Advice Request Is TinyWall truly effective?

Please provide comments and solutions that are helpful to the author of this topic.

ColonelMal

ColonelMal

Level 3
Thread author
Verified
Well-known
Jul 5, 2017
109
I just came across a mention about TinyWall and I looked up their website. I'm curious about how it actually works in practice. They say that
The no-popup approach
The problem

Most firewalls are based on the same interaction principles. Basically, whenever an application is trying to access the internet, display a popup asking the user what to do. This is not only annoying for the user, but is also less than secure. On an average computer, a lot of applications are trying to access the internet. Displaying a popup for each app makes it very probable that unneeded applications will gain access to the network, as it increases the likelyhood of the user granting unnecessary rights to many applications. This phenomenon could be characterized as "security fatigue", and at its extreme, the user does not verify any more what he gives internet access, but just blindly allows programs that ask for it.

The solution

TinyWall takes a different approach. It does not display popups that urge users to whitelist apps. In fact, it will not notify you of any blocked action at all in real-time. Instead of showing popups, TinyWall makes it easy to whitelist or unblock applications by different means. For example, you can just initiate whitelisting by a hotkey, then click on a window that you want to allow. Or, you can select an application from the list of running processes. Of course, the traditional way of selecting an executable also works. This approach avoids popups, but still keeps the firewall very easy to use. Most importantly, with the no-popup approach, the user will only notice that a program has been denied internet access when he can't use it any more. Consequently, users will only unblock applications that they actually need and none more, which is optimal from a security standpoint.
Click to expand...
I use Windows Firewall Control and I get notifications about new outbound access attempts and I act accordingly. Some of them refer to utilities or maintenance software installed by my PC vendor. The same applies to some requests by Microsoft. I normally allow these. How would TinyWall respond to outbound access requests by such programs?

I agree about "security fatigue", but I'm not so sure about the practicality of "the user will only notice that a program has been denied internet access when he can't use it any more".
 
  • Like
Reactions: bellgamin, Protomartyr, show-Zi and 4 others
silversurfer

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,108
ColonelMal said:
I just came across a mention about TinyWall and I looked up their website. I'm curious about how it actually works in practice. They say that

I use Windows Firewall Control and I get notifications about new outbound access attempts and I act accordingly. Some of them refer to utilities or maintenance software installed by my PC vendor. The same applies to some requests by Microsoft. I normally allow these. How would TinyWall respond to outbound access requests by such programs?
Click to expand...
TinyWall isn't designed to show alerts for outbound internet access, you need to check manually what is blocked by TinyWall, so looks like in your case for easy of use, you would be better keep using WFC.
 
  • Like
  • +Reputation
Reactions: SeriousHoax, Protomartyr, Dave Russo and 7 others
P

plat

Level 29
Top Poster
Sep 13, 2018
1,793
I found TinyWall works exactly as advertised. Not only are the blocks silent but if apps don't work and if you forgot about installing TW, you can get frustrated until you figure it out.

That's why putting TW in learning mode and doing some advanced whitelisting is a "must" for usability's sake.
 
  • Like
  • +Reputation
Reactions: bellgamin, Protomartyr, Dave Russo and 7 others
EndangeredPootis

EndangeredPootis

Level 10
Verified
Well-known
Sep 8, 2019
461
Local Host said:
Rather use WIndows Firewall, as TinyWall doesn't add anything to it, is just another UI to manage what is already there.

WFC that adds more features and is easier to manage, one of them like you stated popups.
Click to expand...
Tinywall is by better than windows firewall in every way, both protection and usability wise, for example, unlike windows firewall it doesnt allow programs to add rules of their own, which malware often does, it also has hosts file protection and both malicious ports and URLs, and WFC is just buggy, uses lots of CPU and slows down your system.
 
