I'm pretty excited so I'm just going to take a deep breath, close my eyes and say it bravely... TINYWALL 2.0 IS RELEASED! It came 3.5 months later than I originally planned, but frankly, I'm glad it did. I mean, there was a good reason for the delay, many bug fixes, new features, redesigns and so on, and all this good stuff wouldn't have gone into 2.0 if I had been "punctual". Of course, it's all thanks to you. I mean the whole community, this forum, other forums, the e-mails I received and many other people that have unwaveringly tested and reported issues and wishes. And I cannot stress enough how thankfulll I am to all of you. Because 1.0 of TinyWall has been downloaded over 36.000 times, and this is not even counting all the sites that worked around my download-counting link! So thank you, and I especially thank the community on this forum, being the most helpfull of all. Now that I managed to hype up all of you, I must admit there is not much new in this release IF you were already using the latest beta. But it does fix the most recently reported connectivity issue when KB2688338 is installed (which is pretty important), it improves a bit on accessability and there is also a French translation thanks to EboO. Additional languages are gonna pop up in future updates (German and Hungarian were promised too, but I'm still waiting for them). But, and a big but, FYI and for all who didn't follow the development process, here is a nice and complete list of all the new features and enhacements in 2.0 compared to version 1: http://tinywall.pados.hu/docs/whatsnew.html So, you might be asking, what's next? I guess as more people start using 2.0, some minor issues will pop up, so I'm gonna wait and see first, and fix them in small incremental updates like I did with the first version. Then once things are calm, I'll start working on the next major update. Because, just to let you know, I'm still full of ideas and I have lots of fun things on my mind that didn't make it into 2.0. What will it be called? 2.1? 3.0? Who knows, but TinyWall will keep on improving.
svchost ist generally blocked. Only some special services of svchost are allowed, like the dns or dhcp client (see special exceptions dialog in TinyWall). Most other services of svchost, or svchost not running as a service are blocked.
svchost can run as many different services. If the virus infects a non-whitelisted service of svchost, it will stay blocked. But if it infects the dhcp service, for example, it will get through. But there isn't any other firewall that can stop viruses that infect legitim processes, unless the port or the domain of the virus is blocked. No firewall can stop viruses that infect good programs. Some HIPS software might prevent processes getting infected, but they don't stop infected processes. However, your antivirus should stop or recognize such infections. This is one reason why it is important to use both a firewall and an antivirus software. But let's say you don't use an antivirus, and your virus somehow manages to get admin privileges (which is required to infect svchost). Even then it might be stopped, if it happens to use a port or domain blocked by one of TinyWall's port or domains blocklists. So by enabling blocklists in TinyWall, you can increase security even in case of infections. Also, TinyWall restricts many svchost services to the local network. For example, even if the dhcp service gets infected, it would bever be able to reach the internet with TinyWall, because TinyWall restricts dhcp to the local network.
I was concerned about a program calling home using the backdoor. We posted at the same time, thanks for the additional info. I am learning, so excuse me if I ask to many questions.
Great job Ultim! I love this nonintrusive FW. My favourite is the "whitelist by window" simply genius imo. Only have one minor problem though. Tinywall needs to be turned off when logging in with OpenVpn. Doesnt seem to learn on learn mode or whitelisting the executable. No biggie really since once connected I can enable TinyWall again. *edit* Forgot I had the beta version when I wrote the above. I have now upgraded to the live version and the OpenVpn issue is gone. TW learns the rules once and after that I can connect with OpenVpn with Tinywall enabled on "normal".
This the first time i am using, i have blocked apps based on my choice....What i wanted to know that does it protect the PC on its own or depends on windows FW and it just serves as a controller?
The first independent review of TinyWall 2.0 is already out: http://www.davescomputertips.com/2012/06/tinywall-the-best-thing-since-sliced-bread/ Please allow me to cite the last paragraph:
Blocklists is a security feature & enhancement over windows fw, so why it is disabled by default? Majority of users dont change the settings so I think this is an important feature & should be enabled by default. There are 3 options to whitelist an app, whitelist by processes, executables & window. Which one is the best/comfortable or recommended option for majority of users? And I think it would be good if that option has the word Recommended in bracket. I dont know what are the different effects of the 3 options & hope any apps will work with any options chosen. Just would like to know what would be the best order to apply the options i.e for ex - one should try first whitelist by window, if any prob then try executables & if any prob try processes. What would be the best order to apply options?
Blocklists are disabled by default, because there are some theoretical (non-security) dangers. The ports blocklist might prevent legitim applications to function properly, while the hosts file might slow down the computer. If the user has to enable these manually, in case of problems it will be clear for him what settings are responsible. I might enable blocklists by default in a future version though, I have already though about it. There is no best method. All three do exactly the same thing, the only difference is personal preference or comfort. For most users, "Whitelist by window" is probably the most comfortable, but there are some rare cases where it will not work. The other methods are not worse in any other way though. For "Whitelist by process" you might only see a portion of the processes in the list if TinyWall's controller is not running elevated. "Whitelist by executable" can always be used, but is probably the least comfortable because you have to manually navigate through your filesystem and you also need to know which executable started a process. But the one and only difference between the three methods, if you can use all three, is comfort. The catch is that you are not always able to use all three (as described above).
Is the TinyWall site down? I keep getting this message: This page intentionally has nothing but text explaining why this page has nothing but text explaining that this page would otherwise have been left blank, and would otherwise have been left blank. Would like to look it over but no joy at this time.
You should only get that page for pados.hu. The URL for tinywall however is not pados.hu, but tinywall.pados.hu . Are you saying that you are visiting tinywall.pados.hu and you still get the same page as for pados.hu?
I guess the reason would be the missing https support on the site. Try it without a secure connection and it will work. I'll set up SSL support for tinywall.paods.hu a bit later, until then you'll need to ensure simple http.
Yes, but after the further on SSL clues after my last post I found that if I disabled Https Everywhere the site loaded fine. Thanks.