I have mostly finished my next set of changes to TinyWall, but I am beginning to doubt whether the UI should behave as it does now. Let me explain. Most recently I have implemented a new UI option that when enabled, asks for timer settings using a slick and small window for recognized programs. The advantage of that is that when enabled, the user is shown a very simple window with graphics to select the timer option for the new rule, and a single click is enough to make a choice and continue (no extra click needed for OK or so). My problem is that now TinyWall can behave in three different ways when adding a new exception, depending on a number of configuration options and also on whether the app is recongized or not. I imagine this will be confusing to most users, especially for non-advanced ones. So users can easily think "WTF, this is not what happened last time when I did this!?", and then think the same thing again next time. In fact, if they do do not experiment/ask, they may never realize why TW behaves differently under different conditions. So I am seriously thinking of simplifying when a user sees what. My proposal would be to have a single option, something like "Show advanced options for new applications", or similar. When enabled: Always display the full options window (which includes all possible options, including those for timer, profiles, custom ports etc.) When disabled, a window is never shown, not even for unknown apps. Unknown apps would get the Outbound profile automatically without asking. What do you think?
Sound like a good idea. As long as there is an option to enable or disable it. I think it will help new users if they don't know what rules to use, etc.
So I am seriously thinking of simplifying when a user sees what. My proposal would be to have a single option, something like "Show advanced options for new applications", or similar. When enabled: Always display the full options window (which includes all possible options, including those for timer, profiles, custom ports etc.) When disabled, a window is never shown, not even for unknown apps. Unknown apps would get the Outbound profile automatically without asking. What do you think?[/QUOTE] Letting unknown apps get the Outbound profile automatically without asking does NOT sound good. Maybe a warning window when disabling?
JoeBlack40: You need to unblock the "avast.setup" file for updates to work. For other network features, I do not know (I have not yet experimented with that). Seven64: I mean, they of course are also blocked by standard. By "automatically" I mean that when the user unblocks them, no options would be shown and unblocking would be instantanous. It would behave as just as RC2 behaves when unblocking a recognized app, except that the profile would be Outbound. If the user needs tighter or looser rules, the exception can still be edited over Manage. Is that not good? IMHO this would simplify usage for the most common use case. And if someone wants larger control (always wants full options), he could just tick an option in the GUI.
I'm getting this when trying to use smartscreen filter in internet explorer 9 "smartscreen filter cannot check this website because the microsoft online service is temporary unavailable" Any suggestion on what I need to whitelist?
You can usually see what the Windows Firewall blocked in the Event Viewer (Windows Logs -> Security). Just clear the log and try to connect to MS SmartScreen and see what it will tell you.
Hello everybody, I have just released TinyWall 1.0. That's right, I decided to go stable! First I show you the changelog, than I go on ranting... - Add support for FTPS protocol (tcp990/989) - Fix: Google Chrome is not detected because wrong folders are searched (possibly affects other applications too) - Fix: App detection window after setup is not always visible - New/updated application profiles - Import/export support for the configuration - Custom port exceptions - "Until Reboot" timer option - Improved performance when adding exceptions - Start the Manage window at the last used tab - Remove the restriction that each exception must have at least one associated profile - UI behavioral change, as discussed earlier in Of special note are some new features, like the ABILITY TO DEFINE CUSTOM PORTS, import/export support for the settings and a new timer option. Also, plugin-container.exe of Mozilla is now a recognized and auto-detected app, it is needed to get plugins and some videos working in that browser. But most importantly: THANK YOU ALL!!! You have made such a great contribution by using TinyWall and reporting wishes and bugs that I cannot stress it enough. As a curious fact, some have already sent donations, even though TinyWall 1.0 was not even released yet! For me this is another sign that I am working on a software that is needed and I am going in the right direction. So, in case you are curious about what the future holds, I have a long list of that. I was afraid that I am going to forget something so I needed to make notes for myself. That list contains, without listing everything here, things such as new ways for whitelisting, blocked packets list, basic hosts file management, better integration with Windows features, a community-supported automatic profile database and other things. If a lot of people demand it, localization (support for multiple UI languages) will also be there, but I need translators for that with a bit of knowledge about .Net. As for right now, I will first try to spread TinyWall a little bit. I mainly used personal contracts and this forum as a testing ground (and I've found a lot of friendly people here). Sporadically, other forums all over the world have also started picking up on TinyWall, even without my initiative. But now that I'm stable, I will go and submit it to download sites, maybe some other forums, ask for a few reviews and so on. As the number of users will increase, I bet some more feature requests and bug reports will pop up, so sorting them out will be a high priority before going great lengths. Maybe I'm a bit too optimistic, but isn't that the way to go? Wow, a long post... anyway, I hope you'll like TinyWall and that you'll like it even more in the future as I develop it further. edit: Oh, and an interesting fact. There has been 656 downloads of TinyWall form its website in the beta phase. This is not counting update downloads.
