Tiny Firewall

Discussion in 'other firewalls' started by larryb52, Mar 29, 2006.

Thread Status:
Not open for further replies.
  1. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    I'm using a demo version of Tiny anybody have any experience good or bad that would help my decision...
     
  2. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Good: It can be confiured alot, I mean alot :)
    The firewall engine is great, SPI works like charm.
    It is so much more than a firewall. I love the sandboxing feature for example.
    It isn´t bloated with anti spyware stuff (wich is good imo)
    I haven´t had any issues with it, it does its job.
    I´ve been using it just for a couple of months, tho.

    Bad, or it can be good too, depends on how you see it: You have to understand what happens in a computer when configuring this software. I dont fully understand it, but the deeper I go the more I learn. But you really have to be motivated. :)
    It looks like, to me atleast, that CA, who bought Tiny Firewall, has abandoned the software. (If not, someone please enlighten me :) )
    There is dead silence from them, atleast in their support fourm and they have not answered any of my emails. Maybe they are gonna "steal" the good stuff and put it in their Etrust firewall?
    But I will keep this Firewall for years, regardless. Unless someone proves it to be obselete some time in the future.
    There are more experienced users here, and I am sure they will input more benefits with this software :)
     
  3. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    there's 2 versions which one did you get?
     
  4. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    I have 6.5.126
     
  5. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126

    same one, I'll play around with it, I tried Look-n-stop but not impressed tha much..thanks again
     
  6. Itsme

    Itsme Registered Member

    Joined:
    Jan 31, 2004
    Posts:
    148
    Well, actually you have the Standard version and a Pro version. I assume both have the same engine but the Pro version has more configuration options. I use the Pro version already since version 5.0

    Recently I installed the x64 on my Ferrari Notebook 4000 with WinXp x64 and never had any issues with it.

    I just hope, and keep fingers crossed, that all of them will run on Vista x32 and x64.

    I use it on my computers only because I think I know what I am doing. On the other hand.. I never installed it on one of the computers I manage for family and friends. Just explaining what and how to configure (over the phone) is just too difficult if the other person has no clue about internet security. On their computers I just install ZA.

    Ciao
    Itsme
     
  7. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
    to bad you cant buy it anymore
     
  8. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Excuse me, where did you get this info? Tiny is still available and able to be bought, just check out this link Here

    Please don't put out false info since it will scare people off from products uneccesarily such as your previous post that tiny won't have support which is false ;)

    Alphluatra1
     
  9. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
    ah so ca didnt shut down the site
     
  10. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Tiny is like two sides of a sword, the one is pretty funny and cool the other dangerous and vulnerable.

    At the beginning of a system install it´s very useful, especially the sandbox, the more tools you install the more vulnerable tiny becomes, thats the biggest problem.

    At some point tiny sandbox can be easily surpassed, it also does not have a good self protection, can be stopped very easy.
     
  11. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
    TPF can only protect the system to the extend at which the user understands Windows Security. So TPF is just as smart/stupid as the user is. This is the strongest drawback/advantage of TPF, depending on who the user is. For other firewalls/HIPS, the product is usually as smart/stupid as the developer is. That is the difference between TPF and other products. TPF can be easily configured to protect itself better than any other firewalls/HIPS, so that nothing can stop/surpass it. Of course, it is also dangerous if nothing can stop it at some situations.
     
    Last edited: Apr 4, 2006
  12. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    It´s not only that.

    A windows system by default (or a system created by humans (imperfect beings who struggle to be perfect)) is a big hole of insecurity which you must fill step by step, but a imperfect system can never become perfect, no matter which software you use, even if your mind is genius.
     
  13. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
    Nothing is perfect. People say that Linux is safer than Windows. That may be true. However, if Linux is as popular as Windows, and if it is explored as much as Windows, as many security holes probably may also be found. Who knows.
     
  14. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Exactly in a study they found more security holes in linux then in windows.
     
