tiny 2005?? as complicated as it used to be??

Discussion in 'other firewalls' started by zfactor, Mar 15, 2005.

Thread Status:
Not open for further replies.
  1. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    im seriously looking into outpost and kerio as in another post i made, a friend just got the new tiny and said i should look into it. i remember tiny; while i could work with it; being a very difficult firewall requiring much time setting it up for proper protection. has anyone here tried it out to know how the new one works it was supposed to be more "user friendly" according to tiny or is this just a different interface??. he does not live local so i can not play with it on his computer and like i have said before i hate install-uninstalls over and over again. these are my retail pc's i do not want to put these down with conflicts between install of different programs. i really like outpost so far as far as protection, i like kerios gui better though, and from what i hear from everyone is tiny is the best out there?? so any thoughts or should i stay with the two i am comparing now?? thanks again for all the time you all give to me here at wilders!!
     
    Last edited: Mar 15, 2005
  2. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    If you're just looking for a firewall then I'd stick with the 2 you are already comparing. But if you want a sandbox type situation, then Tiny might be the best. I personally don't think Tiny's firewall is all that great. But it's other features are very good. Depends on what you need.

    I have not had much time to look over the new version, but I'm guessing that it's basically just 6.0 with a new interface. I'm sure someone will correct me though if I'm wrong. :)
     
  3. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
    I would say that you'd better stick with the two you are trying now too. I have tried TF 2005 Pro today. The user interface is more user friendly than that of TPF 6.0. It is a great progress, and I am happy with it. However, it still has some problems. I installed and uninstalled it several times just to make it work. Well, after about four hours, it works now. It does not work with my TPF 6.0 configuration files though. I will have to configure it again, which is quite time consumming. The new interface is still slow, thanks gratefully to TINY's GREAT HTML/XML technology. Tiny firewall is a great application, but sometimes it just too troublesome.
     
  4. JayTee

    JayTee Registered Member

    Joined:
    Nov 2, 2004
    Posts:
    166
    tiny 2005 is as complicated as 6.014. The Admin Centre GUI has improved in terms of access speed but I believe that much of the underlying code has been re-written, at least that is what the developers have told the forum members (and hence charging a price of $99 for the pro version).

    2005 does seem to be faster and smoother than version 6 but I must admit that it takes some time to get used to the new GUI.

    Personally, I think that tiny is easier to configure than you think, although I must point out that there are no guidelines for users and potential users to follow (and help is non-existant). This is unlike Kerio 2.15 where BZ has a set of rules which you can study. There are some simple guides in the forum but most of the time, its a self learning process. If your machine has a lot of potential malware generating apps (i.e. p2p) then I suggest you look elsewhere or be prepared to a bit paranoid about your security during the interim which you are learning tiny.

    If you want an easier time, stick with outpost or kerio 4 (though I have not tried the latter). outpost is a good firewall.
     
  5. JayTee

    JayTee Registered Member

    Joined:
    Nov 2, 2004
    Posts:
    166
    Wow four hours to reconfig your 'tiny' firewall. U running a server?

    For me, I have auto enrollment installed. This will automatically add apps into My Applications.

    I remove wscript.exe and cscript.exe immediately and take a look at the services, trusted and trustedservices group in 'My Applications' tab to see which apps needs to be taken out. trusted has access to all resources by default, so this group needs to be monitored carefully. I rarely touch the services group. i remove spooler.exe, svchost.exe and services.exe apps and put in it into a new group which has access to the internet/ LAN.

    Then I look at the 'Network Protection' tab and remove all the inbound rules. I also move my adapter to the 'Dangerous Zone'. I remove allow trustedservices to access the net (both tcp and udp)...

    Opps gotto run. Have an appointment.
     
  6. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
    No, I am not running a server. I was trying to input my TPF 6.0 configuration files into TP 2005. Each time I did that, TINY became 'dead' - I could no longer close the interface or do anything to it. When I reboot, I even could not log on... The interface could not be opened again... So I had to uninstall it, and then install it again...and so on and so on. It was terrible. Finally, I gave up my TPF 6.0 configurations and just tried to configure TF 2005 from scratch again :'(

    I agree that TF 2005 works much better than TPF 6.0. But I still hate the slow user interface (compared to other firewalls) :mad:
     
    Last edited: Mar 16, 2005
  7. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    I couldn't get its DAMN GUI to work!

