Well, looks like you know me pretty well, because I'm not amused by what I'm reading about the way ReHIPS works. Also, I've looked at the screen-shots posted by guest, and it looks a bit too complex, even though you probably not have to tweak these settings all of the time. But that's what I meant with security vs usability and convenience. There has to be a balance. And the fact that it's not using any user-mode hooks, doesn't mean a lot to me.
yes like sandboxie it is why, we testers, had bombarded them with tons of usability recommendations. The ReHIPS devs are security geeks and paranoids , so they first designed ReHIPS for the same kind of users hence its complexity (it is why im not so disturbed by it, in fact i like this ). the security aspect is actually 90% done, all their work now is oriented on usability and user-friendliness without sacrificing security.
That's routine functioning of an Anti-Exec. Thank you. Yeah! I was missing that point! Thank you! Again I see that's work of an Anti-Exec. I see you mean before allowing a process to start ReHips checks if the allowed process isn't changed. Yes, bingo! I meant exactly this. So this scenario isn't possible without alerts. Please answer this question: Is this routine work of any Anti-Exec like VoodoShield or NVT ExeRadar Pro or Comodo's AutoSandbox or Windows inbuilt Applocker and SRP? Actually this question in bold font intrigues me greatly. Because if an Anti-Exec provides this kind of protection then I can do without HIPS using an Anti-Exec only. Thank you.
i used ReHIPS with : - Sandboxie : no issues except if you try you run an apps that is protected by both (browsers, etc...); you have to disable the isolation of one of them just for the launch of the app. - Appguard : no issues, just add some of ReHIPS executables to AG Power Apps - NVT: i dont remember any issues at that time. - VS : actually using both together , no issue at the moment, ReHIPS react before VS. for Comodo and Applocker, no ideas, i dont use them
It is an AE. You can allow or deny processes. Any process that is trusted, you can whitelist and set to allow. For example, ReHIPS blocked my Cyberfox and Microsoft Office programs by default and I had to whitelist them as trusted to get them working again.
My MS office programs aren't blocked; MS Office programs should run isolated by default , the initial Rule Pack should create an IE for Office and Outlook (see screenshot) ; they shouldn't be blocked.
I think it is like Core force firewall if anyone remembers. Lot if options and very granular control but it needs months to set it up. Practically useless as no one has this much time and patience. It is only practical if they place a default set of pre-made HIPS rules there with minimum po ups.
ReHIPS is a HIPS. HIPS can be configured to essentially behave as an anti-exec -- either by user created policies or using built-in settings. Just like NVT ERP -- which technically is a basic HIPS. ReHIPS does not use a sandbox; it uses a container that employs Windows' built-in protection mechanisms - the isolation of user profiles.
For basic users, it took 5mn to set it up. The advanced options you are mentioning are for advanced users who want customize their rules. Any HIPS is similar (Comodo, ESET, etc...), lot of options available that need to be learned. During installation , you have an initial rule pack, with rules for the most common used softwares. This pack is updated at each new build. Please inform yourself about a product before saying incorrect statements. Seems that you have not tried ReHIPS or took enough time to read/learn the basics about it.
Learning followed by Standard mode will provide good system safety - if your system is clean prior to installation of ReHIPS.
Hi guest That is pretty good advice. The product he stated about that wasn't Rehips, it was the Brothersoft program. We all need to be more careful and tolerant. Pete
@Peter2150 i know he talked about Core , i would say nothing if his comparison and remarks were correct, but it is not. I don't meant to offend him, sorry if it s perceived as such, just pointing the incorrect elements he said. i will edit my post to make it less "offensive".
Yes I never used ReHIPS but sure will try it later. If it has a basic set profile loaded by default and provides good security then it's really good and easy to use.
It is a very good program, still in beta actually , the actual build lack of user-friendliness but the next build will be far better.
Well, it doesn't look like it's my cup of tea. But I'm sure from a pure technical point of view it offers pretty good security.
@SHvFl @guest I have isntalled this software over the weekend. And 2 days, the system is running smoothly. Nothing to report. Tried to install one software the other day in IE directly, however ran into a quirk. However members at the re-crypt forum are very helpful. (though did not get a chance to test that particular software yet) However, i got a quick and basic question, can you please clarify the same - - Was upgrading FF v47 to v48. And upgraded seamlessly. No peeps here. Good. - However trying to update Flash plugin, the installer did terminated after starting (clicked from FF download panel). So, wondering what should i click Run in Rehips DeployHelper or Run in Rehips DeployHelper as Adminstrator or Run as Adminstrator Any help here appreciated. Thanks.
let's say I install ReHIPS at default settings, but then I go and delete the whole list of isolated programs, thus all my browsers and PDF programs are running unisolated. (why would I do that? just because it's so much more convenient and user-friendly to run programs uninsolated!) Question is: what protection do I have left? Is the HIPS alone a credible form of protection? Will it function sort of like NVT ERP, even without isolation? Or am I missing the boat if I do this?
okay, so how good is it as a regular hips program? Let's say I go and delete the whole list of trusted vendors. Will that turn it into an effective anti-executable?
