Modern versions of Windows, starting with Windows Vista, have a very effective firewall built right in. If you've evolved beyond Windows XP, it doesn't make much sense to pay for a third-party firewall. TinyWall 2.1 is totally free, though, and it's designed to work with and enhance your existing firewall protection.
This program is tiny in many ways. It's the product of a single individual, not a company. Installation is quick and simple; accept the EULA by clicking Install and it's finished in seconds. The installer is barely one megabyte in size. It doesn't even have what you'd call a main window, just a system tray menu and a number of configuration dialogs.
"TinyWall is a controller for Windows' built-in firewall," explained Károly Pados, the program's author. "TinyWall's goal is to make Windows Firewall easier to use, while also making it safer."
Hardened Against Attack
The built-in Windows Firewall passes all of my port scans and other Web-based tests. It's no surprise, then, that TinyWall correctly put all of the test system's ports in stealth mode, making them invisible to outside attackers.
TinyWall is also hardened against attack by malware. It doesn't store anything essential in the Registry, so a malicious program couldn't just set "Enabled" to "OFF." I couldn't terminate its main process using Task Manager. I did manage to kill the user interface, but the essential firewall protection remained active. I launched the Services application to see if I could stop the firewall's essential Windows service, but it was configured to disable the Stop option.
My next trick involves setting the service's Startup Type to Disabled. Online Armor Premium Firewall 5.0, like many others, prevented this configuration change, which doesn't take effect until the system reboots. TinyWall didn't block my attempt to change that setting, but on reboot it re-enabled itself. I've seen quite a few firewalls that block changing the Startup Type, but none that actively recover from the Disabled setting.
No Security Fatigue
TinyWall's basic approach to program control is extremely simple; block all connections for all programs. It does automatically create exceptions for a handful of browsers and other known programs, but as the installer warns, it blocks almost everything else.
You won't see any popups from TinyWall. Your notification that it has blocked a program is the simple fact that the program fails to connect. You can create an exception by selecting the program's window, by finding it in a list of running processes, or by simply selecting the executable file. In some cases, TinyWall will detect that the program depends on other processes and offer to enable them, too.
Pados explained that this mode of operation aims to avoid "security fatigue." "In other firewalls, displaying a popup for each app... increases the likelihood of the user granting unnecessary rights," said Pados. "At its extreme, the user does not verify any more what he gives internet access, but just blindly allows all programs that ask for it." "With TinyWall's no-popup approach," continued Pados, "users will only unblock applications that they actually need, which is optimal."
This actually makes sense to me. I've noted many times that most users aren't qualified to answer the confusing popups queries served up by many firewalls. With no real understanding of the question, they'll typically go down one of two paths. Some will allow all connections, while others will block all connections until they break something, and then switch to allowing all connections. Just remember that you have TinyWall running, so you're not surprised when a new program fails to make its Internet connection.
ZoneAlarm Free Firewall 2013 takes a different approach to avoiding security fatigue. It configures permissions by consulting the immense SmartDefense Advisor database of known programs, only popping up a user query when it encounters an unknown. This is actually quite effective. In the rare instance that ZoneAlarm does throw a popup, pay attention; malware is probably involved.
No comments:
Post a Comment