    I'll try installing v6 back and see whether my system is blocking something.
    Maybe it's IE-Spyad2 that I've installed?? Or is it because Giant AS/ Spyware Blaster/Guard have changed some settings for IE?

    Why can't they behave like normal people and design a GUI in VB/VC++ for once?

    Methinks they enjoy frustrating users. x-(
     
  8. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Comments above illustrate some of the problems with advanced security applications. Those are excessive time to set up and a high probability of user error.
     
  9. Arup

    Arup Guest

    Remember, with complexity comes chances of mistakes and over looks, a firewall should only do what it does best, stop outsiders, programs like Process Guard, Winsonar should be left to do their sandboxing job.

    Sure, Jetico and Tiny probably will pass all the Leaktests, but at what cost.
     
  10. se7engreen

    se7engreen Registered Member

    Joined:
    Feb 6, 2004
    Posts:
    369
    Location:
    USA
    I think Tiny provides an excellent firewall (as well as sandbox/file protection) but if you're looking for a firewall to put on retail PC's I strongly advise against Tiny. If you sold Tiny-protected PC's to novice users, I think you'd have a support nightmare on your hands. Tiny is more for those with a decent amout of PC/network knowledge and a willingness to read and understand the help files.
    Outpost & Kerio should both be better options. If I remember right, can't you put the newest Kerio into some kind of basic mode where it doesn't ask any questions? Depending on the experience of your buyers, that might be an option. Sometimes the software can make better decisions than a clueless user.
    Good luck.
     
  11. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
    After playing with TF 2005 Pro for a while, I finally get it to work. Its user interface is really a tremendous improvement upon TPF 6.0. I especially like the 'Blue Tab' skin, which just looks like the interface of ZoneAlarm, and is good. I like TF 2005 Pro so far, except that I could not use configuration files of TPF 6.0 and have to do the configurations again. I am using the default configurations of TF 2005 with minor modifications now. To configure it completely (to fit personal security needs), more time is needed. So my conclusion is that Tiny 2005 is a great software, and it is much more user friendly than TPF 6.0. However, it is still complicated, especially for new users. Well, it does so many things, so it is somehow doomed to be complicated by nature.
     
    Last edited: Mar 16, 2005
  12. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Yahoo-

    Perhaps you can post some tips on how to understand Tiny 6.5.
     
  13. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Agreed.. some tips would be helpful. I spent some time with Tiny 6.0 but didn't even begin to scratch the surface. Tiny is probably the most complicated firewall out there right now... and there didn't seem to be much help available either..
     
  14. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
    Tips on Tiny 6.5 are what I am now looking for too :)

    I am still trying to get familiar with the design of Tiny 6.5. The design of Tiny 6.5 is much better than that of TPF 6.0. The more I tried it, the more I like it. But still, the interface is quite different from that of TPF 6.0. A small mistake somewhere on configuration can make the whole system stop working (I am not sure if this is my fault or TINY's fault yet). I am still getting pains now and then. After some pains, I hope things will get better.
     
    Last edited: Mar 17, 2005
  15. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    The main problem with a firewall is not getting to grips with its GUI but understanding what sort of network access programs should be allowed. With Tiny, you also have file, process and registry settings to consider - many of which may be specific to your system (the exact mixture of hardware and software used).

    I would suspect that this is why no comprehensive setup guides have been done for Tiny (just think of the differences a Windows update or service pack could require of a really "tight" configuration) and this would suggest that time and experimentation is the key to getting a good setup.
     
  16. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
    Agree with Paranoid. But for a complicated software like Tiny, GUI comes into play in a certain degree. One really needs to figure out where to setup a rule and how to setup a rule. It is not like Outpost Pro, for which configuration is really easy due to its relative simplicity and nice GUI design.

