TinyWall 2.1.7

[ultim]

Now if I want a serious FW, I will go with corporate grades ones available in business solutions (SEP, Sophos, etc...), which have IPS/IDS, etc...and if I'm wealthy enough, I would go with a Hardware FW (but this is extreme for a home user lol).

Personally, I don't believe in hardware firewalls. They have a great downside which is impossible to compensate: they cannot regulate traffic based on application, but only based on packet contents. DPI/IDP is hardly an argument for hardware firewalls, because these can be done in software too (and many software does them), in fact much more effectively than in hardware because, again, hardware can only look at packet contents, while host-side software can also look at application behaviour.

Some people argue that the advantage of hardware firewalls is they run on a separate machine, so they are unaffected in case of an infection. This is only partially true. Yes, they are unaffected when your host computer gets infected (which gets easier to infect however because your hardware firewall can only filter on packet contents). But hardware firewalls can also be targeted by malware, and history has proven they are just as vulnerable to such attacks and contain serious security flaws like any other software. Don't believe me? Here is a link to Cisco's security advisories: in their networking OS, there have been 25 documented security flaws in September alone (a single month!), and over 70 over the whole year of 2019. Except, they are much worse, because independent security researchers normally can't look at them due to the needed hardware, their cost, licensing, specialized tools needed, and generally due to being an extremely closed ecosystem.

 

[ForgottenSeer 823865]

Preventing viruses and malware is not the only use of firewalls. Many people want a firewall to prevent otherwise good and legitimate software to phone home with telemetry or private data, to protect their privacy. Or to save bandwidth on metered connections. Or to prevent certain feature from working which otherwise cannot be disabled.

honestly, telemetry is the new FUD privacy freaks instilled to people to sell their tools... i don't care they know i use Win10 with Chrome from Asia, billions do...

Even when looking at malware, it is not "game over" once it is on your computer, so even when it slips in, a firewall still has many uses.

it is game over to me, reformat is imperative, don't tell me you are satisfied with a malware running live on your system but blocked by a FW? i don't think so.

For example, many malware you get through websites or e-mail is not the malware itself, but only a "downloader" module which downloads the real malware post-installation,

I know about it, it is called "Download Cradles" and many of them can bypass corporate level firewalls , so home user firewall is just a joke for those malware.
Not saying, a software firewall is an application, an application can be abused or disabled like any other especially if the attack uses Kernel Exploit which fly deeper than the firewall.
obviously i don't talk about ordinary malware (which your case indeed will prevent calling home), i talk about those sophisticated ones that bypass firewalls and AV monitoring via various obfuscation techniques or by process hollowing legit apps.

sometimes multiple ones. Obvisously, a good firewall here can completely prevent damage. Another example is, you have a computer network, and although one computer got infected, the firewall can prevent it from spreading to your other computers. In this case the damage is not completely prevented, but at least contained to a single computer.

This case is assuming the malware isn't one i talk above.

 

[ultim]

Just so you know, Sophos and co. also just use the WFP layer of Windows, same as the standard Windows Firewall or TinyWall for that matter, they don't do the filtering themselves. So these corporate firewalls that you seem to hold in high regards aren't any better at filtering traffic. What they are better at, is they add IPS and/or DPI drivers, and central configuration and better GUI for large number of computers (and you get support). But as you said, if the malware is sophisticated enough, there is no 100% protection, no matter what you use.

So most times I'm assuming the malware has not yet reached administrative privileges. And even if it did, it will need specialized code to circumvent TinyWall (the generic "let's bypass Windows Firewall won't work"). But in the latter case, they can do that exact same thing with Sophos too and circumvent it with specialized code.

> it is game over to me, reformat is imperative, don't tell me you are satisfied with a malware running live on your system but blocked by a FW? i don't think so.
By the time you can tell you are infected and "need" a reformat, it may already be too late (for example with ransomware). The question is, how did that malware get on your computer in the first place? The obvious answer is it wasn't picked up by any malware detection software yet, probably because the definitions have not yet been updated for that particular malware. So if your firewall can delay the downloading of malware modules and thereby prevent their main ativation, your chances of detection and "automatic" cleaning by the antivirus are greatly increased.

