TinyWall Firewall

Discussion in 'other firewalls' started by ultim, Oct 12, 2011.

  1. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    I'm pretty excited so I'm just going to take a deep breath, close my eyes and say it bravely...



    It came 3.5 months later than I originally planned, but frankly, I'm glad it did. I mean, there was a good reason for the delay, many bug fixes, new features, redesigns and so on, and all this good stuff wouldn't have gone into 2.0 if I had been "punctual". Of course, it's all thanks to you. I mean the whole community, this forum, other forums, the e-mails I received and many other people that have unwaveringly tested and reported issues and wishes. And I cannot stress enough how thankfulll I am to all of you. Because 1.0 of TinyWall has been downloaded over 36.000 times, and this is not even counting all the sites that worked around my download-counting link! So thank you, and I especially thank the community on this forum, being the most helpfull of all.

    Now that I managed to hype up all of you, I must admit there is not much new in this release IF you were already using the latest beta. But it does fix the most recently reported connectivity issue when KB2688338 is installed (which is pretty important), it improves a bit on accessability and there is also a French translation thanks to EboO. Additional languages are gonna pop up in future updates (German and Hungarian were promised too, but I'm still waiting for them). But, and a big but, FYI and for all who didn't follow the development process, here is a nice and complete list of all the new features and enhacements in 2.0 compared to version 1: http://tinywall.pados.hu/docs/whatsnew.html

    So, you might be asking, what's next? I guess as more people start using 2.0, some minor issues will pop up, so I'm gonna wait and see first, and fix them in small incremental updates like I did with the first version. Then once things are calm, I'll start working on the next major update. Because, just to let you know, I'm still full of ideas and I have lots of fun things on my mind that didn't make it into 2.0. What will it be called? 2.1? 3.0? Who knows, but TinyWall will keep on improving.
     
    Last edited: Jun 11, 2012
  2. EboO

    EboO Registered Member

    Joined:
    Mar 12, 2011
    Posts:
    287
    Great job !

    More than 36000 donwload is really nice, long life to Tinywall :)
     
  3. Seven64

    Seven64 Guest

    There are malicious programs that use scvhost to connect, are these blocked, or allowed?
     
  4. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    svchost ist generally blocked. Only some special services of svchost are allowed, like the dns or dhcp client (see special exceptions dialog in TinyWall). Most other services of svchost, or svchost not running as a service are blocked.
     
  5. Seven64

    Seven64 Guest

    Ok, thanks.
     
    Last edited by a moderator: Jun 12, 2012
  6. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    svchost can run as many different services. If the virus infects a non-whitelisted service of svchost, it will stay blocked. But if it infects the dhcp service, for example, it will get through.

    But there isn't any other firewall that can stop viruses that infect legitim processes, unless the port or the domain of the virus is blocked. No firewall can stop viruses that infect good programs. Some HIPS software might prevent processes getting infected, but they don't stop infected processes. However, your antivirus should stop or recognize such infections. This is one reason why it is important to use both a firewall and an antivirus software.

    But let's say you don't use an antivirus, and your virus somehow manages to get admin privileges (which is required to infect svchost). Even then it might be stopped, if it happens to use a port or domain blocked by one of TinyWall's port or domains blocklists. So by enabling blocklists in TinyWall, you can increase security even in case of infections. Also, TinyWall restricts many svchost services to the local network. For example, even if the dhcp service gets infected, it would bever be able to reach the internet with TinyWall, because TinyWall restricts dhcp to the local network.
     
  7. Seven64

    Seven64 Guest

    I was concerned about a program calling home using the backdoor.
    We posted at the same time, thanks for the additional info.
    I am learning, so excuse me if I ask to many questions.
     
    Last edited by a moderator: Jun 12, 2012
  8. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,887
    Location:
    Stockholm Sweden
    Great job Ultim! I love this nonintrusive FW. My favourite is the "whitelist by window" simply genius imo.
    Only have one minor problem though.
    Tinywall needs to be turned off when logging in with OpenVpn. Doesnt seem to learn on learn mode or whitelisting the executable. No biggie really since once connected I can enable TinyWall again.


