Beta-testing TinyWall

Discussion in 'other firewalls' started by ultim, Oct 12, 2011.

  1. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    yes that would be better :thumb:

    I hope Stem could drop by and test your software. I find his posts useful :)


    btw the big TinyWall on your page points to http://tinywall.pados.hu/index.html (i get 404 not found)
     
    Last edited: Oct 13, 2011
  2. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    311
    Izumi:
    > you should put MD5 hash of the installer on the download page so we can verify the integrity of our download.
    Done, Thanks.

    > (i get 404 not found)
    Also corrected, thx.

    Rilla927:
    The application database and not notifying about connections are two different things. The database is not there to replace the popups. The database 1) makes it unnecessary for the user to know how each application should be configured and 2) makes sure that an application is not compromised at the time of whitelisting. In fact, some large firewall companies (who rely on popups) have their own databases of safe programs to reduce the number of clicks for their users.

    m00nbl00d:
    It is not supported. Currently you cannot block specific IPs or domains. The way TinyWall works is that everything is blocked, and you can unblock specific ports for specific applications on your computer. IP-blocking capability will probably come in a future version.
     
  3. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,735
    I second that... Stem where are you:D


    I get a 404 too.
     
  4. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,735
    Okay, I'm missing something here. I'm just trying to understand how this works.

    If the FW opens ports automatically, where does it get this information from if it isn't a built in data base?
     
  5. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    311
    There is a built-in database. I was just saying that its purpose is not to replace the popups. Even with popups, it would be advantegous to have a database.
     
  6. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    I see this as being the sort of firewall I've been waiting for in a very long time.

    Good luck & keep up the good work.

    Thanks.
     
  7. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    UTIM

    Some useability suggestions, besides build in list

    a) Option to allow Microsoft programs by default
    b) Option to allow signed programs by default



    Great work :thumb:
     
  8. cgeek

    cgeek Registered Member

    Joined:
    Mar 31, 2010
    Posts:
    328
    Does this application allow the ability to control what ip addresses or domain's which procceses (Ex: iexplore.exe) are allowed to connect to?

    I also agree with Kees advice above..
     
  9. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    311
    a) Unfortunately, most important MS executables that are part of the OS (eg. svchost) do not come signed, so the only reliable way to detect their authenticity is using hashes. But that can change with every Windwos Update, so I dunno if this will come.

    b) If I want to intercept connection requests from programs and be able to decide what to do, I would need to install kernel-mode code, eg. drivers. So I won't go that way. Without kernel-mode I could still detect programs trying to connect, but only after they have already been blocked. Besides, this would trigger a certificate check for every blocked application, which would be very disk-intensive.

    What I am thinking of is a way to do a one-time installation check of security software that update often (e.g Windows Update, antivirus...) and unblcok them automatically after confirmation by the user.

    For this I need to collect signatures of antivirus updaters. So if anybody is trying out TinyWall and has antivirus software installed, please help me out here. Start the TinyWall/DevelTool from the start menü, and in the very first browse-button select the updater of the antivirus. Then click "Create" and send or post the XML output. Thx.
     
  10. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    I would suggest the following post from sparviero to resolve blocked connections:

     
  11. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    311
    Okay, for anyone who is using the beta and is wondering why he cannot get windows live messenger working: it is not enough to unblock msnmsgr.exe. A total of 3 executables need internet access to be able to log in:
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

    this simply sucks. i'll try to come up with an idea to solve situations like this in an automagical way in tinywall...
     
  12. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    Another question, will it retain my current settings in windows firewall once I installed it? :D
     
  13. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    311
    I wanted to include some larger changes in Beta2, but I am putting it out as fast as possible now because I discovered a critical bug. Basically, whenever you'd whitelist a windows service, it would bring TinyWall's own service into a restart loop. Not good. So the larger changes will have to wait until the next beta, but here is Beta2 with a lot of your feedback already incorporated and some extra fixes.

    Please upgrade because once you trigger the bug it will be a bit more difficult to fix.

    Upgrade notes from Beta1:
    Uninstall beta1 first, then install the new version. To uninstall, as stated a 1000 times, Elevate from the tray menu->Manage->Maintenance tab->Uninstall. Save your work first because this will reboot your machine, but fortunately, starting from the new Beta2 a reboot upon uninstall will NOT be required any more.

    Changelog:

    - Fixed a bug that caused the TW service to crash when whitelisting other services
    - Uninstallation no longer requires a reboot
    - Renamed option 'Prompt for profile association for recognized applications'
    - Connections window no longer needs admin privileges
    - Correct UI glitch when resizing Connections window
    - Connections window remembers position, size and has min/max buttons
    - In the list of application exceptions, mark services with "Srv:" prefix and output service name instead of executable
    - In the settings window, rename button "OK" to "Apply". This is to clarify that changes are not saved until Apply is clicked.
    - Fix: password dialog was sometimes hidden behind another window. Make sure it comes to front when shown.
    - New application profiles included

    As usual, download from http://tinywall.pados.hu/download.php and thank you for your input.
     
    Last edited: Oct 14, 2011
  14. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    311
    No, when you install TinyWall it will overwrite your exisitng Windows Firewall settings, including its rules.
     
  15. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    Wait, if I install TinyWall and it had an update, I will uninstall the older one and install the new version, does my rules created by TinyWall disappear?
     
  16. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    311
    In the current beta2, yes. I will 100% correct that, but as I said, I did not want to delay the fix for the service-crash. Future versions will have an update capability that will preserve your current settings and simplify the update process.
     
  17. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    okay, I guess I'll wait for the next release, :D
     
  18. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    very good improvements especially the "Connections window no longer needs admin privileges"

    :thumb:
     
  19. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    Another question, I really like to try this firewall, I think it's a keeper. Does the allow all connections mode also allow inbound connection? or just the outbound ones?
     
  20. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    311
    It allows all connections inbound and outbound. The purpose of "Allow all" is to provide a way to temprorarily disable the firewall.
     
  21. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    okay, thanks!
     
  22. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,436
    Location:
    Romania
    Allowing inbound connections makes your computer totally unprotected. Maybe you should consider another approach. Leave only all outbound connections, but keep blocking the inbound connections, in case of a worm, if you enable it after you are infected, is already too late. Or if the purpose is to disable Windows Firewall completely, rename this action differently, like "Disable Firewall" instead of "Allow all connections".
     
  23. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,735
    Yes, but there are some programs that do need inbound connections. I know Avast needs a inbound cuz when I tried it when I was using WF it was blocking the incoming connection and I didn't know what port it used so it wouldn't work.

    The FW I'm using now shows Returnil needs a inbound on port 443.

    When your program is uninstalled does it mess with any rules in windows firewall at all?
     
  24. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    311
    I have already added a new mode "Allow outbound", which does exactly that. "Allow all" has been renamed to "Disable firewall". It'll be in the next beta.
     
    Last edited: Oct 16, 2011
  25. jnthn

    jnthn Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    185
    Is there a way to add rules to allow inbound for certain applications?
     
Loading...