    The firewall part of Tiny 2005 is not a big deal. I believe that anyone, who can setup Kerio 2.15, would have no problem with Tiny's firewall rules. The difficulty with Tiny comes from the Windows Security. To make a right judgement on which program should have what kind of system resource (files, registries...) access right, system privilege, and so on is a little bit tough, especially when one wants to make some detailed rules instead of general rules. It needs some understanding of Windows OS and more. This is a problem because most users more or less lack such understanding of Windows OS, including myself (I know UNIX OS, but not the details of Windows OS).
     
    Last edited: Mar 17, 2005
  17. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    I agree with the two above posts, user response is a problem area. This is why I have been saying lately that excessive calls for user responses in some of the more avdanced firewalls increases the possibility of error.

    As far as saying if you can understand Kerio 2.15 you can make rules for Tiny, I will accept that as true, but it is a bigger if than some around here might think. Once you have mastered something it is easy to forget how clueless a beginner may be. We saw a recent example in this forum of how a subtle mistake in the Kerio 2.15 loopback rule would allow any application to connect out on port 80 when AV software had a proxy to intercept that port.
     
  18. bsilva

    bsilva Registered Member

    Joined:
    Mar 24, 2004
    Posts:
    238
    Location:
    MA, USA
    I've been a long time user of Tiny (i think 3 years now). It is a very powerfull tool. Now they have Tiny standard which I have played with, and I think it's good enough for Novice users.

    As for previous configurations, I plan on doing all of my configurations over because with the new version they have added more security. So I plan on doing over. If you go to Tiny's website, go to thier forums and ask questions. It's free.
     
  19. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
    At Tiny's download site, there is a notice saying that the old configurations can not be used with Tiny 6.5. I did not see it when I downloaded it:(

    When I setup Tiny 6.0, I went to Tiny's forum. There were several posts there on setting up registry access, file access, spawn, and etc. It was not enough, but it was better than none. Now, Tiny 6.5 comes. People there are still arguing about upgrade charges, instead of how to set up Tiny 6.5. So little help can be obtained there now.

    The help file of Tiny 6.5 is quite a piece of junk so far. I guess that Tiny just cuts portions of Tiny 5.0 and Tiny 6.0 manual and puts them into the Tiny 6.5 help file. I can create a help file like that even with my eyes closed :D
     
    Last edited: Mar 17, 2005
  20. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    I'll be darned if I can figure out Tiny's firewall.. I deliberately tried to disable DNS lookups and couldn't do it. DNS worked no matter what I did to the Tiny rules. I even went to the extent of deleting ALL of Tiny's firewall rules, and DNS still worked. I messed with Services.Exe also (Win2k) and that made no difference. Made me think that DNS was somehow hard coded into the firewall, which would be very weird and not very good. But that's just one example of how confusing Tiny can be. At least for me. Maybe someone has some insight into this that I can't see...
     
  21. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    K-

    The DNS thing, might be something like CHX-1 default rule set where everything works if it is stateful and not otherwise prohibited. DNS would work unless specifically prohibited as it is an outbound UDP connect to remote port 53 followed by a stateful, actually pseudo stateful, response.
     
  22. mlr1m

    mlr1m Registered Member

    Joined:
    Mar 17, 2005
    Posts:
    52
    Kerodo.....

    If you delete all the rules in tiny it will have full access to the net. The default for Tiny is everything is allowed, the opposite of 2.15. If you are looking to make it act more like tiny 2.15 you will need to create rules for each group and make them as ask user.

    Make sure you create a rule for each group!

    Michael
     
  23. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    mlr1m-

    Just curious, do you mean outbound access allowed for everything, with inbound access limited to what ever passes stateful inspection? Or is it wide open both ways.
     
  24. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    mlr1m - Thanks for the explanation, and that does make more sense now. Tiny is very different I guess.

    What I was originally trying to do in Tiny was to tie my Services.Exe app to my DNS rules, so that DNS was only allowed in and out when Services.Exe was executing. Whether I can actually do that, I'm not sure. But now that I know a little more I just may give Tiny another try. Tiny is the one firewall that one can spend ages learning, or so it seems to me..
     
    Last edited: Mar 18, 2005
  25. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    It may just be wide open both ways, like CHX-I if you don't have any rules in place. I'm definitely gonna have to mess with it again now. Maybe this weekend when I have a little more time..
     
Thread Status:
Not open for further replies.