tiny firewall review needed

Discussion in 'other firewalls' started by tomazzzi, Feb 28, 2006.

Thread Status:
Not open for further replies.
  1. tomazzzi

    tomazzzi Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    5
    tiny firewall review needed : i get it & it rocks !!!!

    hi

    i dlike to know your opinion on tiny firewall pro 2005 6.X

    i just installed it & went to shields up to do the port scan (www.grc.com)

    all my ports were closed witch is not good as i heard

    though i really like it !!

    what do you think of this firewall ?
     
    Last edited: Mar 3, 2006
  2. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
    All my ports are stealthed instead of closed with my TPF. You probably should consider checking/modifying your TPF rules to have your ports stealthed.


    There are plenty of reviews here:

    http://fileforum.betanews.com/review/990105191/1/view

    Do a search at Wilders, and you can find plenty of them too. Here is a previous thread on Tiny:

    https://www.wilderssecurity.com/showthread.php?t=70921&highlight=Tiny Firewall

    My personal review:

    For those who know how to use it, Tiny is the best protection available on the market; for those who can not find out how to use it, Tiny is totally a crap or even worse.
     
    Last edited: Mar 1, 2006
  3. tomazzzi

    tomazzzi Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    5
    thx for your review that s exactly what i though :)
     
  4. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
    This is how to steath your ports, just in case you still have not figured it out. Also, remember to assign your network interface to proper zones.
     

    Attached Files:

    Last edited: Mar 2, 2006
  5. tomazzzi

    tomazzzi Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    5
    thx a lot for your answer

    all is done like on your picture but the ports aren t stealth by default.

    maybe something else to do o_O
     
  6. tomazzzi

    tomazzzi Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    5
    ok all my ports are now stealth :)

    i just reinstall tiny move my connection to dangerous zone & check the 2 boxes & all works now

    weird it didn t work the first time though ..o_O

    i m reading the documentation right now to complete my security :)
     
  7. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
    Nice to hear that. Here is the post that I posted about one year ago when I was switching from TPF 6.0 to TPF 6.5. Hope it would be of some use to new users.

    -------------------------------------------------------------------------

    A General Guide To Those Who Want To Try Tiny

    Part 1: Pros and Cons - Make your own choice

    I list the pros and cons of Tiny from my point of view (they may not be right to you at all, so forgive me if ...):

    Pros:
    1. Very fast firewall engine. Tiny claims it to be the fastest on the market. From my personal experience, it indeed feels faster than many other firewalls. In fact, I do not feel the existance of TINY with my DSL. However, I have not done any actual measurement, so I am not sure if it is the fastest.
    2. Very strong security to the system if it is configured correctly. It controls the access to registry, file systems, processes, and more, plus the firewall. It has the functions of ProcessGuard, SSM, Prevx, AbtrusionProtect, Kerio 2.15, RegDefend, name a few, and much more in a single application. It is more than only a firewall, it is one of the most comprehensive HIPS available on the market.
    3. It is quite easy on resources considering what it can do. On my computer, it takes about about 40~50M memory(virtual + physical) total. It sometimes falls to around 30M. Other firewalls can easily take more than 30M memory easily with fewer things done. More important, Tiny does not slow down the computer.

    Cons:
    It is hard to set up for many users for some reasons.
    1. Although the GUI design of Tiny 6.5 is much better than previous versions, there are still much to be desired. For example, some warning messages may prevent some user errors.
    2. The Tiny firewall is rule based. Like other rule based firewalls, some understanding of net protocols is needed to set it up properly.
    3. Some understanding of Windows file system, registry, processes is needed to set up the sandbox(windows security) properly.

    No pain, no gain. It all depends on how much pain you can take, how much gain you want to get. The pain one feels depends greatly on how much one knows about net protocols and Windows OS. For a lot of users, the pain may be too much although the gain is great. For some others, especially those who already know something about net protocols and Windows OS, configuring Tiny is not really that a big deal.

