Hysolate, automatic virtualization of dangerous programs and more

Discussion in 'sandboxing & virtualization' started by Floyd 57, Oct 21, 2021.

  1. Melionix

    Melionix Registered Member

    Joined:
    Jun 22, 2020
    Posts:
    111
    Location:
    Earth
    Can someone post some pics of what this software looks like in action?
     
  2. talhysolate

    talhysolate Registered Member

    Joined:
    Jan 4, 2022
    Posts:
    13
    Location:
    Israel
    Hi everyone, I'm Tal - the CTO and founder of Hysolate.
    I appreciate the feedback in this thread and would like to thank those of you who are using Hysolate Free.
    I'd be glad to personally answer any questions you might have on the product - feel free to send an email to tal@hysolate.com with any questions/feature suggestions.

    Note that we've started building a flavor of the product that is even lighter - instead of providing a full-blown desktop, it only has a browser (e.g. Chrome/Edge) isolated with our VM-based isolation technology, and there's no need to switch between desktops, etc. This makes it easier to adopt and use for those who only need strong browser isolation. Your feedback is very welcome.

    Thanks!
     
  3. Peter 123

    Peter 123 Registered Member

    Joined:
    Feb 1, 2009
    Posts:
    615
    Location:
    Austria
    Hi, Tal!

    Can you describe just in a few words which are from your point of view the advantages and (possible) disadvantages of Hysolate compared with Sandboxie? Perhaps focussed on the use for browser isolation.
     
  4. talhysolate

    talhysolate Registered Member

    Joined:
    Jan 4, 2022
    Posts:
    13
    Location:
    Israel
    Sure, Peter, there are a few main differences between Hysolate and Sandboxie:
    1. Sandboxie is based on Windows API hooking/interception at the process level, but it still shares the same operating system with the rest of the system. What that means is that there is still a wide attack surface that malware can leverage if you visit a malicious website. Hysolate is based on hardware-based virtualization technology (VM-based isolation, leveraging Intel VT) - this means that the isolated apps (browser/full desktop) are running in a separate operating system running in a VM, which dramatically reduces the attack surface.
    2. Sandboxie's purpose is to protect your machine from malware running within the sandbox. However, there are cases in which you want the opposite, i.e. to protect some app from a potentially-infected operating system. For example, you might want to access your bank, a sensitive work-related SaaS app, or some IT systems. Hysolate can let you access these sensitive resources in a secure way that protects the browser/apps from the infected operating system - standard malware (even if it infected your host operating system) won't be able to take screenshots, collect keystrokes or files of your sensitive apps.
    3. The full Hysolate version can run any Windows app, not just a browser, as-is. There are no compatibility issues with these apps as they are running without any API hooking/interception (as opposed to Sandboxie that may introduce app compatibility issues).
    I hope this helps. Feedback is very welcome!
     
  5. Peter 123

    Peter 123 Registered Member

    Joined:
    Feb 1, 2009
    Posts:
    615
    Location:
    Austria
    Yes, it helps. Thank you for the information, Tal.

    Another question concerning the system requirements. According to your homepage, these requirements at the moment are (https://www.hysolate.com/faq/):

    I assume that for the future "light" version (= only browser isolation) the requirements will be less restrictive, right? At the moment I could not even use Hysolate on my (more than 10 years old) computer.
     
    Last edited: Jan 5, 2022
  6. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,911
    Location:
    Outer space
    The browser only isolation flavor sounds interesting, it seems more useful for personal/home use.
     
  7. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    326
    Hi Tal,

    Could you explain why when we re-create the Workspace that we have to provide email address and obtain a code again? That could be done just once at installation time, don't you agree? I think I would re-create and empty out the workspace at least once a week for security purposes.
     
    Last edited: Jan 5, 2022
  8. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    326
    Hi Tal,

    Can you give us the differences between Hysolate and ReHIPs?

    Thanks.
     
  9. talhysolate

    talhysolate Registered Member

    Joined:
    Jan 4, 2022
    Posts:
    13
    Location:
    Israel
    Peter - the browser-only version would require less disk space, but would still require 8GB of RAM, Intel VT, and a SSD drive for a good user experience.
     
