TinyWall Firewall

Discussion in 'other firewalls' started by ultim, Oct 12, 2011.

  1. spocko

    spocko Registered Member

    Joined:
    Apr 23, 2012
    Posts:
    11
    Location:
    USA
    I recently started playing with TinyWall 2.0.1 on Window 7 x64. I never used previous versions, so this is my first impression.

    First, I want to say a big thank you to Ultim for your work on TinyWall, and for making it free! You've done some very nice work here.

    Second, I'd like to provide a few comments.

    The philosophy of silently blocking almost all outbound connections could potentially decrease security by preventing important updates to applications and services. For example, things like Flash and Java often have important security updates. I really think TW needs to provide a better way for users to see what is being blocked, so they can make sure that something important is not being blocked.

    I think the simplest way to do that would be to provide better logging. Currently it appears that the history of blocked connections is limited to the last 2 min. If something got blocked 3 min ago, how would I know? I think the history of blocked connections should be complete, and should be persistent unless cleared by the user. It should be possible to look back at the previous day, week, month etc. to see what was blocked.

    Another concern is that learning mode silently creates rules without any user review. This potentially reduces security because unintended rules could be created. After using learning mode, the user needs to go review the entire list of exceptions to see if anything unintended snuck in. I see 2 obvious ways to solve this.

    First, I know this may go against one of the design philosophies of TW, but I would actually like to have the option of displaying interactive popup notifications similar to ZoneAlarm, etc. If the notifications were user configurable (i.e. user could independently enable/disable inbound and/or outbound notifications in each mode) then I think everyone could be happy. People like me might enable notifications during learning mode only. Others might like to see notifications during normal mode also. Completely silent mode, as we have it today, could still be available and could still even be the default.

    If popups are not feasible, or if they are simply too distasteful to the author, then I think the next best solution would be that when learning mode is turned off, the list of new rules/exceptions that were just learned could be presented to the user for review before they are saved permanently.

    It would also be helpful if learning mode could persist across restarts. Currently I think the mode always reverts to Normal at startup. That prevents me from "learning" about connections that occur during startup.

    Lastly, it would be a nice convenience if the TW tray app provided a shortcut to open the Windows Firewall advanced settings, in case I wanted to go over to that interface to review rules, etc.

    That's my 2 cents. Thanks for listening. :)

    Edit: At least sometimes, the current TW version doesn't even show what was blocked in the last 2 min. For example, the Adobe Flash updater triggered on my machine this morning and was blocked. The TW "Show Connection" window didn't show the blocked connection. If the flash updater hadn't notified me that the update had failed, I wouldn't have known.
     
    Last edited: Jul 14, 2012
  2. peters4000

    peters4000 Registered Member

    Joined:
    Jun 30, 2012
    Posts:
    26
    Location:
    GB
    hi, I have two computers on my home network connected using a router. One is a Wifi laptop. Everytime one goes to sleep my network discovery and file sharing gets turned off and i have to reset it to allow (turn back on) , I have allowed "Unblock Lan traffic" and "File and printer sharing" on TinyWall any ideas ?

    Win 7 64 bit

    EDIT: I should have added that this does not happen if i disable TinyWall
     
    Last edited: Jul 16, 2012
  3. roark37

    roark37 Registered Member

    Joined:
    May 23, 2006
    Posts:
    193
    Hi, I am considering trying Tinywall and had a couple of questions/recommendations. First like spocko above I would love to see the option of pop up notifications similar to many firewalls like Zone Alarm. As I like to see all the programs that are attempting access. Is that an option you are considering adding?

    Also, does Tinywall uninstall cleanly and completely just using add/remove programs? I ask as I am always concerned with firewalls of having difficulty removing if I need to.

    Thanks.

    roark
     
  4. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    Hi Vilmalith,
    If TinyWall's service stops or exists for any reason, for me that is to be fixed ASAP with highest priority. If it crashed there should be a file called "errorlog" in C:\ProgramData\TinyWall , yould send it to me please? It would help me a lot.
     
  5. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    Please send me C:\ProgramData\TinyWall\errorlog, if there is such a file.
     
  6. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    TinyWall does not kill other programs (unless you order it from the connections window). The only explanation that I can come up with is that DNSCrypt crashed when it got denied internet access. If I am right, than this is a bug to be fixed DNSCrypt.
     
  7. Seven64

    Seven64 Guest

    I will next time it happens, I try now just to go through and find the program manually.
    What about the blocklist update, MVP Host file?
     
    Last edited by a moderator: Jul 15, 2012
  8. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    Hi spocko, thank you for your detailed input. I'll try to address each of your points.

    I know, and this is why TinyWall automatically whitelists well-known security software. Unfortunately this database is impossible to always keep up-to-date, and it of course can also never be complete. I have plans to do a better job at this by incorporating a new community-based feature in a future version, but it won't come for a few months. Currently I have minimal time for my hobby projects to implement it.


