Tiny firewall a big bargain

Reader finds free solution to help block unwelcome visitors to home network

Personal Firewall 2.0
From: Tiny Software
http://www.tinysoftware.com
System requirements: Windows 9x/Me/2000/NT, and 1.3 MB of free hard drive space.
Price: Free (home use), US$39/seat for 1-9 seats (business licence)

There, on the screen on the PC he was using to surf the Web, is a message window stating: "There is still a user logged onto your C: drive. Shutting down will disconnect this user and their work will be lost. Do you still wish to continue?"

How's that for chilling?

The events described actually happened to one of the readers of our Web site, CanadaComputes.com. The reader, Ricky Las Vegas, notified us about Tiny Personal Firewall (TPF) after he installed and used it to detect and hunt down two crackers who had been snooping around his home network. Both were hundreds of miles away physically, but he found one right inside his computer, and in the process using it.

Las Vegas's firewall is from Tiny Software, which has developed several security solutions, including the network security software used by the U.S. Air Force.

Tiny Personal Firewall runs on Windows 9x, Me, 2000, or NT and requires 1.3 MB of free hard disk space. Home users can download the software for free. Businesses can download and evaluate the free version for 30 days. If they decide to use it, pricing is based on the number of users, with discounts for larger enterprises (see Web site for details).

If you plan to download and install TPF, please read the FAQ and the Get It Up and Running sections of the Tiny's Web site to help you understand why and how the software is set up.

Over a dialup connection at 48Kbps, TPF required seven minutes and five seconds to download. Installation required a few seconds and a restart. Upon restarting an icon was placed in the Windows 98 system tray. By right-clicking it, users can open the status window and configure the software.

The first attempt at logging on to an ISP opened a window asking permission to accept NetBIOS packets from PPP Adapter (address). Users can deny, permit, or check a box that creates the appropriate rule, after which it won't ask again.

The software can be run either as a service or manually. Authentication can be required for both viewing logs and setting configurations. That way an administrator can prevent other users from changing settings.

Three settings are available: Ask Me First prevents any network activity from taking place without the user's permission; Don't Bother Me lets every activity take place except those that violate set rules; and Cut Me Off disables network activity. Clicking the Advanced button opens the Configuration Settings window. From here, rules are set, and Miscellaneous settings like Trustful Addresses and file activity, and MD5 settings are stored.

MD5 is signature authorization support that Tiny describes as: "a hash algorithm that takes a 128-bit fingerprint of an application. Each time the application requests to bind to a particular port, Tiny Personal Firewall can take a fingerprint of the application and compare it to the original fingerprint. It is virtually impossible to duplicate a fingerprint, so Trojan Horse applications don't stand a chance."

As visiting sites for children and adult-only sites seem to be the most popular way to get the attention of crackers, we surfed a few in hope of finding someone willing to try breaching our test system.

We haven't used TPF for very long, and so far only two attempts have made on our system, both of which happened while viewing sites containing adult content. Both times TPF popped up an Incoming Connection Alert window that said : "Someone from xx.xxx.xxx.xx [IP address] port xxx wants to send UDP datagram to port xxx owned by Windows Kernel core component in your computer."

The alert dialogue offered buttons marked Permit and Deny, and a check box with the message Make Appropriate Rule and Don't Bother Me Again. We chose Deny.

And what did Ricky do after he found the two crackers in his system? With TPF, he obtained the IP addresses of the two would-be crackers and contemplated notifying their respective ISPs of their activities.

"I haven't reported any attempted intrusions, because I don't think that the ISPs would do anything, especially if they were attempting Read Only access," he said. "I still get one or two [attempts] a day. It's mostly because the kids are on community sites like Napster and Cybertown and Goonietown. Going to those kinds of sites seems to be the equivalent of putting a big neon sign on your machine that says 'Here I am, come look at my files.'

"As for the [adult] sites, they're notorious for doing things like adding themselves to your bookmarks, and trying to download their software without your permission, so the firewall is probably just catching something like that."

For now, we'll keep Tiny Personal Firewall on our system. Perhaps we'll report on further crack/hack attempts after we've switched to high-speed Internet access. Dialup doesn't pose the same level of temptation as the "always on" cable and DSL connections.

Security is every user's responsibility. When free software like the TPF is offered, there's no excuse for unsecured system.

Copyright © 2001

Wordsmithville home