymore.
     
  25. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    279
    As stated in the opening post, you have to uninstall by going to the Maintenance tab in Manage.
    1) Elevate privileges from the menu if not done so already
    2) Go to Manage
    3) Select Uninstall under Maintenance