Hysolate, automatic virtualization of dangerous programs and more

www.hysolate.com

I am not gonna say what's already written there so feel free to read it yourself, but basically (i have not tried it yet) it automatically isolates dangerous applications in its own container

The best thing is that the home/personal version is free, only the one with enterprise features is paid

If you go here https://www.hysolate.com/free/ you can see you only lose out on stuff you don't need as a home user anyway. Essentially u get the full product for free. I am not sure which one of the two (left or middle) should be downloaded tho

On a side node, there was this company Bromium and the only thing left from it now is this pdf https://www.bromium.com/wp-content/uploads/2018/06/Bromium_Secure_PLatform_DS_V5.pdf
however if u go to Bromium.com as well as another link i found that i lost now, u can see they got acquired by HP and now they are called HP Wolf. Unfortunately there is no home/personal version, although you can probably pretend u're a company, or u can buy one of their pre-builts which include HP Wolf Security for more info check the pdf for its capabilities and visit www.bromium.com (it should redirect to the hp page)

 

LOL. You need 8 GB to install and run it. I have only 4 GB. Interesting application to sandbox processes so malware can't leverage them against Windows.

 

I have Windows 10 Pro with 8GB RAM, Intel Core i5, but I don't have SSD!
I use sometimes Windows sandbox.

 

At first I became excited, because I thought it was similar to Sandboxie. But now I see it's OS virtualization and runs only on Win 10 Pro and it will probably use a lot of RAM. I may check it out when I buy my new PC.

But just like Bromium and the Windows Sandbox, it's probably overkill and not that handy in practice. Too bad, would have liked to see some serious competition for Sandboxie. And Shade Sandbox also wasn't good enough.

https://techcommunity.microsoft.com/t5/windows-kernel-internals/windows-sandbox/ba-p/301849
https://www.softpedia.com/get/Security/Security-Related/Shade-Cybergenic.shtml

 

Norton Safe Web offers to virtualize suspect websites so you can check them out. There are lighter and more practical solutions out there for dealing with phishing and malware on the Internet.

 

As far as I know, stuff like Comodo Firewall and Sandboxie and Shadow defender is software-based virtualization, while VMWare, Virtual box and Hysolate is hardware-based virtualization, meaning (much i think?) more secure. Dan the developer/owner of Voodooshield said that while Sandboxie and SD are great programs, he wouldn't put his eggs in their basket if testing malware on his main machine, he told me to use VM.

Norton Safe Web is software-based virtualization no?

I think you need at least 10-12 gb ram, if u have 8 might not be enough depending on what u run, or u will have to run very tightly

Definitely not overkill if you read my post. And don't trust me, trust Dan the Developer of VS. He said that on the now defunct VS forums. But i got it in my email:

 

That's the thing. For malware testing it's indeed best to use virtual machines, but purely for browser protection it's overkill, because app virtualization as offered by Sandboxie is already pretty secure. So I'm not going to load a full container OS like Hysolate and Windows Sandbox do for this stuff.

And VMware and VirtualBox are totally out of the question, they virtualize the whole OS. Sandboxie is good enough, why do you think that Chromium and Firefox have built-in sandboxes, similar to what Sandboxie offers. It's because it makes it hard for malware to do any serious damage. Sandboxie even adds virtualization on top.

 

If you are lacking the ram, sure. That said the sandboxie thread is full of users asking why X isn't working, what Y settings to use and so on. It is an extremely complicated program, i don't even wanna bother reading it. Meanwhile hysolate just opens it in a container. Boom. That's all. So simple. No worrying about where the data will go. No worrying it's not working. No worrying what settings to use. No worrying about updating or w hicih version to use. No worrying have to make posts asking this guy about this and that guy about that.

Of course on a ram budget then yeah probably u rather use sandboxie, if u can manage it (i personally only tried once but quickly uninstalled it, i even forgot why i uninstalled it).

And yeah using vmware/virtual box isn't smart either as their performance can't match host machine performance. Not sure about Hysolate.

 

FF and Chromium based browsers have their own sandboxes, which can be strengthened with security extensions.

With hardening Windows and setting rules for the Windows firewall, you're proofed against malware and zero day exploits.

 

Sounds interesting. I just tried it out, wasn't aware there were 2 different free versions, I got the one for Isolating sensitve access. With Win+Alt+Arrow key you can switch to the secure environment where you can do banking, view documents etc isolated from your normal OS. Admin access is not allowed inside the workspace, so you can't install programs inside it(which is to be fair not the point of this version.) It comes with Google Chrome, MS Edge, Notepad++ and some built-in windows apps. There is no office suite, but the office documents open fine inside Chrome. Edge is up to date, but Chrome is still on v92. You can succesfully update it from inside Chrome, but it seems everything outside the user profile is lost after shutting down the workspace. Great to keep infections out, but that also reverts the Chrome update.

