Private Winten - Open Source Windows 10 privacy tool with built in Firewall

Discussion in 'other firewalls' started by DavidXanatos, Dec 23, 2018.

  1. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    Mainpage Design - like Outpost or COMODO, rules or connection logs open in turn in one window and occupy the whole window. Or like Binisoft Windows Firewall Control, rules and connection logs open in separate windows and can be opened simultaneously.
     
  2. guest

    guest Guest

    Private Winten: new Windows 10 privacy tweaker with firewall
    December 26, 2018
    https://www.ghacks.net/2018/12/26/private-winten-new-windows-10-privacy-tweaker-with-firewall/
     
  3. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    I was really intrigued by your new software, so I tested it on my computer.

    The good:
    - A new competitor, which is a really good thing. Competition is always a good thing.

    The bad (just my opinions, I might be too intransigent):
    - The layout is awful. You better not use fancy controls if you don't know how to use them properly. The spacing between controls, overlapping controls, the usage of expanders which do not collapse, etc. The user interface is the most important. Also, pay more attention to the language spelling, this is very important.
    - You should put more relevant info on the Home screen. This is the first thing that a user is seeing. Don't leave that empty and so meaningless.
    - You should add validation for the user input. I was able to define invalid rules and they will not get created/modified and I had no clue of what was wrong. Off course I knew, but this is just me, the developer of WFC. I also tried to delete a random rule, the software just closed itself.
    - Don't try to make an all in one solution, firewall controller, telemetry, etc. Create different tools or different plugins, don't try make a hotchpotch because users won't use your software. Trust me.

    The really bad:
    - While you are saying that your project is open source you have a licensing system and license validation in your software.
    - In the About tab, this is embarrassing. I have no words to describe it. You take the user account name and ask that question. Is that a label or a button? What are you expecting here?

    upload_2018-12-26_23-38-0.png

    As it is now, your software survived 2 minutes on my machine. Unfortunately, fancy looking is not everything.

    Good luck with your project. I really hope you will develop it and don't let it die like similar projects: TinyWall.
     
  4. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    Where do I have overlapping controls?

    I know my spelling is god awful, always was and wont change in this century, no need to rub it in. :(
    Since users will have to help me with foreign language translations lets just consider my English and English English yet another translation to be made Ok?

    I'm planing to put more info on the Home screen, on the last page I already started collecting suggestions what to put there, version 0.2 will have that improved.

    Ah yea, validation I thought there was something on my to do that I forgot ;)
    When it crashed did it provide any crash info i.e what went wrong?

    I'm not going to add UI tweaks or other non privacy relate tweaks, the tool is for protecting users privacy on windows 10 and this needs tweaks as well as a firewall so imho these two functionalities given the scope of the tool really belong together.

    Also Windows 10 is notoriously known for overwriting user preferences so a reliable tweaking tool for Windows 10 must monitor the tweaks and be able to restore them automatically (planned for next or over next version), for that it must run in background. (or alternatively be started on a scheduled task often enough).
    And having many tools in background just fills the system tray unnecessarily, here I find a single tool more elegant.

    But a plugin system sounds like a nice idea, I may add that at some later date.




    What do I expect?
    Some people to support the project on patreon, than they get a nice line there thanking them for their support.
    And it is open source, even the licensing solution I used it an open source library.
    If you don't like the line, grab the source from GitHub: https://github.com/DavidXanatos/priv10/tree/0.1b/PrivateWin10, find the line, comment it out and compile it et voila... line gone.

    At least I'm not extorting users with withholding functionality like some other firewall did up to very recently :shifty:

    And I cant stress it enough its open source, if for whatever reason I should discontinue maintaining the project anyone else can pick up where I stopped.


