gwion said:
Tiny's most notable for being a full blown "sandbox", with a somewhat confusing packet filter component (hint... dropping the straightforward rule structure that Kerio continued to use for that silly "object oriented" metaphor was a HUGE mistake, if you ask me... hint... go back to the simnple structure of Kerio ) ...
It's very good, though a packet filter's a packet filter, and if that's all you want (ports-IP's-apps-permissions), go with Kerio, it's a great packet filter, lots simpler, and free.
Tiny's biggest claim to fame, now, is the sandbox... and yes, that's entirely unique, in the current market. Best in class. It's also a little steep on the learning curve, for some.
What a sandbox does is to control access between applications and between apps and the OS at the application layer. That's quite powerful. To give a rough idea what it does, your trojan and virus scanners looks for ports, filenames, registry entries, and so forth, and then compares them with a database ("signature file") that has to be up to date, and can only reflect known exploits, and variations on known exploits. A sandbox works on the fly, looking for behaviors that are usually suspect, and are quantifiable because an OS and an API only has a certain set of potential activities. Therefore, no databases are needed, you simply force applications to "play in their own sandboxes." That is, you monitor and control what they can access outside of their own subset, and you monitor and control what can access them...
Crude explanation, I fear ... but hopefully gets the point across. There are really no other "consumer" apps, at least yet, that employ sandboxing effectively. Tiny's "Trojan Trap," the crown jewel of what's now the firewall, is a direct descendent of what was once called Secure4U, and drew inspiration from the CMDS enterprise security suite that Tiny has been developing in partnership with. Essentially, they're products of the high security enterprise environment. As of this time, my own opinion is best, if not "only", in class in this type of software. Others have released similar concepts, but Tiny's the only entry in the market available, right now, that's not a very limited, sort of buggy-iffy implementation.
Just to wrap up, Tiny split into two development threads, some time back. The new Tiny is built mainly around the sandbox. Kerio continues the old "basic packet filter" Tiny line of development, although it's adding new features in the 3.x beta releases, without sacrificing its legendary small resource profile by much doing it.
Hope that helps you sort out the players... as of this time, though, Tiny and Kerio are quite different animals in the firewall world. Both share a common ancestry, but they've definitely branched each into its own direction. As of now, Kerio is heir to the "old Tiny" simple packet filter model, and Tiny is heir to the "Trojan Trap" pedigree...