 

Well i guess it's more useful for business people despite having the full version for free for home users, as that's how business users get infected. By opening mail and browsing. Which this program prevents completely. Although its like. When u download mail u have to save it to the main pc. So first u open it and how do u know its not malware? Well if it doesnt do anything immediately it's prob not. But ofc it could just be stealthy and sit hidden, waiting until u save the file to ur main pc. So its more like for discardable files than exchanging important office documents through mail. And also the filter list thing is kinda dumb cuz if u encounter 0 day with fully patched windows and chromium on the internet u should consider yourself lucky, as a home user that is. So its not like "oh the filter list says this page is bad, i should open it in hysolate" cuz its like, ok its bad so whats it gonna do, right? And also for banking u have no access to ur password manager in the isolated environment unless u download it and login and whatnot. So I haven't actually tried this program yet but from what Boerenkool said it doesn't sound too useful. No office suit also sounds ****. How do u open excel files? I guess u can view in Chromium with a plugin.

Although what u downloaded is actually the middle row



And as u can see the automatic redirection in this version is not yet implemented. So that massively reduces the need for the program when it can't redirect automatically. Not only that, but now after reading your reply, and reading the above pic, u can tell that it's actually the LEFT row that we as home users need. Because handling sensitive documents is not a problem for home user. For business user u cannot have random programs like avs and whatnot having access to your private company enterprise files. But for home users it doesnt matter if your programs can see your files really. So the "sensitive" is not very useful for home user. Secondly, malware being able to access sensitive documents is not a problem, as for malware to do that, it has to first run on your system. And how does it run on your system? By the risky stuff. When you run risky stuff that's how you get malware! So combining all those points, as a home user what you actually want is the LEFT version, not the MIDDLE one (there is another row on the right on the website page). The left one automatically redirects all risky websites to VM. It also redirects all untrusted documents and applications. Which to me sounds much better than "sensitive" documents and applications, as the latter is just stuff that YOU have, while the former (risky/untrusted) is stuff that YOU don't have but you're now downloading and thus it's contained so even if it's malware it won't do anything. So i recommend anyone who tests it out to use the LEFT version. I haven't tested it yet but hopefully soon tm.

 

Can't really strengthen javascript can u. Not unless u block all js by default unless explicitly allowed. In which case have fun allowing every single js file on every site

 

NoScript allows users to decide what scripts are allowed to run in a browser.

 

Yeah bother with every single script on every single page who got time for that lmao are u so paranoid

 

Umatrix is a good alternative.

 

MWDAG is a good alternative. You'll have to tweak the registry to lower the requirements to run it and its basically set it up and forget it. A sandbox is established for untrusted sites.

 

But if you always open and edit the document in the workspace, nothing infects your host.

You can copy/paste to a workspace.

Opening excel files works in Chrome by default, no need for a plugin. It also automatically opens in Chrome if you open it from File Explorer, so no need to manually open it in Chrome.
It looks like enterprise users can modify what is in the Workspace image, so if they want they can include an office suite, password manager, videoconferencing software and whatnot.

Yeah that would make more sense for home users.

 

It's not even about Sandboxie, it's more about app virtualization vs OS level virtualization. The latter is complete overkill for browser protection, and not that handy in practice, just look at Windows Sandbox. I believe Hysolate is similar to Windows Sandbox, but perhaps it has improved upon it, who knows. But why would I waist 8GB of RAM, just to protect my browser? No thanks, apparently I'm not THAT paranoid.

And trust me, I have been using Sandboxie since 2004, it's not complex at all. I have used it as an extra protection layer with browsers like Maxthon, Opera, Firefox and currently Vivaldi. I only had problems with Firefox, no problem because it sucked anyway. So the problems that people report in the SBIE topics don't really affect me personally.

People also shouldn't expect to be able to run every app sandboxed, it was never designed for this. Sandboxie's main job is to protect browsers, so it should at least be compatible with Chrome, Opera, Brave, Vivaldi, Edge and Firefox. And yes, sometimes it needs to be updated, no big deal as long as it works with your current browser version.

 

I believe this was also the problem with Windows Sandbox, it reverts everything. I don't see the point of it. For browser protection based on app virtualization you can use something like Sandboxie, Comodo or Shade and for software testing you could use VirtualBox or VMware, no need for OS level virtualization, that's how I see it.

 

HP Wolf / Bromium requires 8GB also. (https://support.bromium.com/s/article/System-Requirements-for-Bromium-Isolation-and-Monitoring)
Note that Hysolate uses about 4GB, so that the Workspace has enough RAM to be fast and responsive, and then the host also has 4GB minimum, so it doesn't slow down the host. That's probably why they require 8GB.

Well for corporate users there is no problem as they can choose what to put in the Workspace image, so they can also keep the programs inside updated. User profile is saved so all documents can be kept. The point of reverting it is keeping it clean in case there is an infection. Same with Sandboxie, something can get in, and it may not be able to infect your host because of the sandbox, but everything inside the sandbox can still be compromised, so clearing the sandbox regularly would be a good idea.
If your system specs are good enough, it's not complete overkill. It works fast and it is intuitive for non-techies. And hypervisor based virualization is more secure than sandboxing or using containers.
Currently, the limitations of the free version make it less interesting for home use though.

 

Updated to new version 1.2.11.20:

 

I thought it looked interesting but I don't have Windows Pro.

 

No registry patch? I'm staying on MWDAG.

 

To clarify, I do think containers like Windows Sandbox and Hysolate are interesting, both mostly for software testing, not for security. If they can offer me more convenience than VirtualBox and VMWare I would use them. But purely for browser protection it's overkill in my view, especially for home users.