  15. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    What makes you think Tiny's sandbox can be easily surpassed? By default installation of Tiny, all unknown applications bring up a prompt asking for user input. Even a person unsure what to do can simply click the "Help" button and read a nice summary explaining all of the options.

    The only situation in which the Windows Security features could "be easily surpassed" is if someone diddn't take the time to read the help provided or was for some reason trusting example.exe from a source that shouldn't be trusted. Common sense is needed for sure, but I would guess anyone with enough brains to install something like Tiny has enough of that.

    What do you mean by "...the more tools you install the more vulnerable tiny becomes..."?
    Security tools, or just any software?
     
  16. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935

    Very well said, but Tiny is a little of both worlds. By default Tiny has many security features in place put there by it's creator, but when it comes down to designating new applications into the pre-defined groups it is up to the user to take the time and do so themselfs. The only way around this would be something like what authensys.com has done (which is a headache for some).

    Here are some examples:
     

    Attached Files:

  17. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    .....and:
     

    Attached Files:

  18. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
    has this firewall ever beemn tested by leaktest?
     
  19. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Do you mean by gkweb? No, because it is a sandbox with a firewall. He did award it the sandbox of choice along with process guard the last time though...

    Alphalutra1
     
  20. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    :D

    Yes, it was , and it had no problem of course.

    I think this is funny, the most advanced windows software firewall there is
    out there. It is better, faster and safer.
    That has the same features as Process Guard,
    but can also protect memory, and files etc. etc. and much more..
    ..and has the "track and reverse" option.

    Please read the pages here:
    http://www.tinysoftware.com/home/tiny2?la=EN

    Very true, but the new generation of HIPS are not that difficult to use
    even for the average user.

    The new HIPS (like Online Armor) don't prompt you for every process that starts, or if you want to allow to change a certain registry-key.
    And they are very simple to use.

    Tiny can be used by the average user, the latest versions of course.
    And it can only be stopped out of the box, by a program that you allow.
    But that is possible with every software firewall
    and can be done easier with all the others.

    But apart of that TPF can protect more items of your system (memory/processes/files/registry etc)
    then any other software firewall can.
     
  21. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    One leak-test that I know Tiny fails by it's default configuration is DNStester. In order to stop this type of attack, do this:

    Open the Administration Center and goto System Protection/Dlls.
    Goto Add New Rule:

    General:
    Description: Stops DNStester :D
    Priority: Low
    Status: Enabled

    Application:
    Application: By ID: *
    Application runs under system account: both system and non-system

    Access:
    Load: Ask user/Monitor

    Object:
    Load what (dll/exe): dnsapi.dll (located in c:\windows\system32\dnsapi.dll)

    Restriction:
    Time: *
    Users: All Users (*)

    Summary:

    Props to AndiG at the TinySoftware Forums
     

    Attached Files:

    • dns.PNG
      dns.PNG
      File size:
      16.4 KB
      Views:
      838
  22. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    A few other things for first time users of Tiny:

    Make sure when viewing the Administration Center that the option: ">>Internet" in the top left corner is selected. This will make sure your current connection is in the dangerous zone (Network Protection/Zones)

    Also, under the Zones page selecting the two options: "Hide closed ports access from dangerous zone." and optionally "Hide closed ports access from safe zone." can be ticked to pass stealth port scans like GRC.com's nanoprobe.

    Under System Protection/Devices: enabling devices protection for "Raw IP Packets" and "Disk Control" wouldn't hurt either.
     
    Last edited: Apr 7, 2006
  23. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    My experience with Tiny has been Very Good :thumb:
     
  24. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Note: In order to stop DNStester (located at firewallleaktester.com), you must choose to run it with "Default Security" in the first pop-up window and choose Deny in the Second:
     

    Attached Files:

    • dns.PNG
      dns.PNG
      File size:
      13.6 KB
      Views:
      831
  25. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
Loading...
Thread Status:
Not open for further replies.