  10. talhysolate

    talhysolate Registered Member

    Joined:
    Jan 4, 2022
    Posts:
    13
    Location:
    Israel
    Hi Lunarlander, if you choose: "Reset Workspace" (see screenshot below), it would reset the OS in the VM and would not require you to sign in again. We only require you to sign in again if you choose to "Reset Workspace and data" (as we assume you might want to sign in with a different Hysolate user account).

    You are right though that we could build another option which would completely reset the OS + user data and would not require another sign in - I'll pass this feedback to our product team, thank you!

    upload_2022-1-6_8-49-31.png
     
  11. talhysolate

    talhysolate Registered Member

    Joined:
    Jan 4, 2022
    Posts:
    13
    Location:
    Israel
    Yes: ReHIPS also runs apps in the same operating system (with the same kernel, services, etc) and does isolation at the process/API level. Malware can leverage OS vulnerabilities, do privilege elevation, and be able to escape the ReHIPS process-level sandbox. Hysolate has a completely separate operating system running in a VM which dramatically reduces the attack surface. We also allow you to protect the isolated apps from the host OS (e.g. prevent screenshots, keylogging, etc of the apps running inside Hysolate).
     
  12. talhysolate

    talhysolate Registered Member

    Joined:
    Jan 4, 2022
    Posts:
    13
    Location:
    Israel
    Thanks, BoerenkoolMetWorst - if you're interested we can get you an early availability version of it.
     
  13. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,911
    Location:
    Outer space
    Sounds interesting thanks! But the coming months I'm to busy to try it out.
     
  14. StillBorn

    StillBorn Registered Member

    Joined:
    Nov 19, 2014
    Posts:
    297
    Thank you, talhysolate, for your lucid explanation regarding ReHips' vulnerabilities. Since Sandboxie is also obviously another sandbox application, it may be reasonable to more or less induce that Sandboxie is also subject to the same potentially fatal design flaw assuming a similar isolation at the process/API level (?). Moreover, Shadow Defender and Faronics Deep Freeze do not require a completely separate operating system, the use of a SSD, an Intel VD, and 8 gigs of RAM to accomplish the same results as Hysolate. It's always great to see sandbox and virtualization apps continue to evolve and it appears that Hysolate could be a real sweet spot in this arena. Just wondering if the opportunity costs of the OS requirements to get this digital browser prophylactic even off the ground justifies the means to an end.

    As a casual aside, for those looking for an apparently viable and a maturely developed alternative to Sandboxie, check out Shade Box. No comment on the lifetime license fee (omfg and/or gadzooks!), but the app looks like a champ from what I've gleaned via YouTube and Searx/Metager/Gibiru/Qwant search engine reviews.
     
    Last edited: Jan 8, 2022
  15. Melionix

    Melionix Registered Member

    Joined:
    Jun 22, 2020
    Posts:
    111
    Location:
    Earth
    If Brave is supported, I definitely want to try an early version of it!
     
  16. Freki123

    Freki123 Registered Member

    Joined:
    Jan 20, 2015
    Posts:
    337
  17. StillBorn

    StillBorn Registered Member

    Joined:
    Nov 19, 2014
    Posts:
    297
    Thanks for the reply and the edification, brother (or sister, as the case may be...).;) The shark jumped me when I goofed by not doing a subject search on this fabulous and indispensable forum. Anywho. I was smitten by Shade's user friendly simplicity and contrarily leery of their website's total lack of version update history, etc. Kinda wish the market was as inundated with sandbox/virtualization options as it is with the good ol' trite hit and miss signature based antimalware solutions. C'est la vie.

    Yeah, I'm rockin' with a SSD and the spare RAM to support Hysolate minus Windows' "Pro/Enterprise" mantra even though I've tossed in M$ Office 2017 a while back for good measure. You can bet the farm I'll take the Hysolate browser version out for a spin barring hardware compatibility issues as soon as it becomes ready for prime time. It goes without saying that Hysolate probably could've tripled their market share interest without the steep hardware requirements to make this puppy work from the get-go. And from their perspective there may be (okay-- let's go with "absolutely") no incentive whatsoever to compromise since apparently it's a freebie venture in the making.
     
