Discussion in 'other firewalls' started by ultim, Oct 12, 2011.
I dont know which version you've been using, but up until the latest test release TinyWall always booted up in normal mode, deliberately not saving the previous mode. This has been changed in one of the 2.0 test releases. As for the icon not showing at all, I have never seen that issue and the fact that you see two processes running tells me that the icon has booted up. So my guess is that it is loaded, but Windows hides it away among the "unused" tray icons. There should be a small arrow on left side of the tray area to expand all icons, TinyWall should be there.
There are some ports which are blocked for browsers, but most are open. So for a browser to be blocked the website has to be using some strange non-standard port, but since even most of those are unblocked, the probability of hitting this problem is very rare. Which website was it? GMail, specifically, is known to work, so I would look for a problem elsewhere, not in TinyWall. The fact that it doesn't work even with "Blind trust" (which gives the app full access to the network) supports my theory.
This can happen, if the app was not given enough access in TinyWall or the application's profile (for TinyWall's recognized apps) is faulty. Which application was it? I'll look into it.
Since the last test release there have been many improvements, for example Windows 8 CTP support, the ability to run under newer versions of the .Net Framework, bugfixes and support for uninstalling from the control panel. The reason this release is taking so long is because I had a change in plans regarding TinyWall v2. I decided to delay 2.0 because I am about to implement a very large change. I am getting rid of all communication profiles.
Just to be clear, these are the profiles like "SSH client", "SSDP", "NetBIOS" and so on. You are probably asking why. There are a couple of reasons.
The profiles ended up something different than I orignally planned. I originally wanted to make them represent application types, like the "Web browser" or "E-mail client" profiles do. However, it turned out that this is very often not possible, and for practical reasons I needed to start creating profiles for internet protocols. Most users do not know much, if anything, about protocols.
Most users will not know if and when they need to use protocols like SOCKS, RDP or even FTP. This was confusing for even some advanced users, because it is unclear what protocols a profile includes. Does the FTP profile include support SCP over SSH? Though FTP is not SSH, most FTP programs support SSH. Does the "E-mail client" profile include support for LDAP to use a remote addressbook? Is my program not working because I am missing a protocol or is it a problem independednt of TinyWall?
Even with the right profiles, correct operation is not 100% guaranteed. A lot of providers run services on non-standard ports or with obscure configuration. In such a case, one of the generic profiles needs to be used anyway (Outbound, Blind trust).
Profile names are not localizable.
Whether something can only access the local network is specified in the profile and not for an application. This is just simply wrong. A user does not want to say that all applications using protocol X can only access the LAN, he wants to say that a specific application is not allowed to access the internet.
In many cases, no specific profile can be used anyway. This happens for example with applications unrecognized by TinyWall in many cases, or even for some recognized applications, if it is required by how the app works (torrent clients, many IM apps etc).
Profiles do change from time to time. They need to be renamed, corrected, deleted, merged and some of these actions simply breaks a user's configuration. These maintenance actions often prevent automatic updates (to prevent breaking user configuration), or it prevents fixes to profiles (to keep updates working).
So anyway, these "profiles" ended up being much different then how I imagined them and they keep making me a lot of trouble. I could fix *some* of the above, but even though it would require a lot of work, multiple issues would still remain so I think it is not worth the effort to start patching it.
In the new system that I am designing, there will be only a very few profiles like "Block", "Allow outgoing", "Unrestricted" and an option to specify additional ports. To be honest, the security impact is likely neglible, and since this is how most other firewalls work, in the worst case TinyWall will only get as bad as the others (just joking) But really, don't worry about the security impact. While it definetely exists in theory, in practice it is close to non-existent.
So this explains the longer than usual release period.
Thanks for the reply and good luck with the development of TinyWall. Here's more info in case it can help you.
1. I was using Windows 7 Home Premium 64-bit with SP1 and TinyWall v1.0.3. the only other security software I had running were avast free and keyscrambler. I always have the 'always show all the icons and notifications on the taskbar' option checked so hiding unused icons was not the issue.
2. the https issue happened sometimes (but not consistently) with gmail and another https://mail... site. however, i'm now trying Windows Firewall Notifier, and that thing is started happening again, so it wasn't just with TinyWall.
Here is an interim release that fixes reported issues, as well as some more. The only exception is the wifi connectivity issue after computer sleep reported by jdd58, I could not reproduce/verify that. I've seen no problems after wakeup from sleep and I also could not find a reason why this should be happening, so if anyone experiences that, please report it because I need more info.
This release is still with the old profile system, the removal of profiles as described in a previous post is happening on a different development branch. To be honest, this here and now would probably have been a release candidate if I hadn't started reworking the profiles, so sorry about the delay, I just want 2.0 to be a really solid version. Anyway, here is the changelog:
- Support Windows 8 CTP.
