ReHIPS

Discussion in 'sandboxing & virtualization' started by MrBrian, May 24, 2014.

  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Blog: http://re-crypt.blogspot.com/
    Download and manual: http://re-hips.com or https://re-hips.com
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I don't know, sorry. I didn't try ReHIPS.
     
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    The manual looks pretty good.

    Processes can be either restricted or unrestricted. Various restrictions can be applied to a restricted process. The free version, as of v1.1.0 Beta, is limited to 10 restricted processes.
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Some restrictions that can be applied to a process are:
    • Don't allow network access
    • Restrictions on ability to create child processes
    • Disallowing execution of the process itself
    • Restrictions on what file/folder and registry objects can be read, written, or executed by the process
    • Restrictions on operating system rights that are given to the process
    • Integrity level that the process runs as
    • Run process on a separate desktop for better security
    Looks like a neat concept. I might try this program :).
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    I don´t know about AG, but if I´m correct Sandboxie v4 is also using security mechanisms of the Windows OS, combined with virtualization in order to restrict and isolate apps from the real system. The difference is that SBIE is a lot less complex than ReHIPS. IMO these guys totally missed the mark. :)
     
  8. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    The free version of Sandboxie has just 1 sandbox, right? If so, then the free version of Sandboxie has just one set of restrictions for file/registry access, right?
     
  9. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,183
    Location:
    in a remote land :)
  10. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
  11. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,183
    Location:
    in a remote land :)
    i believe the security is to prevent the restricted apps to set hooks via the allowed one nullifying the use of the allowed one as a trojan horse.
     
  12. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,183
    Location:
    in a remote land :)
    by the way, when ReHIPS is installed it disable Windows Defender
     
  13. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    Ya, but i don't understand why " If allowed and restricted applications were started on the same desktop and DESKTOP_HOOKCONTROL access right was set for the restricted application, then the restricted application can set window hooks on the allowed application's windows " .
     
  14. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,183
    Location:
    in a remote land :)
  15. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    ReHIPS doesn't use virtualization, so it's not a Sandboxie clone. Maybe ReHIPS can be used in conjunction with Sandboxie though?
     
  16. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Hi MrBrian, when you first install Sandboxie, it comes with one sandbox and you are allowed to create and use more than one sandbox. You can set each of them as you wish. But in the free version you just cannot use multiple sandboxes at the same time.

    Bo
     
  17. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,183
    Location:
    in a remote land :)
    from my one day use of it (i know it is not much ^^) it's look like Defensewall
     
  18. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    Looking at the manual it looks for me similar to SysWatch (Safe'n'Sec) but based mainly on system features...and unfortunately like SW causes some problems right from the beginning. I wasn't able to properly install that app and instead of app's window I saw only error-popup that HIPSGui32.exe and RulesPack32.exe are unable to execute.
    The message inside means in shortly that:
    - system can not verify digital signeture of this file
    - that file perhaps is not properly verified or is corrupted...
    - or file is just malware from unknown source
    reHIPS2.jpg reHIPS3.jpg

    The error code 577 can also means that ReHIPS can be not compatibile with Vista :(
     
  19. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,183
    Location:
    in a remote land :)
    i installed it in both VM and real system, it works well on both.
     
  20. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    And what about other loggers?
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    Yes I know, but I don´t really think that you need reHIPS, Sandboxie already does this stuff, and is way easier to use and understand. :)
     
  22. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    It is like AppArmor on Linux, it has rules to restrict an application with all Vista introduced security mechanisms. It is the re-incarnation of GeSwall for Windows 7 (does not seem to run on Vista) and higher. :thumb: Like Chrome's sandbox uses Windows internal mechanisms, only configurable :thumb::thumb::thumb:

    AppGuard uses its own mechanisms and focusses on intercepting the most used vectors of an intrusion.

    I will definitely try it when it is out of beta, but will only be using it for my internet facing aps (and PDF reader).
     
    Last edited: May 29, 2014
  23. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047

    Thanks for the info

    Pete
     
  24. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,211
    You said: AppGuard uses its own mechanisms and focuses on intercepting the most used vectors of an intrusion.
    But does AppGuard focus and protects by intercepting and blocking less used and all other used vectors of an intrusion?

    And doesn't an software, security application using its own security mechanisms (like AppGuard and DefenseWall), actually give/provide more security than all those software, security applications which rely on windows security mechanisms (like Chrome, Sandboxie4-someone mentioned this above, GesWall, ReHips and etc.), since all windows are full of security holes?
    Big thanks.
     
  25. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,183
    Location:
    in a remote land :)
    ReHIPS enhance those mechanisms without involving "flawed" kernel hooks as old style HIPS does.