ReHIPS

ReHIPS and Shadow Defender now compatible.

Good news!

After mailing Tony from Shadow Defender and pointed him to the HWiD issue he finally managed to solve it with a new version. At least on my machine (Win8.1 x64) testing for 35 min.

Here's the new version if you want to test:
http://www.shadowdefender.com/download/SD1.4.0.635_Setup.exe

 

nice

 

@Mister X

Appreciate, and Thank You! For sharing!!!

 

How much longer before some public release of this?

 

They are not Comodo

They want be sure all is fine and bug-less before releasing a public stable version, the security aspect is quite completed, they were focused mostly on it.
Now they are fixing/improving the usability aspect, we have submitted them a huge list of usability issues/suggestions, and they implementing them right now. Since it is a new product with unique functionality , their userbase is limited so the feedbacks, this is why it take time.


The beta is very stable, you can ask for it on their forum here : https://forum.re-crypt.com/index.php?topic=2263.0

Just be patient, when we will have the green light, you will be informed.

 

Beta is stable. All versions of ReHIPS have been stable.

Usability has some quirks - which they have prioritized a TO DO list to fix. Some fixes will be relatively soon while others will be tackled in future major version releases.

 

I'm unsure... Is the current version of Rehips stable enough to be installed on a "real" system? (...i have no VM at the moment)
Or is it too risky

 

I think so.
I'm using ReHIPS on my Host OS, too, for more "real" testing. The dev already said that the product should be good enough to be used for real computers, but of course, expect some bugs. He also said that if critical problems occur, ReHIPS can be uninstalled in Safe Mode.

To be safe, have enough backups.

 

im using it on my production machine, not even a single crash or BSOD, unlike the lizard

 

Ok. I'll take some preparations before i install it.
After that the fun begins

 

Then take time to read the help file and the threads we made on https://forum.re-crypt.com

 

what happens if I run ReHIPS, but with my browser and PDF reader unvirtualized?
do I end up with the same level of protection that I would have with NVT ERP?
Or am I missing out on the main thing?

 

I think you'll still have the HIPS to protect them.

 

There is no virtualization in ReHIPS; the containment is completely Windows-based.

 

The protection is better than NVT ERP - if you know which processes shipped with Windows are vulnerable and fully understand what to do when presented with the various HIPS alerts.

When in doubt, block. You can always un-block after verifying that some action or file is safe.

 

If you run a program non-isolated, then it is run in the real user profile. In that case, the HIPS module is the only protection. ReHIPS is a "go - no-go" HIPS. You either allow a process or block a process. If you run a browser from the real user profile, and it is exploited, then any dropped payload should generate a HIPS alert. If it happens to be "fileless\in-memory-only" malware, then there probably won't be any HIPS alert. Plus, the malware will have full access to the registry and file system - including services. ReHIPS does not run non-isolated programs with limited rights.

If you are concerned about such things - and use the real user profile a lot - then AppGuard will protect the real user profile when running programs non-isolated. There is no real equivalent alternative to AppGuard - but you could instead use Sandboxie to isolate programs from the real user profile. However, if you are using ReHIPS, why would you use Sandboxie ?

Ask fixer -- he will give you the up-and-up on HIPS protection of the real user profile.

 

thanks for detailed explanation!

 

So it sounds like the special protection of vulnerable processes that you have in NVT ERP is a very good thing for non-experts.

 

It is a start, but the default NVT ERP vulnerable process list is incomplete.

 

right. I added a few.

 

Is the isolation mode like sandboxie?
what an application can do and what not when is running in isolation mode?

 

in short, rehips is not virtualization. In that way, it is not like sandboxie.
But the actual result is relatively similar: the isolated app cannot make changes to the file system.
In rehips, you can define the permissions for what an isolated app can and cannot do

EDIT: by default, rehips defines the appropriate permissions for sensitive apps. Each app has a unique set of permissions, according to what it needs.
for instance, Adobe PDF reader will open isolated, in a separate desktop, while chrome will open isolated, but on the main desktop.
This behavior can be modified.

 

I tried it yesterday and it's very low on resources . 8 mb for the GUI and maybe additional 10-15 mb for other Rehips-executables.
There are some small gui-related glitches, but some of them were already mentioned in the Rehips-Forum.
(too small sliders for scrolling, ...)

In the handbook is mentioned: "Edit isolated environment", but i can't find it in the GUI.
Because i want to give Firefox (that is running isolated), access to more folders and removable media.

 

Cool, thanks.
Now i know, what i've made wrong. I edited the file "firefox.exe" not "Firefox".
But now i can see these options

 

rehips site never had any link for download. so how did you guys download it. no matter when I check there is no download.