Beta-testing TinyWall

Discussion in 'other firewalls' started by ultim, Oct 12, 2011.

  1. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    That's why it's grey out.
     
  2. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,578
    Location:
    Romania
    Thank you.
     
  3. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    311
    Hi NINfan6,

    Different versions of a program might have different digital signatures, if Google changed its certificate. Please send me your chrome's executable in e-mail, and I'll put its recognition into the next TinyWall release.

    Does it not work with the Outbound profile instead of Blind trust? Also, you can do the following experiment: Disable the firewall, start using chrome and look at the connections window to see which ports is chrome using. If you see anything else than 80 or 443, report it back to me.

    In addition to Windows Update, try whitelisting the BITS (Background Intelligent Transfer Service) service. Does Windows Update work with BITS enabled?
     
  4. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    311
    Hello JoeBlack40,

    I'll look at AIMP player myself. Will check shortly.

    Those are three separate issues:

    1) Your problem is probably that the installer is running with Admin privileges, but the TinyWall tray is not. A non-admin app cannot capture clicks from admin apps, this is a reasonable security feature of Windows. Try elevating the TinyWall tray app and try again. But...
    2) ... TinyWall still shouldn't crash though. I'll try reproducing and correcting that.
    3) If the installer creates temp executable files that need internet access during installation, then whitelisting the installer itself won't bring you success (since it is a different executable running). In this case the only solution is to switch the firewall mode of TinyWall into "Allow outgoing" for the duration of the install, then switch it back to Normal.
     
  5. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,578
    Location:
    Romania
    Thank you for resolving Burnaware issue.I switched to "Allow all..."
    Now,another one,yeaks :D
    Is there another Skype process i should add to whitelist,because when i try to add a contact,this is what i get,despite the fact Skype is already connected.
    And still nothing with AIMP...:'(
     

    Attached Files:

  6. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    311
    You are right. Edit the exception for skype and (in addition to Symmetric TCP) add the Web browser profile too, then it works. Will be included automatically in the next version.

    I've just tried AIMP2 (v2.61), added the Outbound profile and it plays back Shoutcast streams perfectly. It seems shoutcast also uses ports in the 8000+ range in addition to 80, so the web browser profile is not enough, but it works perfectly with "Outbound" profile.
     
    Last edited: Oct 28, 2011
  7. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,578
    Location:
    Romania
    With Skype I'm cool,thank you.And AIMP- it seems that the problem is only with a Romanian radio station,as the shoutcast works ok,you are right.But i don't understand why that station doesn't work with TinyWall installed.Well...i will listen something else.Thank you for your time.Have a wonderful weekend.
     
  8. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    311
    can you send me a link/url to that station?
     
  9. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,578
    Location:
    Romania
    Here http://www.magicfm.ro/ Click on Asculta Live.It's up on the middle.
    It will download a pls file.
     

    Attached Files:

  10. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    311
    That station uses port 9000, which is blocked as a common malware port by TinyWall. Multiple worms/viruses use this port. If you have a virus scanner installed and are confident that you won't accidentially unblock a worm/infected file, you can disable the malware port blocking in the General tab. Then you should be able to listen to this station.
     
  11. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,578
    Location:
    Romania
    A BIG THANK YOU!:thumb:
     
  12. Seven64

    Seven64 Guest

    Could you add a profile for a download manager?
    VPN works fine with this newest version! Thanks.
     
    Last edited by a moderator: Oct 28, 2011
  13. NINfan6

    NINfan6 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    6
    Ok after some testing it appears that non of my applications can connect to the internet even when they are allowed in tinywall. these programs incluse ie, skype, ect. so I think this is something that is caused by my system....

    the only changes that i have made are:
    1. using seconfig xp from here http://seconfig.sytes.net/?cat=4 and disabling everything but RPC because that stops task scheduler....
    2. I also went into inbound and outbound rules and disabled everything but the core networking rules for windows.

    I'm using windows 7 sp1 64bit under limited user account.

    thank you,
     
  14. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    Have you disabled this services?
     
  15. NINfan6

    NINfan6 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    6
    no, i have base filtering engine, cng key isolation, windows firewall, ect all enabled. Right now im using windows firewall and its running fine on my system....
     
  16. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    311
    Hi everybody, I've just got back from the weekend's conference.

    NINfan6:
    I will do some experiments with seconfig xp to see if any of its settings may affect the operation of TinyWall. I will get back to you with results later.

    Note that on the current version TinyWall does not fully check or mark the service dependencies it needs. In the next version it is doing a much better job at that, it should be out in a few days.

