tiny 2005?? as complicated as it used to be??

You are right about people aruging about the way they are doing the upgrade. The way I look at it, for example Symantec's Firewall and Anti-Virus. If you buy their security suite 2004 in August, but then they come out with 2005 in Feburary the following year you would still have to pay an upgrade license for 2005 even though it hasn't been a year yet. Correct me if I'm wrong.

 

K-

The flame is lit, the moth flies near...

 

What I do with Tiny firewall is to allow or block a traffic EXPLICITLY no matter what the default might be. For DNS lookups, I just allow the traffic to my specific DNS server (my ISP DNS server), and block and monitor all other DNS traffics (block and detect possible Trojan activities). I put all applications supposed to need DNS lookups into DNS Lookup Group. So two rules for DNS lookup:

1. Allow DNS traffic from DNS Lookup Group to my specific DNS server.
2. Block (or Ask) and monitor all other DNS lookups.

Rule 1 must have higher priority than rule 2. There are many ways to setup the rules. The way I did it works well for me.

By the way, I have deleted the default Trusted Group. It has ultimate access to all resources and unlimited net traffic, I do not think it's good for security. It is possible that your DNS lookup applications were enrolled in this group by default. If so, you might want to remove them from the Trusted Group so that you will get control on their DNS traffic. I will not recommend you to delete the Trusted Group at the very beginning though, as it will give you troubles.

 

Diver -

Yeah, I'm getting sucked into another round with Tiny. Tonight I'm going to install 6.5.62 Pro. It's a challenge to me to figure this thing out. And lately I'm starting to lean toward wanting some app control AND maybe Windows protection as well.

 

Yahoo - Thanks for all the suggestions. I'll take them into account when I try Tiny tonight. I notice that in 6.0 they don't put IE into the trusted group by default. There's much to learn about this firewall. Certainly enough to keep me busy for quite a while anyway.. Thanks again..

 

Kerodo....

They fianlly did remove IE from the "trusted" group but there are still apps with internet access in the group. I allways keep the Trusted group, but remove all internet apps from the group. You may want to remove others also. Id reccomend you only enable the firewall module at first, configure it, then go on to the next module. Thats the way i do it . But please take into account that im no computer whiz, (im not exactly the brightest log on the fire)

Michael

 

Thanks for the suggestions mlr1m.. When it comes to Tiny, I'm sure you're way ahead of me... I do have all modules enabled, but I'm planning on concentrating on just one at a time. Probably firewall first. The others I don't even have a clue about yet. But I'm looking forward to learning...

 

Kerodo...

The only thing im good at is re-installing windows. I figure if God didnt want me to mess with the registry he wouldnt have put it there.

Michael

 

When I was setting up Tiny 6.0, I successfully removed the Trusted Group, and put applications into Registry Access Group, File Access Group, and so on. Now with Tiny 6.5, I disabled all the rules on the Trusted Group, but I just could not delete the Trusted Group. Everytime I do that, Tiny 6.5 stops working. And there is no log on what is blocked by deleting the Trusted Group at all. What a puzzle to me!

 

Yeah, similar here.. I figure if God didn't want me to change firewalls everything other day, then he wouldn't have invented so many..

 

Yahoo.. Seems like the Trusted Group has quite a lot of freedom, maybe too much, so I'm being careful with that one. As soon as you Trust an app, it automatically gives it internet access, and from what I gather, full access in and out too. I'm not so sure I want ANY app to have inbound access. Except maybe a p2p program. Don't know.. Might be best to make nothing Trusted. But that probably won't work either.

I'm just starting to play with it here. One thing I like is the backup facility. As soon as I installed Tiny, I did a backup. And any time I make any major changes, I'm going to do a backup again with a different filename. That way I can restore everything to a previous state when something goes wrong.

 

For the firewall part, I just deleted that ultimate net access rule for the Trusted Group. That rule is too risky. I was trying to make nothing trusted in the last one hour, but I could not manage to do it so far. I did it successfully with Tiny 6.0 though.

 

I just tried to make Firefox not-trusted, and then edit the rule to allow it to all remote addresses. But when I shut down Firefox, Tiny then pops up an alert about Firefox not having rights to terminate something or other. I'll have to figure out how to modify that. I don't want to see an alert every time I stop FF.

