Discussion in 'sandboxing & virtualization' started by MrBrian, May 24, 2014.
Download and manual: https://rehips.com/en/
How is this different of Appguard?
I don't know, sorry. I didn't try ReHIPS.
The manual looks pretty good.
Processes can be either restricted or unrestricted. Various restrictions can be applied to a restricted process. The free version, as of v1.1.0 Beta, is limited to 10 restricted processes.
Some restrictions that can be applied to a process are:
Don't allow network access
Restrictions on ability to create child processes
Disallowing execution of the process itself
Restrictions on what file/folder and registry objects can be read, written, or executed by the process
Restrictions on operating system rights that are given to the process
Integrity level that the process runs as
Run process on a separate desktop for better security
Looks like a neat concept. I might try this program .
The manual does indeed look interesting, and you can learn a lot about security mechanisms in the Windows OS, I will read it tomorrow.
But I must say that it´s looking too complicated, not my cup of tea.
How I would design a HIPS:
I don´t know about AG, but if I´m correct Sandboxie v4 is also using security mechanisms of the Windows OS, combined with virtualization in order to restrict and isolate apps from the real system. The difference is that SBIE is a lot less complex than ReHIPS. IMO these guys totally missed the mark.
The free version of Sandboxie has just 1 sandbox, right? If so, then the free version of Sandboxie has just one set of restrictions for file/registry access, right?
just tried it in Vbox and put some screenshots
Separate desktops are necessary to prevent "sandbox escaping" using windows hooks. If allowed and restricted applications were started on the same desktop and DESKTOP_HOOKCONTROL access right was set for the restricted application, then the restricted application can set window hooks on the allowed application's windows and possibly execute arbitrary code in the context of allowed application
May be that I don't understand, but where is the security if it works in this way ?
i believe the security is to prevent the restricted apps to set hooks via the allowed one nullifying the use of the allowed one as a trojan horse.
by the way, when ReHIPS is installed it disable Windows Defender
Ya, but i don't understand why " If allowed and restricted applications were started on the same desktop and DESKTOP_HOOKCONTROL access right was set for the restricted application, then the restricted application can set window hooks on the allowed application's windows " .
check here page 26
ReHIPS doesn't use virtualization, so it's not a Sandboxie clone. Maybe ReHIPS can be used in conjunction with Sandboxie though?
Hi MrBrian, when you first install Sandboxie, it comes with one sandbox and you are allowed to create and use more than one sandbox. You can set each of them as you wish. But in the free version you just cannot use multiple sandboxes at the same time.
from my one day use of it (i know it is not much ^^) it's look like Defensewall
Looking at the manual it looks for me similar to SysWatch (Safe'n'Sec) but based mainly on system features...and unfortunately like SW causes some problems right from the beginning. I wasn't able to properly install that app and instead of app's window I saw only error-popup that HIPSGui32.exe and RulesPack32.exe are unable to execute.
The message inside means in shortly that:
- system can not verify digital signeture of this file
- that file perhaps is not properly verified or is corrupted...
- or file is just malware from unknown source
The error code 577 can also means that ReHIPS can be not compatibile with Vista
i installed it in both VM and real system, it works well on both.
And what about other loggers?
Yes I know, but I don´t really think that you need reHIPS, Sandboxie already does this stuff, and is way easier to use and understand.
It is like AppArmor on Linux, it has rules to restrict an application with all Vista introduced security mechanisms. It is the re-incarnation of GeSwall for Windows 7 (does not seem to run on Vista) and higher. Like Chrome's sandbox uses Windows internal mechanisms, only configurable
AppGuard uses its own mechanisms and focusses on intercepting the most used vectors of an intrusion.
I will definitely try it when it is out of beta, but will only be using it for my internet facing aps (and PDF reader).
Thanks for the info
You said: AppGuard uses its own mechanisms and focuses on intercepting the most used vectors of an intrusion.
But does AppGuard focus and protects by intercepting and blocking less used and all other used vectors of an intrusion?
And doesn't an software, security application using its own security mechanisms (like AppGuard and DefenseWall), actually give/provide more security than all those software, security applications which rely on windows security mechanisms (like Chrome, Sandboxie4-someone mentioned this above, GesWall, ReHips and etc.), since all windows are full of security holes?
ReHIPS enhance those mechanisms without involving "flawed" kernel hooks as old style HIPS does.