    Last edited: Jan 8, 2022
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,928
    Location:
    The Netherlands
    So is Hysolate basically a more user friendly version of Windows Sandbox? It does sound interesting and of course it has got certain advantages when compared to Sandboxie, but I still believe it's overkill. Also what about the files that you save inside the VM, I suppose you need to move/copy them to your real machine? And does Hysolate have got certain advantages over VirtualBox and VMware Workstation when it comes to simply testing software?
     
  19. talhysolate

    talhysolate Registered Member

    Joined:
    Jan 4, 2022
    Posts:
    13
    Location:
    Israel
    Thanks for the detailed reply, StillBorn. One extra clarification: Hysolate is significantly differentiated from products like Deep Freeze. Deep Freeze can help you get your Windows OS to always boot from a trusted state (making Windows practically "immutable"), it does not protect that Windows OS from getting infected while you're using it - malware will stay on the system until you reboot and can do harm at that point. Hysolate is doing something else: we practically "split" the endpoint into two zones - one for dangerous activities (e.g. email/wild browsing) and another for sensitive activities (e.g. work-related, banking, etc). By doing that, even if you get compromised, malware cannot reach your sensitive assets. Furthermore, Hysolate provides the best possible isolation in software, leveraging a virtual machine "barrier". I hope this helps shed more light on the differences. Thanks for the feedback!
     
  20. talhysolate

    talhysolate Registered Member

    Joined:
    Jan 4, 2022
    Posts:
    13
    Location:
    Israel
    Hi Rasheed, thanks for the question. There are multiple features that Hysolate adds on top of solutions like Windows Sandbox/VirtualBox/VMware Workstation, for example:
    • No need to manage/update/deploy another operating system image (as opposed to VirtualBox/VMware/Hyper-V)
    • As opposed to Windows Sandbox, you can still keep your user data when you restart the VM (if desired), you can also install apps in the user profile and they will persist after restart (Windows Sandbox is completely volatile).
    • Smarter power management (e.g. the VM is suspended automatically when you're not using it)
    • Automatic redirection of risky/sensitive websites to the VM (and back) via our browser extension - doesn't require the user to be disciplined to know when to open websites in the VM
    • Protects the VM from screenshots by host malware
    • Protects the VM from keystroke logging by host malware
    • Full disk encryption of the data in the VM
    You can read more details on this here (Hysolate Free for Risky Access) and here (Hysolate Free for Sensitive Access).
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,928
    Location:
    The Netherlands
    OK thanks, it does indeed sound like a way better version of Windows Sandbox. The biggest disadvantage is of course the high RAM usage, that's why I'm not really into protecting the browser by VM. But how would you classify Hysolate, is it basically OS Virtualization? For example, Bromium (HP Wolf Security) makes use of Micro Virtualization, what do you think of this?

    https://www.zdnet.com/article/bromium-a-virtualization-technology-to-kill-all-malware-forever/
     
  22. talhysolate

    talhysolate Registered Member

    Joined:
    Jan 4, 2022
    Posts:
    13
    Location:
    Israel
    Thanks for the feedback. Note that the RAM usage you see in task manager related to Hysolate might be inaccurate as Hyper-V manages the VM's memory dynamically and can pre-allocate more memory to the VM than it actually needs - and it will return this memory to the operating system if needed. So you might see high RAM usage for Hysolate while in fact it consumes much less.

    Hysolate can indeed be classified as an OS virtualization product - and as opposed to Bromium, Hysolate is based on the native Hyper-V virtualization capabilities of Windows.
     
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,928
    Location:
    The Netherlands
    OK thanks for the info. And so the key thing to remember is that Hysolate is not a full blown VM solution like VMware and VirtualBox. In the future when I buy a more powerful desktop/laptop I will check Hysolate out, because the concept is indeed very interesting. Good luck with the company and are you guys already having a bit of succes?
     
  24. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    585
    MWDAG... ?? Would someone please solve what this stands for.... malware something I guess. Is it so obvious its not worth responding?

    Thanks for the help everyone /s
     
    Last edited: Jan 20, 2022
  25. talhysolate

    talhysolate Registered Member

    Joined:
    Jan 4, 2022
    Posts:
    13
    Location:
    Israel
    Thanks, Rasheed! Yes, we are seeing a lot of interest in our free product and also have commercial success with our enterprise product.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.