Congratulations to your first stable build, although the the betas had been stable for me. Nice changelog. I'm gonna try it now.
Feature request: Ability to terminate programs in the "Show connections" window. Problem report: Sometimes, the TinyWall GUI will ask for administrative privilege on start-up.
Yep, that would be useful. I was just planning to release a small update soon, this might just make it into it. That is probably not a problem in TinyWall. The GUI does that when it notices that it needs to correct its own installation. The GUI checks upon startup if the "health" of TinyWall is OK, and if it finds something wrong, it will ask for admin privileges to be able to correct its setup. The most likely cause is that some Windows service got disabled that TinyWall needs for operation (in this case TW will reenable that service and it needs admin rights for that). There are also some other minor scenarios that TinyWall will check. So that is the reason it is asking for administrative privilege on start-up. If you have no idea what is causing this, it might be worth cheking into it what is the deeper reason for these prompts. I can help with that a bit.
Here is my Xmas update Changelog: - Improved startup performance - Fix: Active tab should only be restored upon load in Manage window - Fix: Timed exceptions get removed too early - Fix: Cancelling a process- or service-selection window may cause crash - Add context menu to terminate a process in the Connections window - When adding a new exception, always tell the user if the app was recognized in the bubble notification - Option to click the bubble notification to edit any freshly added exception - Slightly reduced binary size - Installer fixes - Include offline FAQ in the installer - Updated application profiles There are bugfixes, the fullfilling of skudo12's feature request, some miscellaneous stuff, but I'd also like to note a new GUI feature: In this new version, whenever an exception is added, you can click the corresponding bubble notification to immediately get to its exception details again. Why is this so cool? Because now you can easily edit a new exception (literally with a single click) even if the "Prompt for exception details" option is off. Add a new exception, wait until it's added then click its bubble to refine it further. Aaaand merry Christmas everyone!
Cool update! I also suggest that you submit TinyWall to Softpedia and other major download sites to have more exposure.
TinyWall now listed on Softpedia,congratulations! http://www.softpedia.com/get/Security/Firewall/TinyWall.shtml
It's not a bad little program The long string of meaningless text added in each rule name prefix is a bit odd, and some of the rule parameters might need some refinement (the ICMP safe rule didn't look quite complete to me), but otherwise a nice effort.
Thanks for the compliments. Very unfortunately, I've just realized I've introduced a significant bug with the new GUI feature of 1.0.1, which will often make the internet unaccessible to most programs whenever you whitelist a new program. I am truly sorry and I will try to correct it ASAP (within 24h). Until then, the crappy workaround if you run into this issue is to reload the firewall rules (TinyWall tray -> Change mode -> Normal protection). If you are still using 1.0.0, please skip 1.0.1 and wait for 1.0.2, which I'm working on right now. Sorry again, the Quality Control Department of my brain is being scolded badly.