    Part 2: Tips - How to try Tiny with less pain

    1) Think about it seriously before you try Tiny. If you are a 'set and foget it' type of person and expect a firewall can do everything for you automatically, Tiny is absolutely a waste of time to you - DO NOT BOTHER TO TRY IT. However, if you seriously regard taking challenges and learning new things (Windows security) as fun instead of torture, Tiny may be right for you.

    2) Start with the default settings of Tiny. For most users, the default settings are good enough for security, at least at the very beginning of using Tiny.

    3) Read the manual. Although Tiny 6.5 manual might be kind of junk for users of Tiny 5.0 or 6.0, it is still valuable for users who are not so familiar with Tiny.

    4) Explore the default settings. Try to get a picture of what default groups are defined and their rights of access to resources, and also try to understand those default rules. Later on, when you want to make your own rules, it is most likely that you just need to make those default rules more restrictive, or those default groups more refined. So exploring and understanding default settings are important.

    5) When you want to tighten up the default rules, I would suggest you to start with firewall rules instead of windows security rules. This is because that net security is the foundamental function that you want from a firewall, and also it's easier to setup than windows security for most users. You might want to remove net applications from the Trusted Group and make rules to control their traffic.

    6) When making rules, watch out what groups that an application is enrolled in. As an application can be enrolled into multiple groups, it's possible that the behavior of an application is implicitly controlled by the rules of several groups. The rule actually in effect is important, and it can be the cause of many problems. For the PRO version, you may also want to distinguish a system and a non-system application. You also need to watch out the priority of rules. These things make Tiny more complicated. However, once you know how to use them, they really make things much easier for you.

    7) Small step each time when you make modifications on rules. Backup your configurations frequently, and always remember to keep a working configuration available so that you can restore it back when you get troubles with new configurations.

    8 ) Write down or print out the procedures of emergency uninstallation or disabling Tiny services, so that you have something to save you from reformatting your computer if you are locked out of your PC by Tiny. (These procedures are in the manual).

    9) Visit and ask questions at Tiny's support forum. There are quite a few Tiny gurus there. They can answer your questions. You can also learn from other users' lessons there.

    10) Always have a strong heart and some patience ready. A small mistake in Tiny configuration can lock your system up. Although we hate this fact of Tiny, we have to live with it so far

    These are what I have learned from my troubles with Tiny. Hopefully, they can be of some help to you.

    Part 3: Bugs of Tiny - Really?

    I have had bad experience with Tiny 6.5 several times. The first time was when I installed Tiny 6.5 and tried to load my Tiny 6.0 policy files, my computer stopped working. I thought it must be a bug of Tiny. Later on, I found the notice at Tiny's download site saying that old policy files can not be used with Tiny6.5. Well, when I downloaded Tiny, the notice was not there or I must have ignored it at that time. The second time was when I tried to delete the Trusted Group. Everytime, I deleted it, my computer stopped working. Fortunately, I managed to disable the Tiny services and avoided reformatting my computer. I thought it must be a Tiny bug. I tried several times, and finally found out the reason and managed to delete the Trusted Group. What can I say about these difficulties with Tiny? Are they really Tiny's bugs? Well, it is hard to say. Strictly, they are not. However, from the point view of user friendly design, they might be looked as bugs. At least, Tiny should do something to avoid getting users into such difficulties. For example, when user tries to import old policy files, Tiny can give a warning; when the Trusted group is deleted, and Tiny's application (say cfgtool.exe) can no longer start another Tiny's application (say amon.exe), Tiny should also give out a warning or something else instead of getting the system into a dead lock.

    What I am trying to say here is that, most of the time, it may not really a Tiny bug but a user error that causes the problem. However, Tiny should still take some blames. Tiny should not expect users to be Tiny firewall experts at the very beginning of using their products. Everyone needs sometime to learn something. If the system gets blocked without warning everytime when the user makes a minor mistake, it's too much for the users, especially new users.