    The reason for this limitation is laptop users and hard-disk life. Windows' built-in firewall does not simply allow monitoring blocked or accessed connections, the only way to do it is to let it log every single network-related action to a log file, and TinyWall then reads this log. Needless to say, when active this generates a LOT of hard disk activity, and it sure won't let a laptop user's HDD spin down. So TinyWall's "solution" is to only request firewall logging (which enables monitoring connection) when the Connection window is open. This means it won't generate HDD activity unless you are actually looking at the network activity. This is the basic explanation of all restrictions based on connection monitoring. I guess I could make this an option for some people who don't care about the HDD, and laptop users could keep the current behavior. But I do feel this would be a real geek option that would go in the face of TinyWall's simplicity.


    First of all, displaying popups would mean needing to let HDD logging run 24/7. Second, popups would not be as usefull as with "large" commercial firewalls. Those big companies can delay another app's connection request by bringing their own drivers. They allow a program's execution to be paused while the user makes a choice to allows or deny a program. TinyWall cannot do that unless it also starts installing drivers. This means, even if it did display popups, the other applications would already error out by the point when the user makes a choice, and the user would need to restart the whole operation whatever he/she was doing. Third, I do displike popups, which is the reason I created TinyWall. I should have a lot more time on my hands to start implementing something like that, because if I would, I'd only do it properly, that is, writing my own driver for it... but then another key feature of TinyWall would disappear, that it does not install drivers.

    The ability to review new exceptions when switching out of autolearning would be a good thing and is something I've also thought of, and I will probably implement it once I have more time. Unofortunately, probably not happening over this summer. Not just this feature, but any major feature. I can barely take the time to keep TinyWall maintained at the moment. I know this will change, but not for a couple of months.

    This is a valid point. My original reason to not remember autolearning was to prevent the firewall from accidentially staying in a mode where it provides basically no protection. But I can see your point. No promises about an implementation, but I will think about it.


    That is probably because the Connections window was not open. As I described earlier in this post, connection monitoring is only active while that window is open. So if you open this window for the first time, it won't even show you connections from the past 2 mins, since it just started logging them. However, there is a deactivation timer. If you close the Connections window, than firewall monitoring still stays on for (guess what...) 2 minutes before shutting the HDD activity down. This means you can open the window, close it, and if you reopen it within the next couple of minutes than it will also show blocked connections that happened while the window was closed. But this is just an implementation detail. I incorporated this timer so that when a user often opens/closes the list of blocked connections he won't miss a thing inbetween.

    The main problem is, to sum up, that TinyWall does not bring its own filtering driver. This is, of course, also an advantage, but it also has its deficiencies: It must rely on the technical limitations of the Windows Firewall, which has great filtering capabilites and a great programmatic way to manage firewall rules (like for TinyWall), but it lacks at other areas (like reporting connections by logging, unability to delay connection requests of other applications etc.).
     
  9. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    Hi, sorry but I am currently not considering adding popup notifications. TinyWall v2 will uninstall cleanly from add/remove programs, but note that if you have custom rules in windows firewall, you will lose them. TinyWall resets the Windows Firewall into its default state when you uninstall it.
     
  10. Seven64

    Seven64 Guest

    What about the blocklist update, MVP Host file?
     
  11. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    Hi,
    The hosts file was updated, but its update is completely in the background. If you manually start update checking from the Manage window, it will only report program updates. But the next time the service checks for updates, it will still install the new hosts file.
     
  12. m0unds

    m0unds Guest

    maybe something like this?

    Pop-up dialog:
    how long would you like TinyWall to stay in learning mode?
    1 Hour, Until reboot, 24 hours, etc
     
  13. Werderforever

    Werderforever Registered Member

    Joined:
    Aug 31, 2010
    Posts:
    78
    Location:
    Germany
    I know, you have less time, but it´s neccessary for me, that I can use my networkprinter.

    Do you have a solution in the next time? I have tried many things (see posts 480, 483, 485, 490, 492 and 495) and nothing helps.
     
  14. Ring0

    Ring0 Registered Member

    Joined:
    Aug 9, 2010
    Posts:
    66
    -trying to correct unwanted connections with rule;

    -in this way, are permitted all unwanted connection, later make efforts to hunt the same.

    -such connection control, I would call: KISS (Keep it simple, Stupid!) connection control.

    -malware port ? operates in the range 0-65535, not only this from your list.

    -simple control connections to the outside is, block all, and allow the desired.

    -who says otherwise, know little of firewalls, I hope that you will learn with time, I said.
     
  15. Seven64

    Seven64 Guest

    WTFo_O?
     
    Last edited by a moderator: Jul 18, 2012
  16. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    Glad I'm not the only one that thought that :)
     
  17. spocko

    spocko Registered Member

    Joined:
    Apr 23, 2012
    Posts:
    11
    Location:
    USA
    Ultim, thank you very much for your feedback on my comments! A few followup comments below.


    That's a neat idea. You could either have the list be moderated, or you could incorporate some kind of "confidence rating" for the community submitted exceptions, based on how many people submitted the same exception.

