TinyWall Firewall

Discussion in 'other firewalls' started by ultim, Oct 12, 2011.

  1. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    @cyberrufus:
    I have profiled memory usage in detail and there is nothing wrong. The memory consumption you are seeing is just the CLR heap before garbage collection and other .NET stuff. The true amount of heap memory I use is around 5MB most times, and I've seen it peak around 12MB while using the Connections window. Also, this build contains debug information which also raises size somewhat. To sum it up, I see no issue here, and let me say it once more, don't trust the Task Manager. It is too dumb too know what it is counting.

    @narenbisht:
    I have actually no plans for it. Not now at least.

    @jdd58:
    Could you send me the "errorlog" file from C:\ProgramData\TinyWall? (You'd need to install v2 once more.) I failed to reproduce the problem on my computer, so I'd really this file from you. Thank you.

    @Seven64:
    DNS blocking does work. The current beta just ships with bad default settings. You just need to go to Manage and disable the default Windows rules on the first tab. It should be disabled. My bad.

    @Everybody:
    While testing TinyWall v2, please disable the default Windows rules in the first tab ("General") of Manage, unless you explicitly want to have it enabled.
     
    Last edited: Feb 18, 2012
  2. EboO

    EboO Registered Member

    Joined:
    Mar 12, 2011
    Posts:
    287
    Default windows rules are useless ? Or is it just a problem with this beta ?
     
  3. guest

    guest Guest

    I think I have found a bug.

    If I enable the setting "Prevent modifications to hosts file" and "Block malware and..." the setting via right click "enable host blocklist" is not enabled. This is the way it should be work?

    Which list do you use to block malware and ad? could you make this more transparent like peerblock? and add more option like p2p... so we can choose block only p2p, or ad's and p2p, or ad's and malware.... if something if blocked we should be able to see a notification or a log file, if this log appear in the "show blocked apps" list should be specified that has been blocked via host list so we don't click on allow if we see that svhost is being blocked.

    In the Application Exceptions Tab would be nice if we can order the list according to the executable name, Path.... and maybe give some right click functionality like the properties of the files or check the files in VirusTotal...

    Another useful feature would be to group the same exe's in a tree view to show the rules applied, pe if you allow an exe being blocked that already exists in the App list it will appear 2 times in the list each time with the different rules, so we have to options group it in a tree view or merge the rules
     
  4. Seven64

    Seven64 Guest

    @Seven64:
    DNS blocking does work. The current beta just ships with bad default settings. You just need to go to Manage and disable the default Windows rules on the first tab. It should be disabled. My bad.

    @Everybody:
    While testing TinyWall v2, please disable the default Windows rules in the first tab ("General") of Manage, unless you explicitly want to have it enabled.[/QUOTE]

    Never even looked there, that works. Thanks!:D
    Can you do a quick release for the tray icon? Very confusing going back to my desk and seeing mode normal and it is blocked, and vice versa. :doubt:
     
  5. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    556
    Location:
    Sonoran Desert
    Errorlog file sent.
     
  6. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    It is supposed to be that way. The "Block malware and..." option blocks based on ports, it is not the same as the domain blocklist feature. The port based blocking was already there in TinyWall v1 and I forgot to rename it in v2, which is why it is confusing. I'm going to correct that, thanks for the suggestion.


    MVPS hosts.

    I'm sorry, I intend to keep this feature disabled by default. Also, I do not intend to replace PeerBlock, I just want to keep this as simple as possible. Note, that while peerblock blocks IPs, TinyWall is blocking domains. So they are two different mechanisms. You can install both at the same time (TinyWall+PeerBlock) and they will nicely work together.

    I'd gladly do that, unfortunately it is technically not possible. The only reason PeerBlock can do that is because it installs its own filtering drivers. But TinyWall does no such thing, and hosts-based blocking does not even use the firewall. It simply overrides your DNS lookups.

    In the next beta there is a quick filter functionality in the Application Exceptions Tab, so you can easily filter the list. It is already implemented, you'll see it in the upcoming release. But I guess I can add sortable columns...
    Also, the VirusTotal thing is a nice idea, I like it. But let me meditate on it first.

    Are you sure it appears two times? TinyWall always merges the rules, for the same path you should never see multiple exceptions. If you do then that is bug.
     
  7. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    Not useless, but to account for them, I'd have to create separate versions of TinyWall for each language version of Windows. So I decided that I'd rather disable all default rules in TinyWall and recreate them on my own. This way I can support all Windows languages. If this option is enabled, TinyWall will not disable the default Windows rules and they will let traffic through even if TinyWall is not allowing it.

    So you should disable it (next versions will have it disabled by default), becuase that is how TinyWall was inteneded to work. I might even remove that option completely.
     
  8. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    I'll have one soon, just a bit more patience please. I'd like to get something done before that.
     
  9. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    Thank you, I received it. Did you add any exceptions on your own? Or does this happen right after a fresh install?
     
  10. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    556
    Location:
    Sonoran Desert
    This happens right after a fresh install. I tried changing the settings and unticking the box you mentioned in your previous post but they won't "take".
     
  11. guest

    guest Guest

    No bug sorry, I checked it again and it's ok, my mistake.