    I have been trying Tiny 6.5 for a while now. After solving the difficulties mentioned prevously, Tiny 6.5 runs quite well on my computer. I have not found any obvious bugs so far, although I am sure there must be somewhere. It is one of the best and most powerful firewalls I have tried so far, and I believe that I will continue to stick with it.

    I would say that Tiny firewall is more suitable for computer security professionals or computer geeks (I am a computer geek). For some other users, it might only bring troubles instead of security. There are a lot other powerful, yet easy to use, firewalls out there on the market. A thing good for one person may not be good for another one at all. There are always so many factors in choosing a good firewall.
    --------------------------------------------------------------------------------
     
    Last edited: Mar 4, 2006
  8. tomazzzi

    tomazzzi Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    5
    :)

    waooo this firewall rocks

    i v worked a little on it & made the perfect config for me

    here is how i proceed maybe this can helps :

    first i made like " yahoo " , moving my internet card to the dangerous zone & checked the 2 boxes

    then i created an application group called " trusted internet" ( application add new group )

    in this group i put all my internet applications :

    svchost.exe (required), mirc , ftpserver , msn messenger , etc...

    ( choose them in " trusted " & " trusted services " groups, clic on "add to group" then choose " trusted internet " )

    then in network protection / local rules , i edited all inboud & outbound rules containing a group & replaced the previously assigned groups by mine : " trusted internet "

    ( choose a rule, clic on the edit button / My computer / Application by ID )

    ex :

    Allow All TCP/UDP traffic for User trusted Zone, replaced by : Allow all TCP/UDP traffic for trusted internet Zone


    etc..

    it works just great for me :)

    hope everyone will understand me, sorry for my bad english



    ps : a big advise to starters : dont make like me :) , never delete all applications in the trusted group !!!! your computer won t be able to start == recovery console or format :S
     
    Last edited: Mar 3, 2006
  9. cprtech

    cprtech Registered Member

    Joined:
    Feb 26, 2006
    Posts:
    335
    Location:
    Canada
    yahoo, that is awesome, detailed infromation you gave on Tiny. Thank you!

    I recently trialed Tiny for about two weeks and was simply blown away by what it can do. If CA develops it further and reactivates support on it, I will seriously consider buying it, as long as they don't start turning it into one of those point-and-click, all-in-one bloated security packages like so many other firewall vendors have done. Currently, I'm using Outpost Pro, version 3.0 with several of the plug-ins disabled, including the antispyware option. It's a pretty decent fw, but really doesn't have the power to control what goes on in one's system the way Tiny does. Like you yahoo, I also found my Internet browsing to be faster with Tiny than any other fw I've used with maybe Look 'n Stop as the exception. Tiny did a much better job of stopping leak tests than Outpost does. And you said it yahoo that Tiny is not for those looking for a "set & forget" firewall. It's definitely not for the faint of heart. Honestly, I quite enjoyed playing around with all the different settings, as I found it to be a good learning experience. It took nearly a week, but I did manage to get my machine (XP pro) locked down like Fort Knox, both on a system level and on a network level.

    Anyways, I'll be keeping a close watch in forums and elsewhere, trying to get a feel for what is eventually going to happen with Tiny, and Outpost as well, as it seems to be headed toward the bloated, all-in-one direction.
     
  10. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041

    nicely put much the same as my situation - not sure about keeping Outpost tried a lot of FW and Tiny vs Outpost is the answer

    but Tiny has problems and so does Outpost
     
  11. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
    cprtech & starfish,

    It is nice to see more Tiny users/testers here:)

    Sometime ago, one TPF developer said at the Tiny forum that a new build was under development and it would be available in several weeks. So far the new build has not released yet. As it is quite a long time after TPF 6.5.126 now, I expect that there would be some significant changes in the new build. Let's wait and see...
     
  12. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    yahoo, thank you for your detailed review on Tiny as a firewall, it has helped to answer the points I was searching for.
    Great to see a screenshot too - I would love to try Tiny as the IDS + IPS are definitely extra layers but the fact it is not easy to setup etc would give me reason to hesitate.

