Paid version is really only necessary for isolating a multi-process browser such as Chrome+extensions. On Windows 10, Chrome is pretty secure out-of-the-box, and if you enable a few flags, you are even safer.
PaleMoon is a good solution for a single-process browser: http://www.palemoon.org/ It's based on pre-Quantum Firefox, open source and still actively developed
We don't hear much about exploits on updated versions of Chrome or Firefox these days. If anyone has heard about such a thing happening in the last couple years, please link me to the story. So it is not a must to isolate Chrome or Firefox, IMO. Unlike Sandboxie, ReHIPS does not isolate your browser's downloads. True, it will not put them in real user space, but if you go and execute the downloaded files, they will not run isolated by default. So downloads is not a strong reason to isolate a browser.
So, what SW would you suggest to run isolated by default? Office-like? E-mail? What's Chrome flags would you suggest to enable for stronger security? Thanks
The most important to isolate, IMHO: Office apps, especially MS Office. PDF apps, especially Adobe. Any browser that is not modern or does not receive the latest updates. As for Email clients, I would isolate them, even though I haven't heard much lately about such exploits. Ideally, you should isolate any and all internet-facing apps, if you can. There is a chrome flag for "Enable AppContainer Lockdown", and another one for "Enable GPU AppContainer Lockdown". Those are the flags that help to isolate Chrome from the local system. There are other flags to harden Chrome, but this is not the thread to discuss them. Maybe @guest can weigh in on your questions, he should have some good insights
I don't think so. It used to register? That's funny, because it is not an AV or a firewall, I don't know why it should register.
I read it on MalwareTips, but it was at the early stage of ReHIPS development: https://malwaretips.com/threads/reh...kernel-hooks-quick-test-included.27453/page-2 Post #23
That's interesting. I don't think it does that anymore, but guest should be able to tell us for sure. I never saw that it disabled Windows Defender, and when I ran it with a third party AV, I never saw it listed by Windows as an AV.
Hello everyone. There was a blogpost with recommendations on what programs should be isolated, here https://forum.rehips.com/index.php?topic=9542.0 Yes, ReHIPS did register in Windows Security Center as antivirus and antispy. But later (from ReHIPS 2.2.0) we decided to remove it as other AVs like Defender may act like: ah, they already have an AV, I'll do nothing then. Best Regards, fixer.
Which is the definition of sandboxed downloads...so ReHIPS does isolate downloads. By default and based on its rules: 1- if executed from the isolated browser (aka "open" function in browsers), the file can't run. 2- if executed manually from ReHIPS' container or ReHIPSuserX, the option to allow/isolate/block the exe is offered. However you can play with the settings to prevent execution from the container or download folder. Sandboxie automatically isolate any files run from its container, it is why Shmu think it is isolated download, if you create manually a file in the container of sandboxie and run it, the result is the same, the file is ran isolated. So in the case described by Shmu about sandboxie, it is not isolated download but isolated folder. which is wrong based on the demonstration above. You won't like drive-by Downloads.
I am not putting down ReHIPS, just pointing out a difference in default behavior, as compared to Sandboxie. In SBIE, I download Riskiware.exe, go to the download location, click, and it runs in sandbox. In ReHIPS, I download Riskiware.exe, go to the download location, click, and I get the same prompt I would see if I was running it from real user space. It is not isolated by default. This is okay, because ReHIPS handles the unknown file with anti-exe (SBIE can't do that, so it sandboxes instead). But bottom line, it is the same behavior as when I didn't isolate my browser in the first place.
This is the key point in my opinion. If I have to follow this recommendation: I should isolate nearly everything. But the good point of ReHIPS is that it can alert the user before isolating stuffs
example, for my Chrome IE: C:\ReHIPS\Browser is (by default) where you should download the file from your browser; but personally i setup for the Chrome IE access to 2 other folders (downloads/uploads) Then the isolated Chrome will not be able to execute downloaded files (because X is denied) , just read and write. (R = read, W = Write, X = execute). This is the true power of ReHIPS, and the reason why i love it, you have a lot of options concerning object permissions and Privileges.
everything known as attack vectors (internet facing apps, docs readers, medias players, etc...) it is why i love it. Waited for such programs since years.
Yeah, it's like Comodo Firewall with the option to prompt before sandboxing apps and without the bothersome kernel hooks (problems with Windows updates). And it's also a great UAC replacement, since you can't whitelist apps in the UAC. I was thinking to try: K9 Web Security to avoid risky websites Light traditional AV (such as Panda) to get rid of known malware ReHIPS to replace the UAC, perform a pre-exe check and add the option to run stuffs isolated in case of doubts NVT OSArmor as post-exe check, just in case of user mistake
Comodo makes it totally easy to sandbox an unknown. It just happens by itself. With ReHIPS, if you want to isolate an unknown, you need to go through a few windows and make a few decisions. First you need to decide if it will run in an existing IE, and if so, which one? If you want to give it a new IE, you need to set the rules (or just go with the default rules, not so bad )
yes the comodo sandbox is simpler, it was never intended to be the main protection, it is supposed to be the auto-sandbox and the HIPS. looks good, without overlapping features. But i won't disable UAC.