    Also, in turned out that the in general TinyWall is having a problem with Vista systems (sry, I do not possess Vista myself). However, it is still a supported OS and the next release will make TinyWall usable on Vista too.
     
  17. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    311
    Sure, but I don't use download managers, so I don't know which ones are preferred by people. Tell me which are the most popular download managers and I'll include them, if they are digitally signed.
     
  18. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    The most popular that I know of are Orbit, Free Download Manager, and Internet Download Manager
     
  19. Seven64

    Seven64 Guest

    "Internet Download Manager" for me.

    These are popular with the wilders crowd https://www.wilderssecurity.com/poll.php?do=showresults&pollid=145
     
  20. Romagnolo1973

    Romagnolo1973 Registered Member

    Joined:
    Feb 17, 2009
    Posts:
    521
    Location:
    Italy - Ravenna
    Hi Ultim
    it's possible to change the way TinyWall named your rules on Seven FW?
    I explain my problem:
    I have set some rules for my programs on Microsoft FW outgoing rules and Tiny delete all of them :'( but not a great matter I remade all (but it must be good if tiny don't delete rules on Microsoft Fw) but I have to change a rule for my browsers in fact tcp out on port 80 and 443 is not enought if you make streaming or some flash content on web page, in this case the correct set of port is this:
    80, 443, 554, 1755, 1935
    so i try to change but with tiny is not possible edit rules, so I try on 7 FW rules but in this case all your rules are identify by a set of letters that I think are ASH md5 of the file, well I have to click every web browser rules since I find Chrome to add other ports on it
    As you can see on the screenshot i made is not so easy check the program you want edit, must be good if is identify as on tiny gui is
    http://imageshack.us/photo/my-images/215/immagineesg.jpg/

    Thank for your effort, is a good program well done

    humm even if I change on windows Fw my personal rule, it seems tiny only use is default rule (port 80 & 443) and don't see first Windows fw edited rule, so I can't do wat I want
     
    Last edited: Nov 1, 2011
  21. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    311
    Hi Romagnolo1973,

    I've been thinking about separating the Web browser profile from the HTTP(s) profile, and you have just reassured me that this would really be a good idea, so I'm gonna do that. The point is, this way I can allow more browser functionality for common plugins without making non-browser apps less secure. After making sure what 554, 1755, 1935 are for, I'll separate Web browser from the HTTP profile and add these ports to Web browsers.

    Also, as you have seen you cannot edit your firewall rules outside of TinyWall. If you try to edit them from Win7's default GUI, even though you do not get an error, those changes will be useless. This is not some error, in fact, TinyWall contains extra code to deliberately be this way. This way TinyWall prevents other non-firewall programs from modifying the rules.

    As a technical note, but this is probably not usefull to know for anybody except me, the [*] character string you see in front of the rule names is not a md5 file hash or similar. It is a purely random string to make all rules have unique names. Also please don't rely on them because the naming might change without notice in a future version.

    To see the program to which a rule applies for in the Win7 GUI, you do not need to open all rules 1-by-1. Simply scroll to the right in the window and extend the columns if necessary, the executable's path is one of the columns.
     
  22. Romagnolo1973

    Romagnolo1973 Registered Member

    Joined:
    Feb 17, 2009
    Posts:
    521
    Location:
    Italy - Ravenna
    ok understood, but if you can't modify a rule except using Tiny, so a user must have possibility of create custom rules
    for example you have web browser rule tcp out 80&443 but if I use various programs as FileHippo Update checker, SUMo Update, Webroot secureanywhere, HitmanPro ... they only use atcp out to port 80 so get a browser rule is more than enough because port 443 us not used in this case, better have an "80 only port" rule, and even better have a button for Custome Rules create by the user with Tiny IMHO
     
  23. Seven64

    Seven64 Guest

    I am not able to send out email with Thebat! I need port 26 opened to send.
    For Fastmail (www.fastmail.fm/). Thanks.
     
  24. ultim

    ultim Registered Member

    Joined:
    Oct 12, 2011
    Posts:
    311
    You probably meant port 25, not 26. However, port 25 is not meant to be used by end-user email programs, so technically speaking it is not TinyWall's fault but your provider's. Still, I am adding it to the next version because I guess there are still outdated providers that use it... However, try if you can use 587 instead, which is the industry-recommended/default for email-clients since a few years now. If not, TinyWall should correct it in at most 2 days.
     
  25. Seven64

    Seven64 Guest

    No, it's 26 for Fastmail, 25 for GMX and most others. Don't know why they use this odd-ball port.
    Just tried out 587 it works.