TinyWall 2.1.7

Status
Not open for further replies.

ultim

Level 2
Oct 13, 2011
86
Answer from MS:

Code:
Thank you for your patience.

We investigated the issue you reported for TinyWallInstaller.msi downloaded from tinywall.pados.hu/files/. The warning you experienced indicates that the application has not yet established reputation within our system.
The certificate used to sign TinyWallInstaller.msi is currently in the process of establishing reputation in our system. Many factors contribute to establishing reputation, such as download traffic, download history, past anti-virus results and URL reputation, so it can be difficult to predict when a certificate will gain reputation. While your certificate is gaining reputation, your users can click through the warning and install your application by clicking on the link in the message: More information | Run anyway.
Once reputation has been established on your certificate, all your applications, when signed with the same known certificate and assuming nothing happens to denigrate the reputation of the certificate (such as being used to sign malware), should have a warn-free experience from the start. For that reason, Microsoft recommends that publishers sign all applications with the same digital certificate to help better expedite reputation gains and leverage known reputation for new and updated applications.
If establishing reputation immediately is critical, you may want to consider investing in an EV Authenticode certificate. An application signed with an EV Authenticode certificate can immediately establish reputation with SmartScreen reputation services even if no prior reputation exists for that file or Authenticode certificate. EV code signing certificates are now being issued by Symantec / DigiCert and GlobalSign.
For more information, please refer to SmartScreen® Filter Frequently Asked Questions (https://feedback.smartscreen.microsoft.com/smartscreenfaq.aspx).

Regards,
Microsoft Windows Defender Response

Meaning, there is no way other than many people downloading over Edge or buying an EV certificate, as originally feared. It is quite absurd, both that you need to build reputation to not get blocked even though they've already verified that you are not malware, and also that you can buy your reputation by paying hundreds of dollars for an EV certificate. Even with a normal digital certificate, they've already verified that my person and contact details are real, so what more do they want?

And maybe worst, any reputation that I manage to build up seems to be coupled to my exact digital certificate. So when I renew my certificate next year because the current one expires, my reputation will be lost and I can begin from scratch.
 

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
Answer from MS:

Code:
Thank you for your patience.

We investigated the issue you reported for TinyWallInstaller.msi downloaded from tinywall.pados.hu/files/. The warning you experienced indicates that the application has not yet established reputation within our system.
The certificate used to sign TinyWallInstaller.msi is currently in the process of establishing reputation in our system. Many factors contribute to establishing reputation, such as download traffic, download history, past anti-virus results and URL reputation, so it can be difficult to predict when a certificate will gain reputation. While your certificate is gaining reputation, your users can click through the warning and install your application by clicking on the link in the message: More information | Run anyway.
Once reputation has been established on your certificate, all your applications, when signed with the same known certificate and assuming nothing happens to denigrate the reputation of the certificate (such as being used to sign malware), should have a warn-free experience from the start. For that reason, Microsoft recommends that publishers sign all applications with the same digital certificate to help better expedite reputation gains and leverage known reputation for new and updated applications.
If establishing reputation immediately is critical, you may want to consider investing in an EV Authenticode certificate. An application signed with an EV Authenticode certificate can immediately establish reputation with SmartScreen reputation services even if no prior reputation exists for that file or Authenticode certificate. EV code signing certificates are now being issued by Symantec / DigiCert and GlobalSign.
For more information, please refer to SmartScreen® Filter Frequently Asked Questions (https://feedback.smartscreen.microsoft.com/smartscreenfaq.aspx).

Regards,
Microsoft Windows Defender Response

Meaning, there is no way other than many people downloading over Edge or buying an EV certificate, as originally feared. It is quite absurd, both that you need to build reputation to not get blocked even though they've already verified that you are not malware, and also that you can buy your reputation by paying hundreds of dollars for an EV certificate. Even with a normal digital certificate, they've already verified that my person and contact details are real, so what more do they want?

And maybe worst, any reputation that I manage to build up seems to be coupled to my exact digital certificate. So when I renew my certificate next year because the current one expires, my reputation will be lost and I can begin from scratch.
Microsoft work like a Government. A dictatorship at times.
 

ultim

Level 2
Oct 13, 2011
86
I am glad to cooperate. Good job:)(y)(y)(y)
I installed v2.99.7. There seems to be a problem importing past settings.

Oh, okay, that should have worked, actually. Do you mean the automatic setting migration when you install a new version over an older one, or did you use the Import button in the management window after installation? The first one only works if you did not already uninstall the previous version.
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
@ultim continues development of TW3 and appear to be progressing nicely.