    *edit*

    Forgot I had the beta version when I wrote the above. I have now upgraded to the live version and the OpenVpn issue is gone. TW learns the rules once and after that I can connect with OpenVpn with Tinywall enabled on "normal". :thumb:
     
    Last edited: Jun 13, 2012
  9. Legendkiller

    Legendkiller Registered Member

    Joined:
    Jun 29, 2006
    Posts:
    1,053
    This the first time i am using, i have blocked apps based on my choice....What i wanted to know that does it protect the PC on its own or depends on windows FW and it just serves as a controller?
     
  10. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,412
    Location:
    Romania
    It depends on Windows Firewall. It is just an interface which helps you to easily configure WFwAS.
     
  11. Legendkiller

    Legendkiller Registered Member

    Joined:
    Jun 29, 2006
    Posts:
    1,053
    ok, thanks
     
  12. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    The first independent review of TinyWall 2.0 is already out: http://www.davescomputertips.com/2012/06/tinywall-the-best-thing-since-sliced-bread/

    Please allow me to cite the last paragraph:
     
  13. khanyash

    khanyash Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    2,428
    Blocklists is a security feature & enhancement over windows fw, so why it is disabled by default? Majority of users dont change the settings so I think this is an important feature & should be enabled by default.

    There are 3 options to whitelist an app, whitelist by processes, executables & window. Which one is the best/comfortable or recommended option for majority of users? And I think it would be good if that option has the word Recommended in bracket.

    I dont know what are the different effects of the 3 options & hope any apps will work with any options chosen. Just would like to know what would be the best order to apply the options i.e for ex - one should try first whitelist by window, if any prob then try executables & if any prob try processes. What would be the best order to apply options?
     
  14. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    Blocklists are disabled by default, because there are some theoretical (non-security) dangers. The ports blocklist might prevent legitim applications to function properly, while the hosts file might slow down the computer. If the user has to enable these manually, in case of problems it will be clear for him what settings are responsible. I might enable blocklists by default in a future version though, I have already though about it.

    There is no best method. All three do exactly the same thing, the only difference is personal preference or comfort. For most users, "Whitelist by window" is probably the most comfortable, but there are some rare cases where it will not work. The other methods are not worse in any other way though. For "Whitelist by process" you might only see a portion of the processes in the list if TinyWall's controller is not running elevated. "Whitelist by executable" can always be used, but is probably the least comfortable because you have to manually navigate through your filesystem and you also need to know which executable started a process. But the one and only difference between the three methods, if you can use all three, is comfort. The catch is that you are not always able to use all three (as described above).
     
  15. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    503
    Location:
    USA
    Is the TinyWall site down? I keep getting this message:

    This page intentionally has nothing but text
    explaining why this page has nothing but text
    explaining that this page would otherwise have been left blank,
    and would otherwise have been left blank.

    Would like to look it over but no joy at this time.
     
  16. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,342
    Location:
    USA
  17. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    818
  18. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,342
    Location:
    USA
    Doesn't for me. I get the same thing as focus.
     
  19. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    503
    Location:
    USA
  20. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    You should only get that page for pados.hu. The URL for tinywall however is not pados.hu, but tinywall.pados.hu . Are you saying that you are visiting tinywall.pados.hu and you still get the same page as for pados.hu?
     
  21. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,342
    Location:
    USA
    I get that page when I visit tinywall.pados.hu.
     
  22. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    I guess the reason would be the missing https support on the site. Try it without a secure connection and it will work. I'll set up SSL support for tinywall.paods.hu a bit later, until then you'll need to ensure simple http.
     
  23. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,342
    Location:
    USA
    I actually just thought about that being the issue, thanks for confirming. BTW excellent app.
     
  24. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    503
    Location:
    USA
    Yes, but after the further on SSL clues after my last post I found that if I disabled Https Everywhere the site loaded fine. Thanks.
     
  25. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/

    why it's not signed

    or is it signed and i'm doing something wrong ?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.