Thx, I'll look into it. TW does not install drivers. The problem was in the service, it only checked that it communicates with its own Controller process (so that random apps cannot send commands to it), but not the data types that got deserialized from it. This allowed a shortcoming in .Net's code in the BinaryFormatter class to be exposed (if the Controller was compromised such that it sent unexpected data), where hidden callbacks leading to malicious code sent over the pipe could be executed by the .Net Framework before it even got handed to TinyWall's code. For more details, you can read up on the issue in this research paper. Though TinyWall does not use JSON like in the paper, the problem was the same due to using the BinaryFormatter class.