Alright but Persistent filters which are stored persistently in the BFE service (in the registry) and applied while the BFE is running are indeed filtering connections at start up as per user created rules in this beta version, correct?
The beta uses only dynamic filters, which are in place as soon as the service starts. Note TW runs as a service, so this is much sooner than user login. That being said, there is a delay between BFE and TW startup. I left it out from the first test version on purpose because persistent filters would completely cut your network in case of some bugs and a normal user wouldn't be able to recover at all. Now that I'm positive that things are working well, this will come soon (and obviously before TW3 final is released).

You may follow @ Wilders for more details Beta-testing TinyWall
 

ultim

Level 2
Oct 13, 2011
86
Hi guys! Uhm... I'll just shamelessly copy my post from Wilders here :)

Hi everybody, I've just uploaded a new test version. As I said earlier, I focused on incorporating your feedback in this round. TinyWall users are the best!
Here's the changelog compared to the previous beta:

- Fix manual import of settings from version 2.1
- Fix user may not get notified of updates for a very long time (port from 2.1)
- Fix inbound whitelisting does not work if Windows Firewall is running
- Fix ICMPv6 filters for IPv6 connectivity
- Improved handling of batch whitelisting in Connections and Processes windows
- Don't forget blocked apps list when Connections window is closed
- Enable single-click toggling of special exceptions
- Sort Connections list by timestamp by default
- Support F5-refresh in Connections window
- Support Delete key for application exceptions list
- Eliminate flicker when updating Connections and Application lists
- Restore auto-update functionality
- Optimize blocked connection buffer handling
- Add work-in-progress Korean localization
- Add SmartScreen to app database

I'll wait a bit for feedback, and if things seem to be round, I'll move on to new features again.

I should probably create a new thread as this is hardly about version 2.1.7 anymore...
 

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,463
Well, it is always released today, you just have to know which today
:)


This release contains some I-would-say-critical fixes, so all beta users are recommended to upgrade. Changelog:
- Profile updates for network printers and remote desktop
- Fix trying to unset password results in user lockout
- Fix parts of exit code not run when service is shutting down
- Fix GUI crashes if local config differs from service
- Fix tray menu entry visibility issue after (un)setting password
- Fix specified ports not shown in GUI when editing an existing rule
- Fix WF compatibility rules can be added multiple times
- New feature: Password-locked service requires the password to uninstall

Furthermore, I discovered that whitelisting an executable from a network share is broken in the betas. I know the reason, but I'm still scratching my head how to properly solve it, so it remains a known issue until some future release.

Download link
Here is the message from @ultim posted to wilders.
tinywall is now v. 2.99. 9.
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
Here's a post from @ultim @ Wilders:
___________________________________


So, here it is, another major and important new feature: Boot-time filtering. This means starting with this release, with TinyWall there is not a single point in time where your firewall rules are not in effect or not filtering. All filters are active even before TinyWall's service starts up, right from the get-go when the IP-stack is initialized during early boot. This is yet another step-up from the standard Windows Firewall, which does not have this.

Other than boot-time filters, there are only a few minor fixes, which IMHO is a good sign.

Changelog 2.99.10:
- New: Boot-time filtering and protection
- Increase application compatibility by filtering socket accept() instead of listen()
- Profile fixes for file sharing, printer sharing, and time synchronization (for W10)

[Download]

Window 10 v1909 was also released recently. So in case anybody was wondering if it breaks anything with TinyWall, no it does not, all is fine. I checked documentation and also tested personally on this new Windows version.

There is one more major feature I want to experiment with (optional inheriting rules to child processes) before I release 3.0. I'm not sure yet if it is plausible to implement without a driver effectively (for those who don't know, TinyWall does not install drivers), but I'll find out once I've coded it. With some luck, the next beta will have that, and then we're in bug-fix-only mode. If I'd have to guess, I'd put a public and officially stable release to January (as far as I'm concerned though the current beta is pretty stable too, I just don't feel like it received enough testing). There are many more ideas for features and improvements, but they will have to wait after post-3.0, after all, I need to put an end to the current development cycle at some point.

Thank you again for all who help with testing the betas.
 

