The manual looks pretty good. Processes can be either restricted or unrestricted. Various restrictions can be applied to a restricted process. The free version, as of v1.1.0 Beta, is limited to 10 restricted processes.
Some restrictions that can be applied to a process are: Don't allow network access Restrictions on ability to create child processes Disallowing execution of the process itself Restrictions on what file/folder and registry objects can be read, written, or executed by the process Restrictions on operating system rights that are given to the process Integrity level that the process runs as Run process on a separate desktop for better security Looks like a neat concept. I might try this program .
The manual does indeed look interesting, and you can learn a lot about security mechanisms in the Windows OS, I will read it tomorrow. But I must say that it´s looking too complicated, not my cup of tea. How I would design a HIPS: https://www.wilderssecurity.com/threads/hips-vs-man-in-the-middle-mitm-malware.362783/#post-2370060 https://www.wilderssecurity.com/threads/hips-vs-man-in-the-middle-mitm-malware.362783/#post-2370061
I don´t know about AG, but if I´m correct Sandboxie v4 is also using security mechanisms of the Windows OS, combined with virtualization in order to restrict and isolate apps from the real system. The difference is that SBIE is a lot less complex than ReHIPS. IMO these guys totally missed the mark.
The free version of Sandboxie has just 1 sandbox, right? If so, then the free version of Sandboxie has just one set of restrictions for file/registry access, right?
just tried it in Vbox and put some screenshots http://malwaretips.com/threads/rehi...-hooks-quick-test-included.27453/#post-199681
Separate desktops are necessary to prevent "sandbox escaping" using windows hooks. If allowed and restricted applications were started on the same desktop and DESKTOP_HOOKCONTROL access right was set for the restricted application, then the restricted application can set window hooks on the allowed application's windows and possibly execute arbitrary code in the context of allowed application May be that I don't understand, but where is the security if it works in this way ?
i believe the security is to prevent the restricted apps to set hooks via the allowed one nullifying the use of the allowed one as a trojan horse.
Ya, but i don't understand why " If allowed and restricted applications were started on the same desktop and DESKTOP_HOOKCONTROL access right was set for the restricted application, then the restricted application can set window hooks on the allowed application's windows " .
ReHIPS doesn't use virtualization, so it's not a Sandboxie clone. Maybe ReHIPS can be used in conjunction with Sandboxie though?
Hi MrBrian, when you first install Sandboxie, it comes with one sandbox and you are allowed to create and use more than one sandbox. You can set each of them as you wish. But in the free version you just cannot use multiple sandboxes at the same time. Bo
Looking at the manual it looks for me similar to SysWatch (Safe'n'Sec) but based mainly on system features...and unfortunately like SW causes some problems right from the beginning. I wasn't able to properly install that app and instead of app's window I saw only error-popup that HIPSGui32.exe and RulesPack32.exe are unable to execute. The message inside means in shortly that: - system can not verify digital signeture of this file - that file perhaps is not properly verified or is corrupted... - or file is just malware from unknown source The error code 577 can also means that ReHIPS can be not compatibile with Vista
Yes I know, but I don´t really think that you need reHIPS, Sandboxie already does this stuff, and is way easier to use and understand.
It is like AppArmor on Linux, it has rules to restrict an application with all Vista introduced security mechanisms. It is the re-incarnation of GeSwall for Windows 7 (does not seem to run on Vista) and higher. Like Chrome's sandbox uses Windows internal mechanisms, only configurable AppGuard uses its own mechanisms and focusses on intercepting the most used vectors of an intrusion. I will definitely try it when it is out of beta, but will only be using it for my internet facing aps (and PDF reader).
You said: AppGuard uses its own mechanisms and focuses on intercepting the most used vectors of an intrusion. But does AppGuard focus and protects by intercepting and blocking less used and all other used vectors of an intrusion? And doesn't an software, security application using its own security mechanisms (like AppGuard and DefenseWall), actually give/provide more security than all those software, security applications which rely on windows security mechanisms (like Chrome, Sandboxie4-someone mentioned this above, GesWall, ReHips and etc.), since all windows are full of security holes? Big thanks.