 

Some of Tinys processes are in the trusted group, did you allow them full system access? Also some necessary windows processes are there too. Thats why i leave the group and remove apps from it one or two at a time.

Michael

 

Look under "System Protection" advanced -System Privalages,
the setting are there.
I set all to Prevent -Monitor, except for clipboard access, i set it to Allow- Ignore. Then if everything runs ok without full privlages, i leave it, or change the rule to ignore.
DONT take everythin i say as gospel lol, im just learnin

Michael

 

For the firewall module, i change all the default rules to ask user-monitor. Then i make my own rules as needed.

Michael

 

mlr1m-

Thanks a lot for the suggestions. I will do the same thing as you do, leave the the group and remove apps from it one or two at a time.

 

I finally have got rid of the Trusted Group with Tiny 6.5 for the purpose of tightening up the system security. One thing can happen to a Trusted application is that it can be infected by a malware(virus, trojan...). Once it is infected, it can read/write any file and registry on the computer and send information out to anywhere, as a Trusted application has ultimate access to all the resources by default. That is not what one wants to see.

To delete the Trusted Group, you need to first make rules to ensure that Tiny applications such as amon.exe, cfgtool.exe, and so on can start each other (by default, Trusted applications can start each other). Otherwise, you will get into trouble as I did. A lot of extra configurations may be needed if the Trusted Group is deleted, you may also encounter other unexpected troubles with Trusted Group deleted. So, think it twice before you really want to delete the Trusted Group.

With this problem solved, configuring Tiny 6.5 is no longer a big deal for me, as I have done all the configurations with Tiny 6.0 before.

Good luck on your battle with Tiny 6.5

 

Yahoo, if a Trusted app got infected somehow, would not Tiny know this due to checking an MD5 or such, and then prompt you to allow the changed app?

 

Thanks mlr1m, I will have a look...

 

It depends on how you set up Tiny. You can set up Tiny so that Tiny will check the MD5 each time an application is started. If the MD5 is changed, you can also set Tiny to monitor, ask, or prevent the execution. However, it is pointed out in the Tiny manual that checking MD5 might be CPU intensive, so it is advised in the manual that you may want to do it only with critical missions. The judgement on what is a critical mission depends on users.

On the other hand, when an application is enrolled into Tiny, it is possible that it is already infected. In this case, MD5 checking is meaningless.

What I did is just for the worst case. In general, it is not that necessary

 

Ok, thanks. I'd like Tiny to check the MD5 always and prompt me if it changes, so I'll have to make sure it's doing that.

 

Well, now I can feel like a fool. I just made the mistake of removing ALL programs from the Trusted Group. And of course by doing that, I made my computer unusable. It's so secure now that I can't even get into it.

Tried rebooting in safe mode but I can't uninstall Tiny. Installer won't work. Can't boot. It's weird. Explorer can't run either. I can check task manager and see Tiny's services running and other stuff, but it won't let me terminate them.

So there's nothing to do here but reformat windows and reinstall. Another valuable lesson learned...

Fortunately there's another computer here to use in the meantime, while I reformat...

 

Emergency Uninstallation

On a very rare occasion your Windows may not start correctly or at all. This may occur if combining several firewalls together or if your application or devices have drivers from less experienced software developer.

In case you cannot start your windows, follow this uninstallation procedure:

reboot into Safe Mode
delete system32\drivers\kmxcfg.u2k
run Services control applet (Control Panel -> Administrative Tools) and set Startup type (in properties) to 'Disabled' for the following services:

FW Configuration Interpreter

FW Event Manager

FW Policy Manager

reboot normally and remove TF using Add/Remove Programs in Control Panel

This is from the Tiny manual

Michael

 

Kerodo -

I told you to think it twice before you delete the Trusted Group (deleting all the applications in the group is the same thing). Did you also read this carefully, "To delete the Trusted Group, you need to first make rules to ensure that Tiny applications such as amon.exe, cfgtool.exe, and so on can start each other"?

You can now do what mlr1m suggested to solve the problem. Or, here is another way to save you from reformating windows:

1. reboot into Safe Mode
2. run Start-> Run and type regedit (or run some other registry editor)
3. go to HKLM/System/CurrentControlSet/Services/KmxAgent/Parameters and set SecurityEnabled key to 0
4. reboot (you will see security was disabled)
5. run Admin tool and restore your previous working config.

I did this routine after I deleted my Trusted Group yesterday