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,463
The latest v2.1.13 has been released. I uninstalled the beta version of v2.99 and tried a bit, but it doesn't seem like the auto-remember mode is working well.:unsure:
I'll look into it in the future, but tinywall may not reset Windows Firewall defaults when uninstalled.
By the way, when uninstalling the beta version, a bug that was pointed out by Wilder's post occurred at me.
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
I uninstalled the beta version of v2.99 and tried a bit, but it doesn't seem like the auto-remember mode is working well.:unsure:

Yes, I had some problems with the Beta too.

I'll look into it in the future, but tinywall may not reset Windows Firewall defaults when uninstalled.
It was a problematic uninstall that led to my EEK not updating.

I prefer the old version that uses Windows Firewall only.
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
@oldschool
Have you tried using v2.1.13? When I try to create a new whitelist, it is not learned at all. After further setting, the notification icon may be 'disabled' for some reason (the icon itself does not disappear).

I haven't tried v2.1.13 and have only used the Beta recently. I was having a similar problem with the Beta. It would learn, and then I would need to have it re-learn. Too many little bugs - so bye-bye. I'm using only VS Beta right now and one is enough! :)
 
F

ForgottenSeer 823865

Thread author
Making a viable FW from scratch is difficult and time intensive, it isn't worth the effort, especially when Win10 is quite decent and tweakable. I rather better prevent a malicious process to run than block it to call home...because when your FW will block a malicious connection, it is already game over.
Using an analogy, it doesn't matter to stop a mortal wound bleeding, damages are done, better avoid the wound in the first place.
For a home user a FW shouldn't be a major concern.
I live with Windows Firewall for years, never had issues with it, I can't say the same with the 3rd party ones I used...

Now if I want a serious FW, I will go with corporate grades ones available in business solutions (SEP, Sophos, etc...), which have IPS/IDS, etc...and if I'm wealthy enough, I would go with a Hardware FW (but this is extreme for a home user lol).
 

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,463
After resetting the Windows firewall settings, v2.1.13 started working without any problems.

'I'm worried that my cute daughter is secretly escaping from home and meeting a bad guy.'👨‍💻
@Umbra, the reason I'm introducing a firewall is probably close to this feeling. My father is anxious if he is not watching in front of the entrance door.

'Daddy, I brought my lovely boyfriend Ran Sam!'👧
I want to avoid such bad ends.:ROFLMAO::ROFLMAO::ROFLMAO:
 

ultim

Level 2
Oct 13, 2011
86
2.1.13 had a regression which is why 2.1.14 was issued just after a few days to fix that too (the fix for the CVE happened to introduce a serious bug in 2.1.13).

The current beta (2.99.10) has the documented problem with the uninstallation, which slipped through my testing due to my development environment. I haven't extended the beta download link to prevent more people from installing it until I release an updated version. The uninstall bug is already fixed in my code (unreleased), I'll release it together with a new feature (auto-inheriting rules to new processes) I am currently working on. I was hoping to be done with it during the holidays, but it is taking a bit longer than expected. I was also more busy IRL in the recent past than I originally expected, sorry for the delay.
 

ultim

Level 2
Oct 13, 2011
86
Making a viable FW from scratch is difficult and time intensive, it isn't worth the effort, especially when Windows 10 is quite decent and tweakable. I rather better prevent a malicious process to run than block it to call home...because when your FW will block a malicious connection, it is already game over.
Using an analogy, it doesn't matter to stop a mortal wound bleeding, damages are done, better avoid the wound in the first place.
For a home user a FW shouldn't be a major concern.
I live with Windows Firewall for years, never had issues with it, I can't say the same with the 3rd party ones I used...

Now if I want a serious FW, I will go with corporate grades ones available in business solutions (SEP, Sophos, etc...), which have IPS/IDS, etc...and if I'm wealthy enough, I would go with a Hardware FW (but this is extreme for a home user lol).

Depends.

1) Preventing viruses and malware is not the only use of firewalls. Many people want a firewall to prevent otherwise good and legitimate software to phone home with telemetry or private data, to protect their privacy. Or to save bandwidth on metered connections. Or to prevent certain feature from working which otherwise cannot be disabled.

2) Even when looking at malware, it is not "game over" once it is on your computer, so even when it slips in, a firewall still has many uses. For example, many malware you get through websites or e-mail is not the malware itself, but only a "downloader" module which downloads the real malware post-installation, sometimes multiple ones. Obvisously, a good firewall here can completely prevent damage. Another example is, you have a computer network, and although one computer got infected, the firewall can prevent it from spreading to your other computers. In this case the damage is not completely prevented, but at least contained to a single computer.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top