I may be wrong, but when it comes to sandboxes (not HIPS) on Win 64 bit, it makes sense to use security mechanisms offered by the OS. Because on Win 64 bit, you can´t use kernel hooking anymore. For example, Tzuk had to redesign SBIE because he couldn´t rely on Win 32 bit techniques, like patching the OS kernel, because of PatchGuard.
A developer should answer this, but I believe that it depends on what the HIPS is trying to achieve. If I´m correct, not all HIPS can simply rely on OS security mechanisms. For example, anti exploit tools and behavior blockers still need their own protection techniques.
if you checked the link i post above, it lead to a thread where i did some quick experiments (with replies from the devs), it is a interesting software. It forbid a malware to run even before issuing a prompt.
AppGuard has chosen to aim at 100% (theoretically) guards at three checkpoints. Until now all known intrusions must pass these check points. The idea of garding a few checkpoints is explained well in this video of another HIPS: http://ambuships.com/details.html (look at the video, although AG works differently, AG uses a simular checkpoint concept). Yes but when the underlying OS is broken, nothing is guaranteed, but it helps to have a second means of defense (like with AG).
Hmm. I like the idea of using Windows native sandboxing features. But I don't know enough about the native API, and what can and can't be hooked by a driver, to say whether this is actually a good idea. I mean, I know Chrome for instance uses integrity levels and is relatively very secure; but Chrome was designed from the ground up for transparent sandboxing. Applying that level of restriction to arbitrary programs, using a HIPS, would not be possible (since you can't go any finer-grained than permissions for each binary executable file). I do notice, though, that the developers sell their own DRM mechanisms. This is more a political thing with me, but... color me dubious. To me that bespeaks greater concern with making money than with the public good.
Yes, I'm new to Wilder's quoting procedures, and this is not the best way to do it: but anyway, here it goes, to quote Windows_Security (with whom all posts I take as gospel) in a previous post... "It is the re-incarnation of Geswall for Windows 7 and beyond." Political innuendos aside from the previous poster, I hope once this baby breaks out of beta testing/production-- MRG Effitas (etc., meh... why not?!) puts this app through the ringer to see if we have a winner on our hands. For what it's worth and imho, if terms like "Geswall" and/or "Defensewall" are a viable option for this app respectively to Windows 7 and beyond and with the efficacy to boot... this application warrants serious attention. "Lay on, Macduff.." And bring it on, ReHips! Thank you to the OP and Wilders for yet another app that may garner and deserve another 500+ poster introspectives.
ThreeCubed here is a bit of info about quotes https://www.wilderssecurity.com/thr...xenforo-completed.362348/page-10#post-2359047
What do you mean by this: "Yes but when the underlying OS is broken, nothing is guaranteed, but it helps to have a second means of defense (like with AG)." So, it's better and more secure to have protection like DefenseWall or AppGuard, because they do not rely on Windows security mechanisms even in situations when operating system is broken So, what happens when hacker breaks through holes of Windows security mechanisms, than GesWall, Re-HIPS, Google Chrome and all other security software applications which rely directly on Windows security mechanisms (from Windows XP to to Windows 8.1) are than completely useless when it comes to protection? But DefenseWall and AppGuard, which do not rely on Windows security mechanisms at all, but on themselves/on their own security mechanisms, are still equally extremely useful even when Windows and its security mechanisms are completely bypassed?
Everything relies more or less on Windows security mechanisms. The mechanisms for hooking system calls, which is how a HIPS or AV blocks stuff, are provided by Windows. If those hooking mechanisms are broken, then there are/will be problems.
Appuard adds a layer wich differs from ACL and UAC (protected folders), this would increase complexity, increases the chance the intrusiin is only partial effective, but when the underlying OS is broken, nothing is guaranteed and everything is theoretical guestimtes
But breaking anyone's underlying OS can never end up good. When your OS is broken, nothing good can happen, that's the only thing sure. Only bad things can happen, so like Gullible Jones said; everything and every form of protection directly depends on hooking system calls which are again directly provided by Windows OS, so it doesn't matter if you have DefenseWall and AppGuard or GesWall, SBIE4, Google Chrome and etc. since all security software products are always using and will always use everything from underlying OS for any kind of protection, otherwise they cannot protect users at all, because without underlying OS hooking system calls no security software application cannot protect you at all, since they all use underlying OS hooks, whcih means all security software applications depends heavily, directly or indirectly on underlying OS-at least, that is how I understood it. One quick question: what does ACL mean-I know you're going to probably laugh, but I do not understand these short terms at all what they mean.