 

[ForgottenSeer 823865]

Just so you know, Sophos and co. also just use the WFP layer of Windows, same as the standard Windows Firewall or TinyWall for that matter, they don't do the filtering themselves. So these corporate firewalls that you seem to hold in high regards aren't any better at filtering traffic. What they are better at, is they add IPS and/or DPI drivers, and central configuration and better GUI for large number of computers (and you get support). But as you said, if the malware is sophisticated enough, there is no 100% protection, no matter what you use.

Reason i mentioned hardware firewalls.

So most times I'm assuming the malware has not yet reached administrative privileges. And even if it did, it will need specialized code to circumvent TinyWall (the generic "let's bypass Windows Firewall won't work"). But in the latter case, they can do that exact same thing with Sophos too and circumvent it with specialized code.

didn't say it couldn't happened. but between a home user FW an,d a corporate one like Symantec EP, my choice is quick.

By the time you can tell you are infected and "need" a reformat, it may already be too late (for example with ransomware).

i meant if you reformat is because you already know it is too late, but it is not a reason to keep using the infected system.
Anyway, Ransomware are for noobs, any knowledgeable user and especially those here in security forums, won't care much about ransomware hitting their system because they should already have an external backup of their sensitive files. Doing a restore or clean install will suffice.

The question is, how did that malware get on your computer in the first place? The obvious answer is it wasn't picked up by any malware detection software yet, probably because the definitions have not yet been updated for that particular malware. So if your firewall can delay the downloading of malware modules and thereby prevent their main activation, your chances of detection and "automatic" cleaning by the antivirus are greatly increased.

Fileless malware won't be impressed much by the database update, they don't reside on the disk so you can have a million updates, it won't change anything...the firewall won't even stop the download cradle in the first place so...yeah game is over before it even started.
Again i don't talk about the ordinary malware, i'm way past that, they can't even start on my Win10 Enterprise with only its built-in security (so with my skills and few 3rd party soft on top, chances are extremely low) so it is not a concern to me.
However, what concerns me are those very sophisticated malware (even if encountering one of them is very improbable), i keep learning about them and maintain an advanced security strategy.

 

[ultim]

I've just published a release candidate for v3.0 with all known issues fixed. I'd really appreciate if as many people tested it as possible before the final version is officially released. [RC Download link]

The online release notes have been updated to reflect all the changes and improvements since the v2.1 series. Version 3.0 is light-years better than the previous series and I warmly recommend all TinyWall users to upgrade. You'll get the same old GUI that you are already used to, but everything firewall related has been completely rewritten to not rely on Windows Firewall anymore - this brings improved performance, security, compatibility with Windows features, fixes previous "by-design" issues, and allows for new features many of which are already implemented. TinyWall 3.0 might look the same, but in reality it has been thoroughly gutted out and revamped all for the better.

Please help me with testing the above RC so I can fix any remaining issues before it is released into the wild. It was already tested on Wilders so I do not expect you to run into serious problems. Thanks for your help.

 

[ForgottenSeer 823865]

Please help me with testing the above RC so I can fix any remaining issues before it is released into the wild. It was already tested on Wilders so I do not expect you to run into serious problems. Thanks for your help.

Most of the Tinywall users here are also present at Wilders as well.

 

[ultim]

Most of the Tinywall users here are also present at Wilders as well.

Well, that is impossible for me to tell because they either don't post there in the TinyWall thread, or they use a different alias.

 

[ForgottenSeer 823865]

Well, that is impossible for me to tell because they either don't post there in the TinyWall thread, or they use a different alias.

Indeed most uses different aliases, unlike few like me.

 

[Wolfie2020]

Hi Ultim
I've just registered and would like to ask a question (sorry if it's very elementary or answered elswhere)

I understand earlier versions of Tinywall supplimented the window firewall (both ran together)

Your latest (Version 3 to be released) RC - does this replace the Windows 10 Firewall or does it run with it.?

I've finally bit the bullet and upgraded to Win 10 and ! am trying to get my head around keeping my new PC secure.
Do I still need additional firewall,AV,malware etc

Thanks

 

[show-Zi]

Hi Ultim
I've just registered and would like to ask a question (sorry if it's very elementary or answered elswhere)

I understand earlier versions of Tinywall supplimented the window firewall (both ran together)

Your latest (Version 3 to be released) RC - does this replace the Windows 10 Firewall or does it run with it.?

