ReHIPS

Discussion in 'sandboxing & virtualization' started by MrBrian, May 24, 2014.

  1. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    Yes I did; slimjet. I just amended my post at the exact same you posted. Sorry....
     
  2. oZone

    oZone Registered Member

    Joined:
    Jan 18, 2017
    Posts:
    33
    Location:
    Earth
    Firefox is using google safebrowsing and cyberfox is based on firefox so it should use it too.

    You could try edge as it doesn't use google safebrowsing or disable safebrowsing in slimjet.
    It should be something like "Protect you and your device from dangerous site" as it's based on chromium.
     
  3. ReHIPS

    ReHIPS Developer

    Joined:
    Aug 29, 2014
    Posts:
    37
    Location:
    Europe
    What does it say, it just stops downloading?
    Best Regards, fixer.
     
  4. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    Thanks for the hint. That worked!
     
  5. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    I finally have it installed, and I've had a bit of time to play around with it. As best I can tell it's kinda like a hybrid of Sandboxie and VoodooShield; having both virtualization and restrictions based on ratings. Is that more or less accurate? I've been trying to find out how to best get started with it, to see it's something I want to use, by watching youtube videos. Does anyone know where I get get a starters guide?
     
  6. guest

    guest Guest

    There is no rating, it is application control & sandboxing based on rules.
    Only some basics programs/process allowed/isolated by default. then the user,based on the chosen mode, has to answer prompts or not.

    No guide yet , the best yu can do is to register in their forum, and learn over there. Videos won't tell you about all the aspect of ReHIPS.

    https://www.youtube.com/channel/UCG0BvsYENoG8JH4KTk_-dfw/feed
     
  7. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    651
    Location:
    Far East
  8. guest

    guest Guest

    A PDF-file can be downloaded but it is for the old version. If ReHIPS is installed, a built-in help file is available:
     
  9. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
  10. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Thanks will look into this. I installed it and it loaded all the default rules. Was not sure if it protects Google Chrome out of the box. All of my extensions crashed so assume this has something to do with appcontainer being enabled in Chrome? Same thing happened when I tested EIS a few months ago.
     
  11. guest

    guest Guest

    it does.

    i have Chrome's Appcontainer enabled, no issues with Rehips.
    i had this extensions' crash, i forgot what caused it, but it happened only once.
     
  12. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Do you have the paid version of ReHIPS, or the free version?
    If the free, that's why your extensions crashed: you went over the limit of 10 simultaneous isolated processes.
    This is the big limitation of the free version: you can't run a multi-process browser in isolation, with your extensions enabled.
     
  13. guest

    guest Guest

    lol you right , i assumed he had the registered version ;)
     
  14. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    457
    Location:
    MalwareTips "Your Security Advisor"
    +10 :thumb:
     
  15. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Doh you are correct! I really need to stop testing crap when I am sleepy lol. Will pickup the paid version. When I do, is Google Chrome then Sandboxed? Wish they had a manual or something.
     
  16. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Chrome is sandboxed by ReHIPS automatically. But if you should have it sandboxed or not is an entire other discussion. There are two schools; some say sandboxing Chrome might break Chrome's already flawless sandbox. Others say you add another layer and make Chrome even safer to use.
     
  17. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    I was hoping for the latter since I am currently running WD and wanted some further protection on my home PC. I am sure others run Chrome Sandboxed with ReHIPS correct?
     
  18. oZone

    oZone Registered Member

    Joined:
    Jan 18, 2017
    Posts:
    33
    Location:
    Earth
    ReHIPS isolation should not interfere with chrome sandbox, as ReHIPS isolate via user profile (different mechanism than chrome sandbox)
    if we ignore restrictions the only thing that ReHIPS change is integrity level, it will set it to untrusted
    If you run chrome without isolation it will be have appcontainer level

    but IIRC currently there is no sandbox software that can isolate with appcontainer level

    I think only those who have paid ReHIPS version
    ReHIPS will provide sandbox with more restrictions than running it in SUA
     
  19. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Thanks oZone. So it is ok to run Chrome within ReHIPS and have appcontainer enabled in Chrome?
     
  20. oZone

    oZone Registered Member

    Joined:
    Jan 18, 2017
    Posts:
    33
    Location:
    Earth
    it will be fine, ReHIPS will change integrity level to untrusted so you won't get appcontainer isolation, but it should be small price as ReHIPS will isolate chrome with more restriction than in SUA
     
  21. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Great I will check into this hopefully tonight. Cheers!
     
  22. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    That's one of the arguments for sandboxing Chrome... no one can tell if it's the right choice though.
     
  23. guest

    guest Guest

    I will precise something which i believe is important to the understanding of ReHIPS:

    - without ReHIPS, you run Chrome with your original profile as Appcontainer Integrity Level (IL) if it is enabled.
    - with ReHIPS, you run Chrome (or another application) inside a dedicated Isolated Environement (IE). The IE is in fact a tighten "dummy" user profile (ReHIPSUser"x"), this IE is ran as Untrusted which is the safest IL available on Windows (excluding Appcontainer IL).
     
  24. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Nice! Good explanation! One can see why people argue which is the better of the two (Chrome 'AppContainer' vs Chrome 'Untrusted' but double-sandboxed).
     
  25. ReHIPS

    ReHIPS Developer

    Joined:
    Aug 29, 2014
    Posts:
    37
    Location:
    Europe
    I was going to post it in out blogs subforum later. It has a separate topic for ReHIPS FAQ here https://forum.rehips.com/index.php?topic=9520.0 which some of you will find interesting. But as this discussion is here and now, I'll post it here.

    I often get questions like what's better, ReHIPS isolation or AppContainer? Does ReHIPS use this feature? Should I isolate Chrome, if it's already in AppContainer? Let's figure it out.

    AppContainer is a Windows sandbox introduced in Windows 8. In low-level details it's some security add-on on top of existing tokens and access rights.

    So what's more secure, ReHIPS isolation or AppContainer? Short answer is AppContainer. Why? Because it appeared later (Windows Vista SP 1 for ReHIPS vs Windows 8 for AppContainer), it roots deep in Windows core with more capabilities than any 3rd party software and it's more specific while ReHIPS is more wide-oriented. Though the basics they're both based on are the same. But that specificness (is there such a word?) is also a disadvantage of AppContainer. You can't just take some random program, put it into AppContainer and expect it to work. The program should be AppContainer-aware from the very beginning on the development stage. That's why ReHIPS doesn't use AppContainer feature. But as they're more secure, ReHIPS doesn't isolate AppContainer programs. But make no mistake, I don't mean Chrome or Internet Explorer here as they have some AppContainer processes, but some processes are still without isolation. I mean purely AppContainer immersive programs here.

    So what about Chrome and other AppContainer-using programs? That's a different story. To exploit them, you don't necessarily have to bypass AppContainer, sometimes it's enough to attack their communication protocol with another non-isolated process. And that's the catch. If this exploit is successful, some code with non-isolated process privileges can be executed. But if this process is ReHIPS isolated, malicious code will remain in isolation. So yes, it's a good idea to ReHIPS isolate programs that already implement AppContainer feature, but have some processes non-isolated.

    Best Regards, fixer.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.