ColonelMal

Level 2
I just came across a mention about TinyWall and I looked up their website. I'm curious about how it actually works in practice. They say that
The no-popup approach
The problem

Most firewalls are based on the same interaction principles. Basically, whenever an application is trying to access the internet, display a popup asking the user what to do. This is not only annoying for the user, but is also less than secure. On an average computer, a lot of applications are trying to access the internet. Displaying a popup for each app makes it very probable that unneeded applications will gain access to the network, as it increases the likelyhood of the user granting unnecessary rights to many applications. This phenomenon could be characterized as "security fatigue", and at its extreme, the user does not verify any more what he gives internet access, but just blindly allows programs that ask for it.

The solution

TinyWall takes a different approach. It does not display popups that urge users to whitelist apps. In fact, it will not notify you of any blocked action at all in real-time. Instead of showing popups, TinyWall makes it easy to whitelist or unblock applications by different means. For example, you can just initiate whitelisting by a hotkey, then click on a window that you want to allow. Or, you can select an application from the list of running processes. Of course, the traditional way of selecting an executable also works. This approach avoids popups, but still keeps the firewall very easy to use. Most importantly, with the no-popup approach, the user will only notice that a program has been denied internet access when he can't use it any more. Consequently, users will only unblock applications that they actually need and none more, which is optimal from a security standpoint.
I use Windows Firewall Control and I get notifications about new outbound access attempts and I act accordingly. Some of them refer to utilities or maintenance software installed by my PC vendor. The same applies to some requests by Microsoft. I normally allow these. How would TinyWall respond to outbound access requests by such programs?

I agree about "security fatigue", but I'm not so sure about the practicality of "the user will only notice that a program has been denied internet access when he can't use it any more".
 

silversurfer

Level 66
Verified
Trusted
Content Creator
Malware Hunter
I just came across a mention about TinyWall and I looked up their website. I'm curious about how it actually works in practice. They say that

I use Windows Firewall Control and I get notifications about new outbound access attempts and I act accordingly. Some of them refer to utilities or maintenance software installed by my PC vendor. The same applies to some requests by Microsoft. I normally allow these. How would TinyWall respond to outbound access requests by such programs?
TinyWall isn't designed to show alerts for outbound internet access, you need to check manually what is blocked by TinyWall, so looks like in your case for easy of use, you would be better keep using WFC.
 

plat1098

Level 22
Verified
I found TinyWall works exactly as advertised. Not only are the blocks silent but if apps don't work and if you forgot about installing TW, you can get frustrated until you figure it out.

That's why putting TW in learning mode and doing some advanced whitelisting is a "must" for usability's sake.
 

EndangeredPootis

Level 8
Verified
Rather use WIndows Firewall, as TinyWall doesn't add anything to it, is just another UI to manage what is already there.

WFC that adds more features and is easier to manage, one of them like you stated popups.
Tinywall is by better than windows firewall in every way, both protection and usability wise, for example, unlike windows firewall it doesnt allow programs to add rules of their own, which malware often does, it also has hosts file protection and both malicious ports and URLs, and WFC is just buggy, uses lots of CPU and slows down your system.
 
Last edited:

Local Host

Level 23
Verified
Tinywall is by better than windows firewall in every way, both protection and usability wise, for example, unlike windows firewall it doesnt allow programs to add rules of their own, which malware often does, it also has hosts file protection and both malicious ports and URLs, and WFC is just buggy, uses lots of CPU and slows down your system.
You can block programs from adding rules yourself by setting restrictions in regedit, hosts file protection can easily be covered by AV as well, else make restrictions on it as well if you feeling funny.

WFC works perfectly fine on my system as well, if it doesn't work fine on others systems is not exactly my concern, TinyWall doesn't add anything (is just an UI for casual users).
 
Last edited:

EndangeredPootis

Level 8
Verified
You can block programs from adding rules yourself by setting restrictions in regedit, hosts file protection can easily be covered by AV as well, else make restrictions on it as well if you feeling funny.

WFC works perfectly fine on my system as well, if it doesn't work fine on others systems is not exactly my concern, TinyWall doesn't add anything (is just an UI for casual users).
You saying "easier to manage" come into play here, tinywall does everything automatically, no need for time consuming manual registry changes, whitelisting and its risk free.
 

show-Zi

Level 28
Verified
A simple comparison with a firewall that chooses whether or not to communicate each time new software is installed is probably confusing.
The focus of tw is the first approach to software with unknown communication needs. Roughly speaking, you don't have to rush to choose whether or not to communicate in real time. If you want to allow communication while using the software, you can create a permission rule by clicking the window.
Probably the most suitable for beginner to intermediate level users with inexperienced knowledge like me.
:)