    A nice feature would be improve the initial scan so more common exe's can be found in order to allow them. At least show the exes in the process list to select which one do you want to allow it would be nice. Or even better the exe's pointed in "C:\ProgramData\Microsoft\Windows\Start Menu" the star menu of windows, so more or less you will see almost all the important exe's that you usually use.
     
  12. Seven64

    Seven64 Guest

    Could be a bug, never saw this before. All I did was change mode to block all.
    Noticed that the DHCP automatically got checked. Uninstalled, because something is defiantly wrong.
     

    Attached Files:

    Last edited by a moderator: Feb 19, 2012
  13. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,121
    Simple feature request: Add a copy remote address in the context menu in the connections window.
    An advice in Enable Hosts Blocklist: Consider to apply same functionality as HostsOptimizer, the functionality is stated here -http://forum.abelhadigital.com/viewtopic.php?f=8&t=4&sid=baeae6ba5cd0144a85ea3b534055294d
    It will allow the use of hosts blocklist without slowing down Windows.
     
  14. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    That would be similar to automatically whitelisting any executable on the user's computer. Instead, I'm taking another approach, which is improving TinyWall's built-in recognition database. I have big plans for that, but it'll have to wait for after-v2.
     
    Last edited: Feb 20, 2012
  15. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    Thanks, I've found the problem.
     
  16. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    No, this is okay. The older version behaved exactly like this, you probably were just never "lucky" enough to hit it. What happens is that TinyWall reloaded your settings while you were making changes. One possible reason was that the network profile (Home/Work/Public) changed. So the controller did't save your settings, because it would have overwritten not the profile that you were making changes for, but the new one. This would also explain why the DHCP setting changed. Since TinyWall loaded other settings, that new profile had DHCP enabled.

    I see nothing wrong here. This is merely a safety mechanism and TinyWall is telling you that it didn't save your settings to prevent overwriting the wrong ones.
     
  17. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    Copy remote address - okay.
    Hosts optimizer - do you actually feel a difference when the MVPS hosts is "optimized"?
     
  18. Seven64

    Seven64 Guest

    "One possible reason was that the network profile (Home/Work/Public) changed"
    How could it change, if I did not change the network profile? I am not on a Home network or work. o_O
     
  19. EboO

    EboO Registered Member

    Joined:
    Mar 12, 2011
    Posts:
    287
    It's hard to create a software : everybody founds bugs :)
     
  20. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    As I said, that is one possible explanation. There are also other scenarios when TinyWall decides to reload your settings. There is nothing (yet) to indicate that this is a bug. Let me know if this happens very often.
     
  21. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    That's okay, that is the purpose of testing. Bugs should be found, they should be reported and I should correct them. It is often not clear if something is a bug or intended behavior (sometimes not even for me...) so everything "fishy" should be reported just in case, and I'll determine if it is something to be fixed.
     
  22. guest

    guest Guest

    How will you do that?
    Wait until 2.0.1? ;)
     
  23. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    More like 2.x. But don't wait for it, use 2.0 when it comes out, coz it'll be just as good. A large database will only spare you a few mouse mouseclicks but it adds no "features" that would be worth waiting for.

    Woah, wait... 2.0 is not even out yet and you're already asking for the version after that? :D I'll announce that feature list when it's ready :p I'll just say that I want to automate it's maintenance.
    :D
     
  24. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    Hi everybody!

    I've incorporated all your feedback and here is the next test release. There are new features as well as bug fixes, and this is also a feature-complete version, meaning that no new major features will be introduced to v2.0 after this one. The focus from now on is on fixing issues.

    Changelog:
    - New: Quick filter for exceptions list (Manage window)
    - New: Windows Network Discovery support
    - New: Connections window supports initiating search on VirusTotal, ProcessLibrary and Google (and remote address to clipboard)
    - New: Learning mode
    - New: Connections window shows direction of blocked actions
    - Enhancement: Better Connections form performance
    - Enhancement: Exceptions list now supports sorting
    - Enhancement: UI text improvements
    - Fix: Getting the executable path from admin processes might crash
    - Fix: Tooltips were hidden where they should not have been
    - Fix: UI text and icons not updating when mode is changed
    - Fix: Disable standard Windows rules by default and hide its option
    - Fix: Crash on Vista when using port ranges
    - Fix: Implement service-to-controller notifications (avoids multiple issues)
    - Fix: Web browser profile conflicts with HTTP(s) client profile

    As you can see, I have fixed all issues reported on the forum, had many additional fixes and also some new features and minor improvements.

    Very notable is the new "Autolearn" feature, another way to easily whitelisting applications, though risky if your computer is already infected. Also notable are the various improvements in the Connections window, some of which are hidden in the contetx menu of the list items.

    To fully enable/unleash Network Discovery, all three of Network Discovery, the Windows DNS Client and File and Printer Sharing must be enabled (only the last one is disabled by default).

    Some basic profiles have changed internally, for that reason an automatic upgrade procedure is not supported. To install this new beta, you must manually uninstall the old one and install this. The link to download the latets beta can be found on th ebottom of the official download page.

    Let me know your experiences!
     
  25. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    556
    Location:
    Sonoran Desert
    This one is working very well. I'm a little surprised it doesn't auto-detect Google Chrome though.

    One question. What is the difference between the option to enable the hosts blocklist thru the tray icon vs the checkbox under the general tab?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.