Discussion in 'other firewalls' started by ultim, Oct 12, 2011.
Woah, welcome back ultim! . Good luck with your master's thesis.
Nice to hear from you!
Now that's luck!
I started using TW just a week ago. Impressed by its simplicity, intuitiveness and self/rules-protection, i thought that i was late to the party. Little did i know...
Best of luck with your thesis + projects, ultim!
So glad you are back and in good health. I love TinyWall, and can hardly wait for an update!!!
Welcome back ultim, it's great to see you back!
ultim why does sometimes TinyWall get grey and stops working so I have to reinstall it and I lose all my settings?
looks like lsass.exe keeps killing it, I hope this will get fixed, since TinyWall is the best firewall control I have found.
A grey icon means that TinyWall's service is not running or could not fully initialize. The cause is very often that some HIPS software on the system is preventing it from functioning correctly.
Why do you think that lsass.exe in specific is killing it?
Hi, thanks for answer. It has happened to me when I didn't have HIPS and figured it was lsass.exe because in task manager I can see CPU activity spike always on lsass.exe when the TinyWall process gets killed (just one of them, TinyWall UI doesnt get killed). TinyWall keeps restarting, it keeps getting shut down and lsass.exe keeps having the CPU activity exactly when TinyWall gets killed. Other processes didnt have this activity so I can only think that it was lsass.exe.
Also sometime ago Avast! warned about rootkit in TinyWall, but I don't know if it has anything to do with TinyWall getting killed, because it has also happened without Avast!
Please see if there is a file called "errorlog" in C:\ProgramData\TinyWall, if it exists, please send it to me. You'll find my e-mail on the bottom of http://tinywall.pados.hu . Thx.
Love this software and I am spreading the word about it.
I must say my first reaction to inability to enable any kind of popups was that the author is insane... then I realized the genius of it
First few encounters when I needed something and it didnt work left me wondering wtf, but soon I got accustomed to the fact that everything is blocked by default unless white-listed.
I am really happy that the project continues and being updated.
Does anyone have experience on running TinyWall with Windows 8 x64? I noticed the developer mentioned reports of it working fine... but it'd be interesting to hear a few statements about it from users who've actually tested it!
I have been using TinyWall with Windows 8/64 since early last December, and don't recall a single problem with it.
What an awesome little program. Put it on 'autolearn' training mode for five minutes, open and close all the programs you use to access the internet, click on 'update' for each program where possible, and then switch TinyWall back to normal mode.
Same applies when installing new software.
Couldn't be any more simple.
So,does it have an "autolearn" mode now?
Yup, it have that since 2.0.1? or 2
Finally,it was implemented.I was asking about this feature right from beginning.
Is there a way to whitelist an IP address without associating it with a program?
I installed TW a few days ago; got it running fairly easily using using Autolearn. Ran with no problems. I had to go away for a couple of days, so I put my laptop in sleep mode. But before I did that, I put TW in "Block all" mode. When I went to start back up, couldn't get computer to come out of sleep mode, so I powered back up.
After login during boot, TW alerted it couldn't start and had a message to check if it was installed. Well that didn't make sense; I know it's installed because it tried to start. I then tried a couple of Apps and none could access the Internet.
I figured TW isn't blocking with it's ruleset so something in WFW must be blocking. Looking at the rules in WFW, there was an inbound and outbound rule to "block all" that came from TW. I modified them to allow all and Internet access was established. I restarted TW while keeping WFW open and reset the mode in TW to normal as it was still in the "Block all" mode. All the rules I had established previously were installed in WFW. Everything seems to be working as expected.
The "Block all" on start is what I expected, but TW not being able to start due to the in and outbound rules doesn't seem to be a correct procedure. I would've thought TW should start so you could modify WFW using TW's control panel instead of using WFW's interface.
Today TW Taskbar disappeared I had to restart from the Start Menu; easy enough to do, but a little quirky.
In closing, I have to say I haven't run a software FW for years, but after seeing how messed up my friends laptop is, I'm adding this layer of security.
A feature I'd like is to make the Control Panel Icon blink/change color for a few seconds when a blocking event occurs to get my attention to check the connection list to see what triggered the event.
I'm using Win7 Ultimate 64bit, 4g memory on a core 2 duo T6400 Dell Studio 17 laptop
Wow...found this on Wilders...seems everything security is covered here!
I caveat the following with the fact that I am new to TW, so maybe there is something wrong I'm doing...here goes...
