Tiny personal firewall 5.5

Hello,

I was wondering if this firewall is any good, or simply too outdated? I don't need the HIPS features in a firewall.

Thank you

 

This firewall ids is a legend but better to use for testing purposes or as a second layer because it is not up-to-date. But you can very good backtrack evil occurences on your system. For example it is able to track if a rootkit replaces disk.sys (which in fact is one of internet gangsters beloved tricks nowadays) many modern tools wouldn´t take any notice but tpf is really good in detecting some bad tricks.
http://i34.tinypic.com/s400zo.png
In principle this could also be done by windows update but rootkits use this method too.

 

I would only use it as a pure network filter, therefore don't have the windows security module enabled. Used Kerio 2.1.5 in the past but dumped it because of the BufferSize problems.

 

That is the most interesting part you would miss a lot especially the possible existence of a til now unknown or unreal winsta and terminal service rootkit that changes the geometry of harddisks maybe it is part of all seeing internet eye
who knows...http://i33.tinypic.com/2w3olf8.png
Let´s hope that is was only a tiny bug but I doubt because the harddisk drove totally insane and made permanently more then 4000 dll attempts on this special drive so in that case there were no choice except to disable windows security.

As network filter I guess too unsafe except you would add zone alarm as first layer. (that works)

 

I don't think I'd mess with it much, too much has changed in the OS's since it's development ceased........ it's also not too hard to lock yourself out of the OS altogether if you tweak too much, I have done it and others also.

 

Therefore we have virtual machines so try it first in a vm if it appears to work for you then you can check it in real os.

 

Nothing has changed in the structure of IPv4 protocol for many years. If the OP wants to use Tiny as a packet filter, I simply don't see any obstacle.

Cheers,

 

I have "stealth mode" enabled and my network adapter added to "dangerous zone" and most of the IDS rules moved to intrusion prevention.

 

True but Malware evolves. Once it helped me as second layer some years ago when something broke zone alarm down, tiny blocked the attack. That proved that sometimes two firewalls can help but they must really fit and work together.

 

My comment derived from this -

Packet filtering has nothing to do with malware.

Cheers,

 

Tiny 5.5 is quite a bit overkill for a simple packet filter..... but if that's what the OP wants, then there ya go....

 

I used Kerio 2.1.5 but had problems with the BufferSize, other alternative would be Look'n'Stop but it's too complicated to make specific rules for some apps/port it wants to use. Ofcourse there is the option: "activate rule when app is started" but it doesn't seem to detect when the app has closed and the port remains open. Basic XP FW would be just fine if it would have outbound protection.

I would just need the "ok or not" type of outbound application filtering and everything stealth at shields up/pc flank/similar .. without any conflicts or connection problems after I've selected "allow all" for some application. Tiny does this and Kerio 2.1.5 did it until I got the buffersize errors. I could increase the buffersize from registry but I get the feeling that the software isn't working properly or as it was meant to be after I do it.

If there are some "modern" kerio 2.1.5 like solutions, please tell me .. just haven't find one yet.

 

No, really guys, the closest "modern" alternative to Kerio would be Jetico firewall. Just disable process attack table and indirect access (which greatly lessens the popups) and there you go. You have a separate IP table for inbound, and the "Ask user" table for outbound.

Cheers,

 

Yep, I would 2nd that Jetico recommendation and give it a try, it just might be what you want and need. Jetico 1.x is still freeware also (I think)....

 

I'll check if Jetico is what I'm looking for. I tried it for awhile in the past but it simply asked too much and I didn't bother learning how to configure it back then. I'll try disabing those already mentioned tables. Thank you

 

I don't think they are comparable, as in, me thinks Jetico is better

 

Jetico 1 seems excellent without the process attack table

 

Much of the initial prompting can be eliminated once you configure it properly with a few tables and rules and so on. It does take an initial investment in time and effort, but it pays off quickly. All things considered, it's easier than trying to fully configure Tiny. Worth consideration at any rate....

 

Problems appeared, it somehow conflicts with ventrilo voip program and directinput. DirectInput cannot be loaded if jetico is set to optimal protection, but can if it's set to allow all or disabled. "Unable to open DirectInput instance for keyboard" .. and mouse. Very disappointing.

 

First check that you disabled process attack table and indirect access as Seer mentions, then look at the logs.

 

Doesn't Jetico prompt you for something when it tries to load? It's probably just a matter of creating the right rule for it....

 

It doesn't prompt for anything and I had disabled the process attack table. Don't know what you mean with "indirect access"

 

http://risl.codename.fi/tiny.JPG

With these rules, Tiny seems to work similarly to Kerio. I disabled the IDS module because it's probably useless anyway.

 

Jetico 1 or 2? For 2 see last pic here:
http://www.softpedia.com/progScreenshots/Jetico-Personal-Firewall-Screenshot-11505.html
"indirect network access". And the logs, check'em out and see what's blocked

 

Jetico 1