Last edited:
  • Like
Reactions: Dave Russo, Cortex and ColonelMal
L

Local Host

EndangeredPootis said:
Tinywall is by better than windows firewall in every way, both protection and usability wise, for example, unlike windows firewall it doesnt allow programs to add rules of their own, which malware often does, it also has hosts file protection and both malicious ports and URLs, and WFC is just buggy, uses lots of CPU and slows down your system.
Click to expand...
You can block programs from adding rules yourself by setting restrictions in regedit, hosts file protection can easily be covered by AV as well, else make restrictions on it as well if you feeling funny.

WFC works perfectly fine on my system as well, if it doesn't work fine on others systems is not exactly my concern, TinyWall doesn't add anything (is just an UI for casual users).
 
Last edited:
  • Like
Reactions: Dave Russo, show-Zi, Cortex and 2 others
EndangeredPootis

EndangeredPootis

Level 10
Verified
Well-known
Sep 8, 2019
461
Local Host said:
You can block programs from adding rules yourself by setting restrictions in regedit, hosts file protection can easily be covered by AV as well, else make restrictions on it as well if you feeling funny.

WFC works perfectly fine on my system as well, if it doesn't work fine on others systems is not exactly my concern, TinyWall doesn't add anything (is just an UI for casual users).
Click to expand...
You saying "easier to manage" come into play here, tinywall does everything automatically, no need for time consuming manual registry changes, whitelisting and its risk free.
 
  • Like
Reactions: Protomartyr, Dave Russo, show-Zi and 3 others
oldschool

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,613
Local Host said:
TinyWall doesn't add anything to it, is just another UI to manage what is already there.
Click to expand...
Actually, TW is no longer just a front end GUI but has been completely re-built on Windows Filtering Platform.

@silversurfer and others are correct that which one OP uses depends on his preferences. Best to try them and see which he prefers, as with AVs.
 
  • Like
  • +Reputation
Reactions: SeriousHoax, Protomartyr, DDE_Server and 8 others
show-Zi

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,464
A simple comparison with a firewall that chooses whether or not to communicate each time new software is installed is probably confusing.
The focus of tw is the first approach to software with unknown communication needs. Roughly speaking, you don't have to rush to choose whether or not to communicate in real time. If you want to allow communication while using the software, you can create a permission rule by clicking the window.
Probably the most suitable for beginner to intermediate level users with inexperienced knowledge like me.
:)
 
  • Like
Reactions: Protomartyr, silversurfer, ColonelMal and 2 others
bellgamin

bellgamin

Level 4
Verified
Well-known
Oct 11, 2016
160
AFAIK, TW doesn't enable user to manage ports or to develop detailed rules. Thus, TW lacks a tool that is available in other stand-alone FWs such as Evorim, FortKnox, & Simplewall, as well as being available in several AVs such as K7, ESET, Kaspersky, & Panda. None of those FWs require or encourage user to set rules. These FWs work as well as TW even if user sets no rules other than "allow or block." So why not use a further-developed FW that offers user the OPTION to tweak & tighten? Just asking........
 
  • Like
Reactions: franz
F

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
bellgamin said:
AFAIK, TW doesn't enable user to manage ports or to develop detailed rules. Thus, TW lacks a tool that is available in other stand-alone FWs such as Evorim, FortKnox, & Simplewall, as well as being available in several AVs such as K7, ESET, Kaspersky, & Panda
Click to expand...
I don't use the option on TW but from looking at the settings I think it should be possible. Click TW Taskbar Icon>Manage>Application Exeptions> chose your program>modify (button on the right side) Untitled - Copy.jpg
 
  • +Reputation
  • Like
Reactions: oldschool and franz

Similar threads

Trident
    • Like
    • Applause
Serious Discussion FinalAV - British Startup Offering Containment for Unsigned Processes
Replies
4
Views
713
Other security for Windows, Mac, Linux
lain
lain
enaph
    • +Reputation
Privacy News FBI: Fraudsters Exploit Emergency Data Requests to Access Personal Data
Replies
0
Views
213
Security News
enaph
enaph
Brownie2019
    • Like
On Sale! F-Secure Internet Security 1D/ 1Y /16.90 €
Replies
0
Views
167
Discounts and Deals
Brownie2019
Brownie2019

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top