Really like TW. One thing though, it forces IPV6 which according to some hardening sites suggest gets turned off (at least until it is much more widely adopted).
Preferably ought to be a special exception option for IPV6.
I tried going into WFW and disable directly. It would take the first disable (e.g. in Outbound), but the second rule would error out. If I disabled only one IPV6 rule in Inbound and tried one in Outbound, I'd also get an error message, but it too would leave disabled the first rule I set that way.
This is all how it appears in WFW, as when rebooting the IPV6 rules are back. This seems happen regardless if "prevent modifications to hosts file" option is "on".
If this is all "working as designed", I do like the "locked down" aspect of TW. Would like it to allow some tweaking of the provided rules, including selective enable/disable. If this were available, probably don't need special exception for IPV6.
Also, I presume the only reason for a TinyWall special exception option is to allow TW updates, correct?
I'd appreciate any insight, thanks!
You are right, "TW should start so you could modify WFW using TW's control panel instead of using WFW's interface". So if you experienced the opposite of that, and if TW had troubles starting with "Block all" enabled, those are not how TW is intended to function. Sorry to hear that, but the next version in the making has some stability fixes, when you try that hopefully your problems will go away.
You can disable IPv6 while running TinyWall. In fact, I have turned off IPv6 on this very machine where I'm running TinyWall right now. Go into the Preferences of your network interface card and remove the checkmark from the TCP/IPv6 checkbox.
The special excpetion for TinyWall is only needed to check for and download updates for itself. You can disable it safely, but then you will not be notified when an update comes out, and you will also be unable to use the built-in updater. TinyWall checks for updates very rarely (only once over a period of multiple days).
When this project was first announced here, I asked when it would be possible to restrict communications by IP, and it was mentioned in a future release.
I'm just wondering if this has been forgotten?
I gave a quick reading to thread, and to be honest most was already forgotten , but I don't think that it has been implemented yet? (I haven't used Tinywall, so no idea.)
I also recall reading someone mentioned IP Blocking, such as the functionality that PeerBlock offers, and that there were issues with WFAS... well, the problem is WFAS stores info in the Registry, which is why it takes a lot of time to load it, so the option would have to be something similar to how PeerBlock actually works, and use lists instead. Parse the content, remove duplicates. This would require extra work, though. But, it would be great...
On top of that, this IP Blocking feature could allow the user to bind exclusions to specific process(es).
Those statements about WFAS and IP blocklists were from me. I investigated the possibility in detail and made a working prototype implementation. Parsing the IP lists and removing duplicates was already done too and it was fast enough. The problem came down to WFAS being slow when adding rules. You don't notice it when adding only a few dozens/hundreds of rules, but when dealing with the length of an IP list (after removing duplicates), it took multiple minutes to get them all into the firewall. As things currently stand now, to support IP blocklists TW would need to install its own kernel-driver like PeerBlock does.
I could still implement a simple kernel driver and make it optional to install for those who don't want it. But PeerBlock and TinyWall are fully compatible, so they will happily install and work perfectly together on the same computer. In the end, if you'd like to have IP blocklists in addition to TinyWall's protection, I strongly recommend to install both TinyWall and PeerBlock.
The problem wouldn't be so much (it would be, but not only) the amount of time it would take for WFAS to add the rules, but rather that it would make it load slower as well.
I remember creating a thread about a PowerShell script that would allow the same, but after testing it (and another user experienced the same), it turned out that it would take a lot of time to open WFAS as well.
So, I agree that using this approach is far from ideal.
Regarding PeerBlock, yes that's the best alternative at the moment. Unfortunately, devolepment has been quiet for a long time, even though the developers promised some development, but still nothing... Who knows.
The problem with PeerBlock is the one of FPs. Meaning that if an IP address is shared by many other domain names (pretty high chance), then the user will have to whitelist it, and that means allowing the good with the bad.
The solution would be to have an alternative that would let the user bind an IP whitelist with a specific domain and/or process.
I'm pretty sure this would make pretty much any of the PeerBlock users quite happy.
I do use PeerBlock, but as mentioned, it has limitations.
Anyway, what about IP restrictions? (Not related with the above.) By this I mean, when will it be possible to restrict a process to connect to specific IP addresses, along side specific ports, etc?
Sorry for butting in, I would like to see that idea implemented with the option to install. One less program to run.
Thanks for the info!
Separate names with a comma.