    I am not lazy etc but feel Tiny has still to make this one more user friendly as I would be afraid of setting the rules incorrectly and end up risking my security.
    I don't think I have enough confidence for all the tweaking plus configuring atm
    I have my router and Outpost Pro 2.7 which I am comfortable with - going to have a new install which is why I was considering Tiny.

    Hopefully one day it will be user friendly for a user but your post has helped me to realise Tiny is not for me at this stage.

    Great review
     
  13. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
    Robyn, thank you. I am happy to know that the review is helpful to you.
     
  14. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041
    Thanks for the update

    I gonna wait for the new build and then decide but Tiny appears excellent. It is a pity there are not more users out there
     
  15. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Tiny Software itself has to take some blame for this. Their forum requires you to register before you can even view it which is the sole reason I've never bothered to investigate further - I'm not going through the hassle of registration just to view posts and I'm not going to consider a product without checking its related forum first. In addition, any worthwhile posts made there will never be picked up by search engines so will not attract the attention they deserve.

    A good forum can be a powerful marketing tool - one has to ask if Tiny lacks confidence in theirs.
     
  16. Itsme

    Itsme Registered Member

    Joined:
    Jan 31, 2004
    Posts:
    148

    That is also the reason why I asked the senior forum members to visit and post in this Wilders Forum more often. However, some/most of them prefer to hang around in the near-empty Tinysoftware forum just waiting on some lead from Tinysoftware and helping the occasional visitor. ... and I still could not figure out why they would not move over here...

    Ciao
    Itsme
     
  17. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    To be fair, Tiny should be the one to pull their finger out and make their forums more accessible (a configuration change which should only take a few minutes). It shouldn't be up to their users to have to evangelise on their behalf.
     
  18. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
    Yeah, I agree that Tiny Forum should give read access to anyone without registration. That would not hurt the forum or anybody while making information accessable to all.

    To me, TPF is more like a SLR camera. Its users are more likely professional journalist, photographer, and hardcore photography hobbists. SLR is expensive, and it can handle almost all the events from fast sports to low light situations as far as the user knows how to choose shutter speed and apertures. Most other firewalls nowadays are more like Point&Shoot (P&S) cameras. It is convenient and less expensive, but it has difficulty in handling some demanding situations like fast movement or low light situations. Although there are quite some security experts at Wilders, most visitors at Wilders are still 'P&S camera users' who do not know much about aperture or shutter speed. If a professional photographer talks about aperture and shutter speed, probably few P&S users would be interested in listening. I figure that's the reason why senior members at Tiny Forum keep staying there.
     
  19. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
    tiny looks alot like za or etrust\ca firewall is this becuase ca bought tiny and changed the look
     
  20. Itsme

    Itsme Registered Member

    Joined:
    Jan 31, 2004
    Posts:
    148
    uh? Where did you get this info from? Are we sure we are talking about the same firewall TF2005 Pro?

    Ciao
    Itsme
     
  21. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
     
  22. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
    TPF can have different looks with different skins. The Blue Tab skin, which looks like zonealarm, is my favorite. So I use it as my default, and it is what you see in my screenshot. There are other skins which are very different from the feel of ZoneAlarm. I will post the screenshots of the same UI under different skins later when I have time. You can not make a simple judgement based on what you see:)
     
  23. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
    Another look of TPF. Compared to the screenshot in previous post, it looks different.
     

    Attached Files:

    Last edited by a moderator: Apr 4, 2006
  24. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
    Another look of TPF. There are also some other looks. Try TPF yourself to find out how they look like.
     

    Attached Files:

    Last edited by a moderator: Apr 4, 2006
  25. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    IMHO the Autohide Design is the most effecient :D
    For me anyways..
     
    Last edited: Apr 4, 2006
Loading...
Thread Status:
Not open for further replies.