    Why would it be embarrassing? I got the idea for this from an other open source project: https://github.com/Sloeber/arduino-eclipse-plugin a really neat eclipse plugin for micro-controller firmware development, from time to time they even show a reminder like this:
    sloeber.png

    But I'm not (yet) selling Private Win10 T-Shirts and cups LOL


    Cheers
    David Xanatos
     
    Last edited: Dec 27, 2018
  5. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    @DavidXanatos
    1/ Incorrectly determines the state of the Brandmauer, now I have it turned Enabled
    4.png


    2/ If I create a rule from an alert or connection log, this field is empty by default.
    2.png
    3/ What does this option mean? I see no change.
    3.png
    4/ Interestingly, we will see v0.2 before the NY? :shifty:
     
  6. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    1) will fix that EDIT: the checkbox "Manage Windows Firewall" is off in your screen shot whats why it says disabled
    2) will look into, it empty field means any port but apparently it does not set the label correctly, working on that and the rule validator right now
    3) this is the setting for the notification, ah yea I should have added a tool tip, when it is unchecked this program-group never show a notification window, if it is checked it will always show it and if it is undetermined [-] it will use what ever is set in the settings, this value gets also changed if you select to "Stop Notify" in the notification window.
    4) may be..., possibly..., probably... :D
     
  7. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    1/
    If I do this, before restarting Private, the status is still incorrectly determined. No plans to solve this without restarting?
    1.png
    3/ I have it "checked", but i not see notifications, although there are entries in the log of connections. Should this work for applications that have rules?
     
  8. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    1) will be fixed

    3) it shows only notification for blocked connections not for allowed once.
     
  9. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    We wrote at the same time.
    5/ What does the alarming striped background mean?
    5.png
    6/ When a Donate request appears:
    6.1 - brandmauer works: yes / no?
    6.2 - rules works: yes / no?
    6.3 - alerts works: yes / no?
    7/ Perhaps, as is customary on the Internet, you need to rename Private Winten -> Private WinTen
    Thank for answer!
     
    Last edited: Dec 27, 2018
  10. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    5) this means that despite there being a to allow/block rule the process was blocked/allowed, that is the windows firewall did not do what was expected.
    This can happen in a few scenarios and the indicator needs to take that into account (what it does not yet always do)

    a) there is a global block rule that overwrote a application specific allow rule, block rules always take precedence

    b) the program is a windows service hosted in svchost.exe that seams to be a mess, not sure how to sort that out :/
    the problem is here that multiple services may be contained in one instance of a svchost.exe process, in theory the windows firewall should be able to handle that. There is a parameter for a service to be specified.
    However when we get firewall events logged we only get the ProcesID of the process that caused that event and no more information's.
    So we have to query the system new ManagementObjectSearcher("root\\CIMV2" ... which services are running under that ProcesID, currently we only evaluate one returned value but there may be many so as it stands it will misidentify the service.

    One solution for that is to set windows to use a new instance of svchost.exe for each service.

    I haven't implemented solutions yet as all are kind of ugly and would fail in some scenarios, still waiting for a brilliant idea for a pretty solution.


    6) you click one of the two options and continue working, there are no limitations nothing gets disabled, its just a friendly reminder, everything works.

    7) ok
     
    Last edited: Dec 27, 2018
  11. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    Understood everything, thank. The program has a great future, and even more in the future! :thumb:
    8/ I remind you that the RuleWindow does not save the user position on the screen even when the window is reopened in the current session.
     
  12. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    1 ) ok, I fixed that just now

    :)
     
  13. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    upload_2018-12-27_21-11-39.png
    upload_2018-12-27_21-18-10.png

    Does the one below looks right to you?

    upload_2018-12-27_21-15-53.png
    But your users are not software developers. They don't know how to remove that line and recompile.
    Good one :D

    Good luck with your project.
     
  14. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    Donation for WFC - this is only for honest users like me :D because around only kg :mad:
     
  15. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    New release: https://github.com/DavidXanatos/priv10/releases/tag/0.1c

    [0.1c] - 2018-12-27
    Added
    • buttons in the firewallwindow get enabled/disabled based on list selection
    • rule validation for the rule window
    Fixed
    • not setting properly local port and address when creating a rule from the notification window
    • fixed a bug in ip matching when a subnet was present
    • rule window not saving position
    • crash issue under windows 7 related to non existent app list
    Changed
    • changes the way service names and PIDs are resolved
    Known Issues
    • Overview page is still mostly empty and outdated, next todo


    Ah I see, yea when making the windows much to small stuff starts to collide, will fix that at some point once the more important things are working.

    My next ToDo's are the overview page, full localization support and a mechanism to auto redo tweaks windows undid.

    Cheers
    David X.
     