- Support .Net Framework 4.
- Uninstaller is now started from the Control Panel instead of from TinyWall.
- Make Blind trust default for unblocking unknown apps from Connections window (temporary workaround)
- Add special exception to make local machine pingable.
- Rearchitect blocklist settings
- Better error logging
- Remove configuration option to enable default Windows firewall rules
- Increased startup performance
- Controller may hang missing database.
- Fix: Restrict outgoing UPnP connections more to prevent enabling unwanted traffic.
- Fix: Do not crash if traffic monitoring queries fail.
- Fix: Column sorting of lists needs two clicks the first time to work.
- Fix: Service may crash because of race condition
- Fix: Controller crash if tray menu is opened too early while loading.
- Fix: Tray window shows up too long upon startup
- Fix: Some files are not uninstalled properly
- Profile updates
The link to the latest beta can be found on the bottom of the official download page. Built-in updater is still disabled.
I installed it (your latest beta release) on my Windows 7 Home Premium laptop today (Lenovo, AMD). After some complaining by Avast, it eventually installed OK, and seems to be working fine.
There were a few messages while installing that I suspect were due to Avast trying to block it as an "unknown" exe file, it wanted to sandbox it...
It seems to be very light, and a good alternative to the "big" named competitors.
Please, can anyone tell me where can I view or manage Tinywall packet filtering rules?
Thanks in advance
New beta running nice and smooth here. Thanks Ultim.
Hi joter! Right click the tray icon of TinyWall and select Manage. Than, in the 2nd and 3rd tabs you can add and remove exceptions. Each exception might translate to multiple firewall rules internally.
To view the detailed firewall rules, you can use the built-in management interface of Windows. The easiest way to start it is to execute "wf.msc" (from the command line or from the Start menu). But you cannot edit the rules from this interface as long as TinyWall is installed as running.
This new beta has been working fine on 32 and 64 bit Vista for several days.
No issue with sleep with the latest beta although I did change my wireless adapter recently. I changed from a USB adapter to a PCI slot adapter for a better signal.
Beta 1.9.2 running very nice, no problems.
I think this is just the kind of FW controller I was looking for. Thanks Ultim!
I downloaded the V2 beta a couple of days ago. I think I have the latest, but I downloaded v1.9.1 from the official site after Seven64 got 1.9.2? I haven't tried the stable version, but the beta seems great.
It's working well with avast!, the only tricky thing was I had to add an exception for C:\Program Files\AVAST Software\Avast\Setup\avast.setup to get the updates to work properly. I had to do this while avast! was trying to update because avast.setup seems to appear only while avast! is actually trying to update, and I couldn't figure out any way to add it without clicking on the executable while running.
Thanks again! I was avoiding third party software firewalls and wanted to use Windows firewall to full effect but wasn't smart enough to figure it out, but Tinywall seems to work well.
If you look at properties in the .exe file it shows 1.9.2, but "about" still shows 1.9.1. I have had no problems with new beta, there has been many improvements over the stable version.
Thanks Seven. I see it now in the .exe for the installer.
1.0.4 was released, a very minor update. The only change to 1.0.3 is that it will correctly notify the user of 2.0 when it becomes available.
- Give appropriate instructions to the user when upgrading to future major (>=2.0) releases.
Please let us know with "change logs" about what is happening. Thank you!
I cant print to my HP 5510 network printer. Ive added the software Im printing from, Ive allowed network traffic in my private LAN, and Ive enabled printing in the manage window to no avail. Any ideas?
Install the v2 beta and use the learning mode. Set the firewall into learning mode, print once on the network printer then set the firewall back to normal mode. TinyWall will learn to allow printing and network printing should work after that.
White list by window does not work (operation failed) on first try, second time it works. Beta version 1.9.2
Can you reproduce it?
It's also happening to me but it's purely random..
Another random bug I'm noticing is that "Current Zone" will show as Public, but I'm on Private Zone, any rules available at Private Zone is still functional but it won't show in manage rules. This bug usually happens when the start-up of TinyWall is sluggish, but when it's fast, it will show the right Zone
Yes, where are the logging files to send located?
Same here but it always shows public when it should be private zone. I fired up Sumo since it was not in the rules and it was let right out.
Logfiles are produced when the service crashes. There is also some minimal logging done on notable events into the Windows Eventlog. Please send me the C:\ProgramData\TinyWall\errorlog (if there is any), if this file exists that is a likely reason for the "Operation failed" messages.
I'm checking the zone issue. What is Sumo?
I'm soon done with the changes, all that is left is to figure out what to do with the lists of Special Exceptions,
since those are the only user elements that cannot be localized ATM.
Sumo = Software Update Monitor
Separate names with a comma.