TinyWall Firewall

Discussion in 'other firewalls' started by ultim, Oct 12, 2011.

  1. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    Welcome to the TinyWall discussion thread

    About TinyWall

    TinyWall is a standalone firewall for 64-bit Windows systems, known for its no-popup approach. It is lightweight, easy to use, and a clear upgrade compared to Microsoft's built-in firewall in Windows both feature- and security-wise. It is also free and completely respects your privacy.

    Why use TinyWall instead of Windows Firewall?

    Because TinyWall...

    • makes it much easier to whitelist applications
    • prevents installers from altering your firewall rules
    • is already active while your computer is still booting
    • automatically handles UWP- and Windows Store apps
    • can list active and blocked connections
    • can create temporary/timed firewall rules
    • supports password-lock
    • filters raw-sockets and promiscuous apps
    • comes with optional blocklists
    • ... among other things


    Quick links

    TinyWall is a private project of Karoly Pados. If you like the software, please consider supporting it with just 1$/month.
     
  2. kerykeion

    kerykeion Registered Member

    Joined:
    Jun 30, 2010
    Posts:
    284
    Location:
    Philippines
    This almost put a big smile on my face... until I found out it's only for Vista/7. But still, I believe this is a great non-intrusive firewall software for people who like it (got sold by its features)

    I'm on XP.
     
  3. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    I actually really like it, upon playing around in a VM.

    Very intuitive with the 'Whitelist by -

    executable
    process
    window (just click on the application window on your screen)

    Here are some screens:

    2011-10-12_195718.png
    2011-10-12_195828.png
    2011-10-12_195859.png

    Thanks!
     
  4. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    Few questions/suggestions:

    A window or tray menu link to view blocked processes connections.
    What is the 'Private zone'?
    What is the 'Prompt for profile association for recognized applications check box for'?
    Add application to allowed via connection's window
    Have connections window remember size & include a maximize button

    Thanks.
     
    Last edited: Oct 13, 2011
  5. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,121
    Does it play well with a standard user account?
     
  6. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    I have XP...
    :(
     
  7. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,584
    Location:
    Romania
    It shows me pop-ups for new outgoing connections?If not,it's pretty useless for me.
     
  8. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    Firts of all, thank you all very much for your input and feedback. I really appreciate it.

    tony62:
    Thanks for the screenshots. I see some small UI corruption in the connections dialog (checkbox sliding into the list), which doesn't happen on my development machine. I'll try to workaround that.

    > A window or tray menu link to view blocked processes connections.
    Currently there is no feature to show blocked connections, but I see that it would be helpful. I'll sure implement it, I'm only unsure if I will do it in the current 1.0 version or in 1.1 after that.

    > What is the 'Private zone'?
    That is just information showing you in which firewall/network zone you currently are. It doesn't do anything, it is only informational. All applications you unblock will be allowed in the same zone only that you unblocked them in. So for example, if you have a laptop and you're surfing on a public WiFi (which puts you into the Public firewall zone), you can have a different set of applications enabled than at home.

    > What is the 'Prompt for profile association for recognized applications check box for'?
    TinyWall has a built-in list of safe applications that it can recognize and knows which communication profiles to allow for them (for example, Internet Explorer will be allowed ports 80/443 outbound, which is the 'Web browser' profile). If you are unblocking a reocgnized application, TinyWall will not ask you for the profile because it already knows how to handle that application. On the other hand, if you are unblocking an application that TinyWall doesn't know yet, you will get an extra prompt where you can tighten the rules on that app instead of giving it full access to the network. So here is how this option comes into play: if 'Prompt for profile association for recognized applications' is checked, you will always be asked for the profiles, even for recognized/known applications. This is basically just a UI/comfort setting and does not influence firewall operation.

    > Add application to allowed via connection's window
    Already thought about that and I am willing to do it, but the current inner workings of the controller app inhibit such a feature. I need some time to rework things. At latest, I will definetely implement it in the first post-1.0 release.

    > Have connections window remember size & include a maximize button
    Will do that right away.


    skudo12:
    > Does it play well with a standard user account?
    Yes, you can run the UI without Admin privileges and add new applications to the exceptions list. You will only be missing some minor features (Connections list, Uninstall capability, for these you need Admin rights). If you want to limit who can configure TinyWall, that's what the password lock feature is for. In relation to multiple user accounts, the only thing it doesn't like is fast user switching (that is, multiple users logged in at the same time). It will still work, but the tray app will only be usable from one account at a time. As soon as you quit the first instance you started, the other user's tray app will start to work.


    JoeBlack40:
    > It shows me pop-ups for new outgoing connections?
    It does not show popups for new outgoing connecitons. That is on purpose and I truely believe it is better this way, becasue it is safer, less annoying, and through some other features (e.g. whitelist by window) is still just as easy to use.
     