    Ahh, didn't know that, thanks for the explanation. People with SSDs probably wouldn't want the logging enabled all the time.

    I understand the concern about disk activity, but I disagree that better logging would be a geek feature. I think many users, including non-geeks, would like the ability to see what is being blocked. It sounds like TW currently prevents that by turning Windows FW logging off when the connections window is closed. An option to enable continuous logging would be nice. Whether the feature is geek-oriented or not may depend on how the log info was presented to the user.


    I'd be ok with that, as long as it was optional.

    Not delaying other programs would be ok with me. The popup would still make me aware that the program was blocked. Adding a custom driver for TW is something that I would not want. I really like the fact that TW works without installing any drivers.

    In general, I'm not too hung up on the idea of popups. I do think they could be useful in some cases, particularly learning mode, but the aren't necessary. The real need IMHO is to let the users know what is being blocked, and that need can be addressed in other ways such as logging.

    Awesome, thanks.

    I understand. Again this raises the logging question, because that is another way that the need could be addressed. Currently if something gets blocked during startup, I have no way of knowing about it. I can't "learn" an exception for it since the mode reverts to normal, I can't manually add an exception since I don't know what was blocked. If I was able to log activity during startup, and easily add exceptions based on the log, then I could add any needed exceptions manually. Then maybe I wouldn't care about being able to autolearn them.

    That is true. I didn't know that logging only was enabled while the connections window was open. A note somewhere in the window might make it more obvious to simpletons like myself.


    Thanks again for all your effort, and please don't take any of this as complaining. It's intended it to be constructive. I totally understand that TW is free software developed in your own spare time, so you should do with it as you wish. :)

    Cheers!

    P.S. Anyone who really wants popups could check out Windows Firewall Notifier. Unless you don't like disk logging, because this one keeps it on all the time.
    http://wokhan.online.fr/progs.php?sec=WFN
     
    Last edited: Jul 21, 2012
  18. Seven64

    Seven64 Guest

    Still wating for a reply (asked about 3-times) thanks. Whats the point of having auto-updates checked if such a long delay (of host files).
    I dont mean to sound a-holish, just me!:D
     
    Last edited by a moderator: Jul 21, 2012
  19. peters4000

    peters4000 Registered Member

    Joined:
    Jun 30, 2012
    Posts:
    26
    Location:
    GB
    Seven64
    See post 536
     
  20. hogndog

    hogndog Registered Member

    Joined:
    Jun 9, 2007
    Posts:
    632
    Location:
    In His Service
    Host file gets updated once a month, its been that way for as long as i can remember.. ;)

    To view the HOSTS file in plain text form. (588 kb) (opens in browser)
    Note: The text version also makes a terrific searchable reference for determining possible unwanted connections..

    Download: hosts.zip [right-click - Select: Save Target As] [Updated July-03-2012]
    If you found the MVPS HOSTS file useful ... please consider a donation

    http://winhelp2002.mvps.org/hosts.htm

    Hogndog
     
  21. roark37

    roark37 Registered Member

    Joined:
    May 23, 2006
    Posts:
    193
    Hi, I am getting ready to try TinyWall and have read a few how to use guides I found online but have a question. It seems after you have Tinywall running by default it blocks all outbound access. If I want to leave it that way but only allow my browser, say Chrome, to be allowed internet access do I only have to whitelist the chrome.exe process? Or are there a bunch of other services I also need to allow? Or does Tinywall already know to allow those services? Ideally that is what I would like, no access allowed outbound at all except for the browser, is that easily doable with Tinywall? Thanks.

    roark
     
  22. EboO

    EboO Registered Member

    Joined:
    Mar 12, 2011
    Posts:
    287
    Hi,

    In options you can detect applications to allow and you just have to select which one you want to allow.
     
  23. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    I am back to using the basic Windows 7 firewall. Tinywall was very nice in knowing what applications wanted to to connect out while i am behind my cable modem router and a learning mode. I might install it again for that reason.

    Good work Ultim.
     
  24. roark37

    roark37 Registered Member

    Joined:
    May 23, 2006
    Posts:
    193
    Hello, I installed Tinywall yesterday so have only used it for a very short time but I really like it so far and have found it trouble free and very easy to use. So thanks and compliments to the developer.

    Some questions though; if you turn off/disable Tinywall does that also stop Windows Firewall or will that remain on at whatever settings you have for it which it my case is the default?

    Also, I have not tried to connect to my work yet but that uses Juniper Networks jpass for vpn and then I remote access into my desktop at work. If I leave Tinywall on I figure I must give jpass access but is there anything else I need to allow so I can connect through remote desktop? Or is it not really worth it and while I connect to vpn for this would I simply be better off turning off/disabling Tinywall and then turning on again after logging off vpn?

    Thanks again.

    roark
     
  25. Seven64

    Seven64 Guest

    Never mind, got it updated. Thanks!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.