TinyWall Firewall

Discussion in 'other firewalls' started by ultim, Oct 12, 2011.

  1. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    691
    Location:
    Hungary
    Thanks, ronjor has already contacted me and seems to be handling the matter.
     
  2. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,637
    Location:
    USA
    As I understand it to keep WFW running while running TW is perfectly safe in terms of function AND security. Do I have it right?
     
  3. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    691
    Location:
    Hungary
    Yes.
     
  4. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,637
    Location:
    USA
    Thank you :cool:
     
  5. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    691
    Location:
    Hungary
    Version 3.0.2 out with a few minor improvements:
    - Test for UWP support instead of OS-version checking
    - Install hosts and database updates atomically
    - Keep Windows Firewall settings as desired when enabled & changed externally
    - Fix user GUI settings not migrated (effective starting with v3.0.3)
    - Fix possible GUI crash when user selects Elevate

    Yes, this also fixes the issue with the GUI settings getting lost on every update that I should have looked at long ago. Though, you'll only see that take effect on the next update, so you'll have to put up with the issue just one more time. No big or major issues 'till now with v3 that I know of, so things are looking really great and I should be enabling the auto-update for v2 users soon.
     
  6. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,063
    Location:
    Mexico
    lol I was wondering when you were going to fix it.
     
  7. mroek

    mroek Registered Member

    Joined:
    Mar 11, 2020
    Posts:
    11
    Location:
    Norway
    Update from within TW says version 3.0.2 is available, but when clicking OK, it immediately pops up with "Download interrupted". I had the same issue once before (from 2.99.15 to 3.0.0, IIRC), but the previous update worked as it should from within TW. Not a big deal, as I can download it and install manually, but if I'm not alone in observing this, maybe it should be looked at?
     
  8. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    691
    Location:
    Hungary
    Th
    Thx, it was a permission issue on the webserver, but fixed now.
     
  9. tcarrbrion

    tcarrbrion Registered Member

    Joined:
    Dec 15, 2007
    Posts:
    103
    Can you explain this change please?
     
  10. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    691
    Location:
    Hungary
    If you use WFW with TinyWall, TinyWall normally makes two changes to it: it creates two rules, and disables WFW's notifications. 3.0.2 automatically and instantly reapplies these changes if another program or the user reverts them (for example, if TinyWall's rules in WFW are deleted, or another program enables notifications which sometimes happens, or if WFW is reset etc.).
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
  12. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    691
    Location:
    Hungary
    Short and simplified, raw sockets allow an application to skip the automatic TCP/UDP encapsulation by the OS and to send (almost) completely custom IP data. It also allows an application to eavesdrop on ("sniff") all incoming IP packets on the computer. Normally only research projects or network debug/diagnosis applications use raw sockets... and some malware.
     
  13. hayc59

    hayc59 Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,843
    Location:
    KEEP USA GREAT
    Does this little ditty have a learning mode when in installed? thanks
     
  14. kakaka

    kakaka Registered Member

    Joined:
    Oct 5, 2009
    Posts:
    75
    3.0.3 - Maintenance release (01.04.2020.)
    - Fix potential GUI crash during whitelisting in error case
    - Fix potential GUI crash due to race while GUI is closing
    - Fix tray icon sometimes wrongly showing Unknown state after a fresh boot
     
  15. Orlok

    Orlok Registered Member

    Joined:
    May 4, 2017
    Posts:
    12
    Location:
    Nigeria
    I can't seem to be able to download it from the web page. Is anyone else experiencing the same problem?
     
  16. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,063
    Location:
    Mexico
  17. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,063
    Location:
    Mexico
    DL
    Code:
    https://tinywall.pados.hu/files/TinyWall-v3-Installer.msi
    http://tinywall.pados.hu/ccount/click.php?id=4
    
    Code:
    https://www.upload.ee/files/11394123/TinyWall-v3-Installer.msi.html
     
    Last edited: Apr 2, 2020
  18. Orlok

    Orlok Registered Member

    Joined:
    May 4, 2017
    Posts:
    12
    Location:
    Nigeria
    Thanks Mr.X
     
  19. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    691
    Location:
    Hungary
    Yes, you can put it in learning mode.

    Also, please keep in mind following FAQ entry if using the learning mode:
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    OK thanks, but can these apps and malware do this without modifyinging anything? With that I mean, do they first have to inject code, or make modifications to the registry or install a driver?
     
  21. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    691
    Location:
    Hungary
    They can do this without modifying anything on your system. They don't need to install drivers, change settings, inject code, or anything like that. The only thing needed is to run under elevated privileges (how they achieve elevation is another question, but with some luck the user can be tricked into a UAC prompt, in which case it is very easy).
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    OK thanks. Strangely enough I couldn't really find much info about raw sockets being used by malware. I did read that the use of raw sockets has been restricted by the Win OS, but perhaps this is not what we're talking about. BTW, can it be true that TinyWall makes use of system processes like WmiPrvSE.exe and WmiApSrv.exe? Because it seems like they have become more active on my system.
     
  23. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    691
    Location:
    Hungary
    A search on Google for "malware raw socket" delivers plenty of evidence even on the first results page, from Kaspersky classifying raw sockets as malicious in general, to a book mentioning malware using raw sockets, or an article describing the Linux-malware "Chaos" as using raw sockets (if there's a malware using this technique for Linux, you can be sure there are 100 others doing the same for Windows).

    Yes, TinyWall v3.0 uses WMI primarily to monitor process start events. I can implement an optimization for 3.0.4 where this is disabled if no firewall exceptions are using the associated feature, if you'd prefer that, but I personally don't find WMI usage to be alarming: my computer is 6 years old and Process Explorer shows both WmiApSrv and WmiPrvSE as having "<0.01" % CPU usage almost constantly. Do you have a different experience?
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    Yes but as you can see, it's not a clear example of malware using this on Windows. Perhaps I need to search better.

    No, I haven't got any problem with it, but it's a bit new to me, you would think that a third party firewall can do this without using any system process. But not a big deal I guess, in terms of resource usage.
     
  25. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    691
    Location:
    Hungary
    I think part of the reason is because malware are often described publicly by what they do, and much less often how they do it. There is lot's of documentation (1, 2, 3, 4, 5, ...) of malware doing sniffing attacks, or packet sniffing, I'm sure that is not new to anybody. Using raw sockets is just one specific way out of many (and probably the easiest, as it doesn't require code injection or the installation of drivers) to do this. But you'll only read at most that something is doing packet sniffing, and not that it is using raw sockets to achieve it even when it does.

    With the accelerated spread of encryption in recent years (thanks to many security campaigns, to the death of FTP, to free certificates from Let's Encrypt, and to browsers and search engines disfavoring unencrypted connections), packet sniffers are probably less useful today than they were some years ago, but certainly present.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.