I've finally bit the bullet and upgraded to Windows 10 and ! am trying to get my head around keeping my new PC secure.
Do I still need additional firewall,AV,malware etc

Thanks

From ver3 it seems to be a program that does not depend on Windowsfw, but it seems that it can be used together.

Since this is a simple fw only software, it is recommended to use it in combination with wd etc.
Basically, it may be troublesome because you have to proceed with the setting from the state where most software communication was refused, but you can change the communication permission from automatic learning and log, so adjust it over time without worrying It is okay if you go.

 

[oldschool]

@Wolfie2020 - yes, @show-Zi is correct. Earlier versions of TinyWall relied exclusively on Windows Firewall. I believe that version is 2.1.7.xxx, while the developer has a completely new version (which will be 3.0) in Beta development. The Beta currently is a separate firewall that can be used with or without WF. You may check this thread for more info on the Beta. BTW, the Beta is very well developed and close to release later this year.

 

[SeriousHoax]

Both can be used together but can cause issues. Here's the response from the dev of SimpleWall which is based on Windows Filtering Platform as well so this should apply to the upcoming TinyWall also

When WF enabled, his filters applied before any WFP provider (SW/TinyWall as example).
Any kind of software can change WF configuration, even viruses or any kind of harmful software, it can be done by any software you install (steam, utorrent, even nsis installer have feature like this, etc).
So i recommend to disable WF, because i am not responsible for effects like this.

 

[ForgottenSeer 69673]

is there a link to the beta? thanks

 

[oldschool]

Both can be used together but can cause issues. Here's the response from the dev of SimpleWall which is based on Windows Filtering Platform as well so this should apply to the upcoming TinyWall also

ATM @ultim has made provisions for using both TW and WF together, or alone, without problems. This is completely diff from 2.1.7.xx that was simply a GUI for WF. Here is one of his posts:

"If Windows Firewall is not disabled, then TW will create some rules in it to make sure TW can work as expected."

is there a link to the beta? thanks

TinyWallInstaller.msi

Nextcloud - a safe home for all your data

cloud.pados.hu

 

[petok]

Do is still TinyWall create encrypted firewall name rules?

 

[ForgottenSeer 69673]

thanks old-school. when tiny stopped working on win 10 I went with fort knox but there is no development anymore. it was cheap enough and still works with 10 but I really liked tiny so am giving it go again

 

[oldschool]

Do is still TinyWall create encrypted firewall name rules?

I don't know. You need to ask the developer. He posts here but is more active at Wilders.

 

[oldschool]

https://tinywall.pados.hu/changelog.txt

 

[ultim]

Do I still need additional firewall,AV,malware etc

The only thing I can tell you, you don't need an additional firewall. You might decide to install a different one, which is ok, for example if it comes bundled with an AV or HIPS module and you want that as a package. But for a firewall, no, you don't need "additional" ones.
Other than that, I won't make recommendations about what else you "need". There are certainly many things TinyWall alone does not do (AV, sandboxing, behavioral analysis etc.), but very often the downsides and compromises outweigh the upsides. It certainly depends on a particular vendor's implementation quality as well as your personal experience with computers, patience, and discipline too. And of course, just because you can improve your security still does not imply you "need" it. I'm not even saying you need TinyWall. I just publish it for those who wish to use it.

Both can be used together but can cause issues. Here's the response from the dev of SimpleWall which is based on Windows Filtering Platform as well so this should apply to the upcoming TinyWall also

That quote does not apply to TinyWall. Or at least, installers and other software adding their own rules to let them through won't cause issues and TinyWall will still block them as expected. Simply stated, Windows Defender allow-rules have no priority over TinyWall. As oldschool said, there are special provisions to make TW work with or without Windows Firewall.

Do is still TinyWall create encrypted firewall name rules?

They were never encrypted. Those strings were simply random unique identifiers that TinyWall used to match the rules to its internal state, and other than that they had zero meaning or information content. Since TW v3 does not use WF, this does not happen anymore, with the exception of two rules that are created if WF is enabled. As another example, old TW used to nuke your custom rules and replaced them with its own. The new TW v3 does not touch them and leaves your rules (or anybody else's) in place.

 

[oldschool]

The new TW v3 does not touch them and leaves your rules (or anybody else's) in place.

Which is a nice touch, BTW!