Yeah, but it's a pain in the @ss... for example, I use O&O ShutUp10. Since it requires to run elevated, every time I run it, I get a UAC promt... why Microsoft doesn't add a whitelisting feature to the UAC
So how do you run an unsigned installer, let's say you downloaded some niche app from Github or something?
First, i always install under admin account, never from SUA so i put the switch in the taskbar like this: this can only be done in Admin Account, on SUA the registry is virtualized.
Besides denying execution from folder you can utilize fine-grained children control. Allow some processes that are essential like chrome.exe itself for chrome to spawn children and block all other. Or block children execution from some folder by wildcard mask. Best Regards, fixer.
By "children" do you mean only .exe files or anything launched by the parent process, for example scripts, other processes and so on?
You see, scripts aren't processes by themselves, they need someone, an interpreter, to execute them. And this interpreter must be a separate process with its own .exe file. In case of a browser "scripts"="separate processes with .exe file". Browsers don't interpret .bat or other shell command scripts themselves, they launch some process like cmd.exe to do it. And it'll be blocked. In case of script-interpreting processes like cmd.exe itself "script" won't spawn any additional processes. But ReHIPS treats these processes with more checks, also checking their command line. In case it's not whitelisted, you'll get alert. But cmd.exe doesn't download anything from the web, so it's just for the completeness. And ReHIPS controls processes, so basically it doesn't metter, whether it's an .exe file or some other executable file. New process=filtering. Best Regards, fixer.
Thanks for the clarification I'm much more convinced that this process filtering is the real strength of ReHIPS, the isolation feature is a great add-on in case of doubts. I'll definitely try this configuration when I have time (well, when my wife gives me time ):
ReHIPS is not over-the-top paranoid about scripts, vulnerable processes, etc. It's not as paranoid as all those advanced settings in OSArmor, or the full Excubits list. It is rather designed on the assumption that the user will isolate commonly abused applications, and it has rules that are strict enough to keep everything else safe.
It also does not install dirty kernel hooks, so it should not decrease stability of a system. It's especially important with nowadays Windows as a service/rolling-release model. It is also not cloud-connected, so it should respect your privacy.
Right, it is compatible with Core Isolation, due to your first point, and it is completely independent of internet connection, due to your second point. It doesn't check your licence by internet every X number of days, or anything else.
Hello everyone. We recently made some ReHIPS benchmarking and reviewed requirements. May be interesting to know. Let's take a look at ReHIPS system requirements and then move to performance to find out how fast it can be. Keep in mind that all these numbers are approximate due to the volatile nature of measured properties. They were taken for the latest stable release ReHIPS 2.4.0 unless explicitly stated otherwise running on Windows 10 x86 version 10.0.17134.1 in a virtual machine. At first disk space requirements: -installer file is about 35Mb; it includes both x86 and x64 builds; -installed ReHIPS occupies about 65Mb of disk space, most of which (~90%) are standard runtime libraries; so the ReHIPS code itself is about 6Mb. Let's move to network requirements and usage for ReHIPS Corporate Edition which is able to operate remotely via network: -it can satisfiably work with 64 kbit/s network connection with 15% packets loss; it generates for about 400-600Kb of traffic per hour. Now let's take a look at RAM memory usage: -ReHIPS usually has 3 processes running: Service, Agent and Control Center that use around 4Mb, 1Mb and 22Mb of RAM respectively; so it roughly uses 27Mb of RAM; it can also operate in so-called "headless mode" with no Control Center running, in this case 5Mb of RAM is used. And last, but not least, some performance numbers. There is an internal benchmark.exe that simply starts 100 instances of itself and tells how much time it took. Some numbers for the latest stable release ReHIPS 2.4.0: 100-300ms - no ReHIPS at all; 1000-1100ms - Disabled ReHIPS, no Control Center running; 1500-1600ms - Expert+Lock-Down Mode, no Control Center running; 2600-2700ms - Expert Mode with Control Center running. And now some numbers for the latest unreleased yet ReHIPS 2.5.0 alpha. Expert Mode with Control Center running, process itself allowed, parenting is allowed with children inspection, all entries are in permanent database. It basically means all checks are made by maximum and nothing is skipped. 1500-1600ms - with 1 processor. 800-900ms - with 2 processors. 700-800ms - with 2 processors, 2 cores each=4 cores. It means that Windows starts a process in ~2ms and ReHIPS does a full and complete check in ~8ms. Can your security solution beat these numbers? Best Regards, fixer.
How does ReHips compare to say AppGuard Solo in terms of security and usability? How different are they in the way they work and protect? Looks interesting.
You can't compare them, one is SRP (Appguard) with memory containment, other is sandbox with application control (rehips). Both are very efficient on what they do, rehips need some learning.
OK, thanks for that. So it's possible that they my compliment one another, that is as long as that there are no conflicts.
This is what I used to do. There will be no conflicts, and in case of, you can add rehips processes as power apps in AG.
An open-minded user can handle ReHIPS. The problem is for users who expect it to be a clone of another program they are used to, and when they discover that it works a little differently, they are frustrated or disappointed.
Indeed, ReHIPS offers more security than any other standalone sandboxes but you need to put some efforts to master it. Next beta build which will improve usability is on its way.
The next release will be a beta, and not a final release? Just asking because I see they closed beta testing, and they haven't released a final in >1 year.
The last stable (2.4.0) was in January if my memory is good. ReHips doesn't need constant updates like other similar softs grace to using Windows own mechanism. The next one will be a beta followed by a stable as usual.