Access Control List. To get an idea, use windows explorer, right click a folder and click on the tab security. Regedit has a simular feature with permissions. When the onderlying OS is broken, it is game over, but simular to a house, when the fundation is rotten, there is a near 100% that it will collapse, only when is uncertain, so we agree on this
I tried appguard once but there was a problem with Sandboxie. Someone tried to explain how to work around that but I didn't understand the way it was explained. Is there an easy fix for this?
I am not using Sandboxie, but quite a few members use them together, just have a look in Sandboxie and AppGuard threads to find the names of those members. Ask them to help you.
AppGuard and Sandboxie work fine together. You need to do this in AppGuard: 1. Guarded Apps -> Settings, Add C:\Sandbox folder with read and write access. This should be enough to make Sandboxie work well together with AG. 2. User Space, add C:\Sandbox folder there too with Yes include option. This will make AG to guard programs running inside that folder. There are various flavours someones might prefer regarding installing software to a sandbox. With yes include flag you must select 'Allow User Space launches from the tray icon, preferably Guarded when installing software to a sandbox. After install you should deny that allowance. Alternative is you can select a specific sandbox folder if you have a payed version of SBIE with a No include flag, but if you do that bear in mind that you won't have AppGuard protection in that sandbox. I much prefer the simpler allow User Space launches option and disable after install. That will offer protection to say a browser that is not installed into a sandbox, but just run there.
From the RE-HIPS presentation, see picture From the 8 hips researched, three resisted well, let me guess: x86 only = DefenseWall discontinued = GsWall raw = Sandbox (because it was early V4 implementation using a combo of windows mechanisms and traditional hooks)
Hello. We wouldn't like to discuss other sandboxes and HIPS-es but we are ready to discuss ReHIPS. We'll briefly skim over some ReHIPS advantages. 1. ReHIPS doesn't use rootkit-technologies (aka kernel-mode hooks etc.). Instead it is based on well documented certified safe and secure Windows built-in access control mechanisms. Hence ReHIPS ensures system stability and integrity and doesn't extend attack surface. 2. ReHIPS is compatible with Windows Vista SP1 and higher (including Windows 8.1). 3. There are 32-bit and 64-bit versions of ReHIPS. 4. ReHIPS is compatible with other antimalware solutions. 5. ReHIPS protects from zero-day malware. 6. ReHIPS includes an initial database of rules (RulesPack) which includes more than 100 applications. This database is updated regulary. 7. ReHIPS includes our unique DeployHelper technology which helps to install software to the system protected by ReHIPS. Access rights for these applications are set automatically by DeployHelper. These applications then could be started in the restricted mode without additional manual configuration. 8. As we know, desktop is a security boundary. Only ReHIPS uses separate desktops. 9. And all these advantages are available in ReHIPS free demo-version which has only one technical limitation - 10 restricted processes running at the same time. PS. We'll release ReHIPS 1.2.0 very soon. The announcement is here.
What do you think about my earlier comments about ReHIPS, that it looks too complicated, at first sight? https://www.wilderssecurity.com/threads/rehips.364248/reply?quote=2374643
Even Microsoft doesn't support Windows XP Pro anymore. We don't support it too There is some tradeoff between usability and security. http://i.technet.microsoft.com/dynimg/IC163786.gif It's up to everyone to decide what he would like more: a secure system or a beautiful well-designed and very usable green icon saying protected and doing nothing in a corner of the desktop It's much easier to use ReHIPS instead of manual Windows access control mechanisms configuration in the right way everytime a new software is installed. By the way, one of our beta-testers prepares some video tutorials on how to set ReHIPS up and use it. We'll publush them with ReHIPS 1.2.0 release.
Geswall doesnt support 64bit? I would like the same hips over all my windows system if possible xp,vista and w7. Outpost will do for now since the falling over bug has been worked around.