Here is the promised fix, I'm really sorry everyone. I'll be more thorough next time. I've learned my lesson: don't try to add new features in a bug-fix release. Changelog 1.0.2: - Fix: False merge of firewalls rule upon new exception, leading to loss of connectivity - Fix: Adding a new rule might not show up in the Manage window, even though it is applied correctly
Hi, "The long string of meaningless text" is actually very important to TinyWall. I assume that whoever wants to avoid using the management console and try a friendlier GUI (like TinyWall) will not care about how the rules are named, unless you are interested in the actual rules in detail. Also, can you please make a suggestion on how to improve the ICMP rules?
That text is certainly not a show stopper, except it makes the rule names appear a bit messy is all As for ICMP, I have an additional Outbound rule: "Destination Unreachable" with my router's LAN-side interface as remote ip address. I realize this probably is not easy for you to incorporate because Tinywall will not know the router ip address. It's also not really necessary, I think, so your ICMP rules are actually ok. Sorry about that. Just one more thing: if the "Active" Policy is using "Outbound/Inbound connections that do not match a rule are blocked" then the Outbound/Inbound Malware port block rules you have - for both Outbound and Inbound traffic - are okay to include, but these ports will already be blocked by default, so they are technically not necessary. I don't know how many ports are included in the rules, but it seems to be a lot. Every time these rules are polled, it is additional overhead for the system, maybe not overly system-taxing, but certainly to some extent it will impact system resources. Just food for thought. I realize you might be thinking proactively in the event malware is installed and it is allowed to create rules for itself to use one or more of these ports, so your block rules will override allowed rules. There's some trade-off in this case to have the firewall always polling these rules that aren't needed unless something goes wrong, then they could be beneficial. *EDIT* also, what are your thoughts on combining some of those browser TCP port rules into one (eg: screenshot) ? This will afford a bit more efficiency in the ruleset, I believe.
The naming is about to change slightly in version 1.1 to accomodate for new features, but basically it will still look similar. As said, the naming scheme is tightly coupled with how TinyWall is able to fullfill its functionality. Not at all. This is a perfectly valid and a good suggestion, and there is actually something I can think of to ensure the packets are coming from the router. I'll try to implement it, and if you have any other suggestions in the future, please don't hold back. Not exactly, I have that for slightly different scenarios. If malware is installed, it won't be able to create allows rules permanently for itself in the first place (at least on Win7) because of TinyWalls firewall tampering protection. The reason I have malware port blocking is for other reasons: 1) A user might accidentially allow a malware as they often disguise themselves as legitimate software. 2) Even if a user does not allow a malware explicitly, viruses, trojeans etc. often inject themselves into other processes. So for example if you've whitelisted IE, but a virus hijacks it, TinyWall will still provide a last line of defense if the virus is not caught by the AV software (there might not even be an AV on the machine), as long as the malware uses some of those typical common ports. 3) Also, this way malware will be blocked even if the firewall is in the "allow all outgoing" mode, not in normal protection mode. It provides similar protection for the LAN if "allow LAN traffic" is switched on. You can actually turn off malware port blocking in the Manage window (General tab) if you are really worried about performance. However, I do humbly believe that the performance impact is neglible and no one will be able to notice it, unless under some very rare circumstances (eg. old laptop with rediculously high internet speed). Again, I am sure no one will be able to notice the difference, especially with such a short list of ports, so I prefer to keep them separate for maintenance and readability reasons. Some other profiles are also structured similarly.
All it takes is one look at the Windows 7 firewall GUI and it's off to find something better looking and easier to use. So far I have played with: "Windows Firewall Control" by Alexandru Dicu, Windows 7 Firewall Control" by SphinxSoftware, "Windows Firewall Notifier" (WFN) by Jérôme Saliba aka WoKhan, and TinyWall. TinyWall seems very attractive, so I chose to post here. All these softwares have their strengths and limitations. After installing and testing one at a time, I uninstalled them all and ran Malwarebytes. Below is a screenshot of the result. I know it's obviously not a serious problem, but I've never seen a "Malware.Trace" before and I'm curious to know which of these programs produced this and why. Anyone have any ideas?