    Last edited: Oct 13, 2011
  9. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    'Prompt for profile association for recognized applications'
    I guess I could rename it to just 'Always ask for profiles'. Would that be better?
     
  10. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,584
    Location:
    Romania
    I really appreciate your work and especially that your software is free.But i disagree with you.That's why i use third parties firewalls,because i want to be notified REAL TIME when a program asks for an outbound connection,that's all.Or you could implement a "learning mode" for those who don't want pop-ups.Just my opinion.
     
  11. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    That's fine. Different people use the same software for different purposes. In my case, I don't care about real-time notification. What I need is that only those applications access the internet that I have explicitly allowed, and otherwise the firewall should try to stay out of my way. If I allow only my web browser, I know that it will be allowed and all others will be blocked. I don't need notifications about the latter case.
     
  12. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,121
    I agree with the author about not having notifications, wish you the best for your application and goodluck!
     
  13. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,408
    Location:
    Romania
    1. While the program is in locked state you can delete rules from Manage window. What is locked, only the notifyicon menu items ?
    2. What does the menu Public Zone ?
    3. If you delete a rule from Application Exceptions the rule is not deleted from WFwAS, it still exists there.
    4. Make the systray icon to show the menu also on the left mouse button click, not just on the right button.
    5. Which method did you use to communicate from GUI to the service to avoid problems with standard user accounts ?
    6. And the most annoying thing, I can't uninstall it because TinyWall.exe is running. If I end the process from Task Manager, it restarts itself. First I had to go to services.msc and disable the service, and only after that I could uninstall it.

    Good work. :cool:
     
    Last edited: Oct 13, 2011
  14. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,557
    Does this firewall make use Windows DEP/ASLR etc?
    Does it support IPv6?
    Does it have self-protection from tampering and termination?

    I suggest that it will have IP Blocking feature (ie Peerblock) and an easy way to import IP blocklists from Bluetack etc.

    I also like the author's approach! I will test sometime soon. :)
     
    Last edited: Oct 13, 2011
  15. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    Actually, both work. The mistake you are making is, changes are only applied when you click OK in the settings dialog. So you can remove or add multiple apps, and then click ok, then all your changes will be applied at once. This is also the point where you will be asked for a pssword if the firewall is locked down. Check it again, and it will be alright. In locked state, all configuration changes are locked.

    Does not do anything, it is only information showing which Windows Firewall zone you are currently in. Application changes will only be applied to the current zone.

    Will do, thanks for the tip.

    Named pipes, setting ACL on them.

    Thanks and good work on your Windows Firewall Control too.
     
    Last edited: Oct 13, 2011
  16. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    Hi Izumi,

    >Does this firewall make use Windows DEP/ASLR etc?
    Yes, TinyWall is written using .Net technology, which automatically makes use of DEP. ASLR is not needed because by the nature of the JIT compiler it is impossible for an attacker to tell the exact layout of the binaries on a foreign computer. So I guess you could say that ASLR is also enabled, although it is not the same technology that is used for native binaries.

    > Does it support IPv6?
    Yes.

    > Does it have self-protection from tampering and termination?
    Yes. It is of course not bulletproof, but everyone in computer security can tell that nothing is. However, TinyWall will surely survive a process kill and also some other forms of attack too. The configuration files are encrypted with a dynamic password and are also locked during execution, and there are some other safety mechanisms too. Also, TinyWall also tries to protect not only itself but also the Windows Firewall service.

    >I suggest that it will have IP Blocking feature (ie Peerblock) and an easy way to import IP blocklists from Bluetack etc.
    I haven't thought of that until now, but not a bad idea. However, not in the 1.0 version. I'll have to do some more research on that topic.
     
  17. ViVek

    ViVek Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    584
    Location:
    Moon
    Hi ultim.
    Do you have any plans to release XP version?
     
  18. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    Hi ViVek. I am really sorry to say this, but XP support is currently not planned.
     
  19. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,557

    Thank you. I'm very looking forward to the IP blocking feature :)
     
  20. ViVek

    ViVek Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    584
    Location:
    Moon
    Ok, thank you :thumb:
     
  21. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,557
    you should put MD5 hash of the installer on the download page so we can verify the integrity of our download.
     
  22. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,742
    This looks promising. It seems like a broad database for the FW to know every applications ports rather than to notify on inbound and outbound connections. Just my 2 cents.
     
  23. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I just gave a quick reading at its features and I couldn't tell whether or not it's possible to define a hostname/domain as the remote address? It's handy for those times when IPs are constantly changing.
     
  24. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    To forum admin: Please change the download link (last line in opening post) to http://tinywall.pados.hu/download.php instead of a direct link to the file. I cannot seem to edit the post anymore.
     
  25. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    As stated in the opening post, you have to uninstall by going to the Maintenance tab in Manage.
    1) Elevate privileges from the menu if not done so already
    2) Go to Manage
    3) Select Uninstall under Maintenance
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.