How Tiny Firewall worked
I just used my old Notebook for a while where Tiny Firewall 2005 is still installed. I really like how it’s HIPS was working.
When you started an unknown process (as there was no online or certificate lookup any process was unknown unless it came preconfigured or you created a rule) you had a pop-up with those options:
- Run with default security (somewhat like CIS’ alert behavior now. Ask for critical actions.)
- Run with no security/Installer (basically allow everything and spawning new processes like CIS’ Installer mode)
- do not run (kill or do not start the process)
- quarantine (kill the process and move the .exe file to quarantine)
- The Pro version also had Track 'n Reverse. Basically a sandbox with integrated uninstaller similar to Sandboxie.
- Always trust (Like adding to the trusted files list in CIS, only tiny could set extra policies for trusted programs)
- Always default security (like the auto-sandbox when you had a default policy set up that way)
Now this was what I meant: You can set one (or more) policies like Trusted Application & LAN access only & block Process spawning. All those rules were customizable like in CIS. (see attachment)
Add a dialog box (like the advanced Defense+ Alert with similar info) where I can choose one of the Computer Security Policies I have created. This dialog should appear before the unknown program is started. It’s not needed when the program is “Safe”/on the whitelist/signed by a trusted vendor or running in the auto-sandbox.
The dialog should contain a “Cancel Button” to prevent the program from running.
Ideally this dialog should also contain the firewall alert and allow me to select a Network Security Policy for the program.
More user control for people who do not use the sandbox.
Only one alert dialog then Defense+ and the Firewall setting will be done. Maybe even with only one click.
This will fix the Direct3D/Game Bug problem where a Defense+ alert cannot be displayed and the PC hangs with a black screen until the alert times out.
If a completely harmless program runs that would normally not trigger any alert. There will be one more alert.
If a program does not use the network you would have a dead/useless firewall policy. This could be avoided by choosing “none” in the new dialog.
Nostalgic side note:
Something else that also was extremely cool in Tiny was the ability to generalize a rule from an alert. (see the attachment) this “apply to parent key” checkbox is really handy. Maybe I’ll create another wish for those. A similar function was available in Tiny for folders and even for the firewall options to configure IPs TCP/UDP etc…
You can read about tiny’s features here: http://www.ida.liu.se/~iislab/projects/firewall-comparison/index.html#Tiny
While not 100% accurate and missing some tricks (due to bad or nonexistant documentation of Tiny) it’s a fair review. Info on Tiny Firewall is hard to come by these days.
Too bad CA has bought out Tiny Software and basically killed it in 2006/2007. But CIS is the best thing since (although Tiny was a lot faster and really tiny: Installer 5MB, Program Files 15MB) Tiny even had an Intrusion Detection System that could use SNORT rulesets. So you could detect and block trojans that slipped by (via security holes or Code Injection) via traffic analysis.
[attachment deleted by admin]