  16. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    Ooo, yes, thank!
    Maybe, for v0.1d, the problem is clear from the pictures
    9/
    9.png
    10/
    10.png
    11/
    11.png
     
  17. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    9 ) remember last open page and upon restart go to that, ok
    10 ) not sure whats the problem here? top screen border <-> bottom of the screen = that's a very small screen?
    11 ) to change this options you must start Private Win10 as admin manually.
    As it stands its installed as a service in which case when the UI part starts it does not need and those does not get admin rights.
    I should add add a UAC icon there and a button to quickly restart UI as admin.
     
  18. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    9/ Ok, wery well!
    10/ My screen 24". If check "Autostart as logon" and check "Show tray icon" PWT launched not in the system tray, but as a window with a window size close to the maximum, and is shifted down under the taskbar. To normalize the position of the window, the user must double click on the window title. But with such options, it should start only in the tray. v0.1c - bug not fixed!
    11/ Ok
    12/ Two instances of the program were randomly launched. Is this normal or should it be fixed?
    13/ Need options for quickly block/allow Internet (red/blue icon in tree), like this
    block.png
    14/ Not saved user sizes after reboot machine
    2.png
     
    Last edited: Dec 28, 2018
  19. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    3/ These options do not work. I have a block rule, there are attempts to access the network, but there are no alerts.
    not.png
     
  20. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    10/ is strange when i try it in my vm with that settings it does not show the window it starts in tray as it should,... do you mean it starts on boot wrong or does it start with window when you manually start it after boot?
    the way it works internally is that when it auto starts it has the argument "-autorun" only than it does not show the window, when you start it manually it wil always show a window no mater if "Autostart as logon" was checked or not.

    12/ I will add a fix for that

    13/ will add an option for that


    3/ This check is not for alerts but only for the blocked connection notification window that only appears if there is no rule, the purpose of this is to ignore blocked connection attempts without having to explicitly specify a block rule.

    Do you want a separate blocked connection notification window for processes that already have block rules? What would be the use case for that?
     
  21. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    10/ The option Autostart as loggon is checked. When the computer boots, the PWT starts with the window in full screen. In the tray it has to be hidden manually. Now it is the biggest visual bug.
    12/, 13/ :thumb:
    3/ Yeah, now I understand
    No, it is not necessary, just before I misunderstood the purpose of this option.
     
  22. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    Unfortunately there is only the option to go manually through all services in the registry and set a value for each. :(:(:(:(:(

    I looked at your code: Groupe defender = new Groupe("Disabel Deffender"); xD
    You really have to take it slow and put little bit more time into checking your spelling. It's actually a wonder that it works xD

    EDIT:
    Why do you disable personalization and lockscreen?
    About "*** No Font Updates ***" section: Could this lead to uniqueness due to old fonts in font fingerprinting? (Same for "*** No Certificat Updates ***")
     
    Last edited: Dec 28, 2018
  23. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    10/ ah i think i found it it happens when the UAC Bypass is active, will fix that asap


    Well the list of tweaks is for the most part M$'s "Windows Restricted Traffic Limited Functionality Baseline" GPO configuration,
    and that one is supposed to disable any communication with M$ although it fails to completely kill telemetry as it leaves the service running.

    Most of what M$ calls personalization is M$ getting to know you not the personalization you do by hand in windows, and the lockscreen shows ad's without lockscreen you get the win 7 behavior where it just asks for login credentials.

    Some tweaks are a bit over the top like "No Certificat Updates", I should add an option to the settings to by default hide tweaks which are a bit extreme
     
  24. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    1,103
    Location:
    Lunar module
    10/ Ok
     
  25. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    https://github.com/DavidXanatos/priv10/releases/tag/0.1d

    [0.1d] - 2018-12-28
    Added
    • save last open page and open it on restart
    • all setings can now enabled when running not as dmin, wne a admin only seting is to be chaged the cleint prompts fo a restart
    • finish localizations upport
    Fixed
    • fixed issue in retriving service by PID
    • UAC bypass messing with -autorun argument
    Changed
    • improved emabling and disabling of execution as service


    ToDo's
    • prevent starting of multiple instances
    • add option to block/unblock internet access from tray
    • add tweak restore mechanism
    • make overvioew page usefull
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.