Tiny personal firewall 5.5

Discussion in 'other firewalls' started by risl, Nov 10, 2008.

Thread Status:
Not open for further replies.
  1. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    Hello,

    I was wondering if this firewall is any good, or simply too outdated? I don't need the HIPS features in a firewall.

    Thank you :)
     
  2. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    This firewall ids is a legend but better to use for testing purposes or as a second layer because it is not up-to-date. But you can very good backtrack evil occurences on your system. For example it is able to track if a rootkit replaces disk.sys (which in fact is one of internet gangsters beloved tricks nowadays) many modern tools wouldn´t take any notice but tpf is really good in detecting some bad tricks.
    http://i34.tinypic.com/s400zo.png
    In principle this could also be done by windows update but rootkits use this method too.
     
    Last edited: Nov 10, 2008
  3. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    I would only use it as a pure network filter, therefore don't have the windows security module enabled. Used Kerio 2.1.5 in the past but dumped it because of the BufferSize problems.
     
  4. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    That is the most interesting part you would miss a lot especially the possible existence of a til now unknown or unreal winsta and terminal service rootkit that changes the geometry of harddisks maybe it is part of all seeing internet eye
    who knows...http://i33.tinypic.com/2w3olf8.png
    Let´s hope that is was only a tiny bug but I doubt because the harddisk drove totally insane and made permanently more then 4000 dll attempts on this special drive so in that case there were no choice except to disable windows security.

    As network filter I guess too unsafe except you would add zone alarm as first layer. (that works)
     
    Last edited: Nov 10, 2008
  5. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    I don't think I'd mess with it much, too much has changed in the OS's since it's development ceased........ it's also not too hard to lock yourself out of the OS altogether if you tweak too much, I have done it and others also.
     
  6. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Therefore we have virtual machines so try it first in a vm if it appears to work for you then you can check it in real os.
     
  7. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Nothing has changed in the structure of IPv4 protocol for many years. If the OP wants to use Tiny as a packet filter, I simply don't see any obstacle.

    Cheers,
     
  8. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    I have "stealth mode" enabled and my network adapter added to "dangerous zone" and most of the IDS rules moved to intrusion prevention.
     
  9. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    True but Malware evolves. Once it helped me as second layer some years ago when something broke zone alarm down, tiny blocked the attack. That proved that sometimes two firewalls can help but they must really fit and work together.
     
  10. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    My comment derived from this -

    Packet filtering has nothing to do with malware.

    Cheers,
     
  11. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    Tiny 5.5 is quite a bit overkill for a simple packet filter..... but if that's what the OP wants, then there ya go.... :)
     
  12. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    I used Kerio 2.1.5 but had problems with the BufferSize, other alternative would be Look'n'Stop but it's too complicated to make specific rules for some apps/port it wants to use. Ofcourse there is the option: "activate rule when app is started" but it doesn't seem to detect when the app has closed and the port remains open. Basic XP FW would be just fine if it would have outbound protection.

    I would just need the "ok or not" type of outbound application filtering and everything stealth at shields up/pc flank/similar .. without any conflicts or connection problems after I've selected "allow all" for some application. Tiny does this and Kerio 2.1.5 did it until I got the buffersize errors. I could increase the buffersize from registry but I get the feeling that the software isn't working properly or as it was meant to be after I do it.

    If there are some "modern" kerio 2.1.5 like solutions, please tell me .. just haven't find one yet. :)
     
  13. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    No, really guys, the closest "modern" alternative to Kerio would be Jetico firewall. Just disable process attack table and indirect access (which greatly lessens the popups) and there you go. You have a separate IP table for inbound, and the "Ask user" table for outbound.

    Cheers,
     
  14. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    Yep, I would 2nd that Jetico recommendation and give it a try, it just might be what you want and need. Jetico 1.x is still freeware also (I think)....
     
  15. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    I'll check if Jetico is what I'm looking for. I tried it for awhile in the past but it simply asked too much and I didn't bother learning how to configure it back then. I'll try disabing those already mentioned tables. Thank you :)
     
  16. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    I don't think they are comparable, as in, me thinks Jetico is better :p
     
  17. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    Jetico 1 seems excellent without the process attack table ;)
     
  18. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    Much of the initial prompting can be eliminated once you configure it properly with a few tables and rules and so on. It does take an initial investment in time and effort, but it pays off quickly. All things considered, it's easier than trying to fully configure Tiny. Worth consideration at any rate....
     
  19. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    Problems appeared, it somehow conflicts with ventrilo voip program and directinput. DirectInput cannot be loaded if jetico is set to optimal protection, but can if it's set to allow all or disabled. "Unable to open DirectInput instance for keyboard" .. and mouse. Very disappointing.
     
  20. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    First check that you disabled process attack table and indirect access as Seer mentions, then look at the logs.
     
  21. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    Doesn't Jetico prompt you for something when it tries to load? It's probably just a matter of creating the right rule for it....
     
  22. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    It doesn't prompt for anything and I had disabled the process attack table. Don't know what you mean with "indirect access"
     
  23. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
  24. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
  25. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    Jetico 1
     
Loading...
Thread Status:
Not open for further replies.