Get more from Windows Firewall with TinyWall
One common view of the Windows Vista/ 7 firewall is that it’s a toy, almost entirely useless, and you should replace it with something more capable just as soon as you possibly can. But this isn’t entirely fair.
Sure, there’s no easy way to, say, restrict outgoing network connections to the applications you specify, but that’s more to do with the firewall’s awkward configuration options than the underlying technology. And these are easy to fix. Install TinyWall and this compact tool will immediately extend the standard Windows Firewall, giving you far easier control over who gets to go online, and who really shouldn’t.
After installation, TinyWall scans your PC to look for programs that it knows are safe and will need to make outgoing connections: IE, Firefox, Skype and so on. These are then whitelisted by default (unless you choose otherwise), so you don’t have to explicitly give each one permission to go online.
TinyWall is far less capable than most firewalls at figuring out which programs want to connect to the web, though, and, for example, missed our Outlook installation entirely. We didn’t realize this for some time, either, because TinyWall doesn’t display an alert when an unapproved program tries to make a connection: it just gets blocked.
To be fair, this isn’t an unreasonable approach. The reality is that most people, if they’re faced with some complex Allow/ Deny dialog, will automatically click “Allow” most of the time. And so forcing people to more explicitly whitelist particular applications can help to improve their security.
And TinyWall makes it reasonably easy to whitelist programs, too. If you’ve launched an application that you’d like to allow online, just right-click the TinyWall icon, select “Whitelist by process”, choose your program and it’ll immediately be able to make outgoing connections. (And this decision will be remembered, too, so you don’t have to go through these setup hassles again.)
The fact that you’re not alerted to a blocked connection really can be a complication, though, especially if the program in question doesn’t alert you to it. You may not think to whitelist a tool like CCleaner, say, but if you don’t then it’ll never be able to check for updates, and it could be a very long time before you realize. So if you’re always installing new software then TinyWall could be more trouble than it’s worth.
If you’re setting up something more basic, though, like a netbook for your kids -- just a browser, email client, instant messaging and very little else -- then it’s a different story. TinyWall is lightweight, won’t take long to set up, isn’t going to baffle anyone with complex alerts, and will block unapproved outgoing connections by default, which should help to keep them just a little more secure.
If you do try the program, however, there’s one minor issue to keep in mind: for some reason, it can’t be installed via the standard Windows Control Panel applet. Instead you have to remove it via the TinyWall interface: right-click its system tray icon, and click Manage > Maintenance > Uninstall.
Art Credit: beboy/Shutterstock