ReHIPS

Discussion in 'sandboxing & virtualization' started by MrBrian, May 24, 2014.

  1. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,464
    Location:
    Location Unknown
    I finally have it installed, and I've had a bit of time to play around with it. As best I can tell it's kinda like a hybrid of Sandboxie and VoodooShield; having both virtualization and restrictions based on ratings. Is that more or less accurate? I've been trying to find out how to best get started with it, to see it's something I want to use, by watching youtube videos. Does anyone know where I get get a starters guide?
     
  2. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,046
    Location:
    Europe then Asia
    There is no rating, it is application control & sandboxing based on rules.
    Only some basics programs/process allowed/isolated by default. then the user,based on the chosen mode, has to answer prompts or not.

    No guide yet , the best yu can do is to register in their forum, and learn over there. Videos won't tell you about all the aspect of ReHIPS.

    https://www.youtube.com/channel/UCG0BvsYENoG8JH4KTk_-dfw/feed
     
  3. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    423
    Location:
    Far East
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,039
    A PDF-file can be downloaded but it is for the old version. If ReHIPS is installed, a built-in help file is available:
     
  5. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    502
  6. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,710
    Thanks will look into this. I installed it and it loaded all the default rules. Was not sure if it protects Google Chrome out of the box. All of my extensions crashed so assume this has something to do with appcontainer being enabled in Chrome? Same thing happened when I tested EIS a few months ago.
     
  7. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,046
    Location:
    Europe then Asia
    it does.

    i have Chrome's Appcontainer enabled, no issues with Rehips.
    i had this extensions' crash, i forgot what caused it, but it happened only once.
     
  8. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    502
    Do you have the paid version of ReHIPS, or the free version?
    If the free, that's why your extensions crashed: you went over the limit of 10 simultaneous isolated processes.
    This is the big limitation of the free version: you can't run a multi-process browser in isolation, with your extensions enabled.
     
  9. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,046
    Location:
    Europe then Asia
    lol you right , i assumed he had the registered version ;)
     
  10. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    456
    Location:
    MalwareTips "Your Security Advisor"
    +10 :thumb:
     
  11. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,710
    Doh you are correct! I really need to stop testing crap when I am sleepy lol. Will pickup the paid version. When I do, is Google Chrome then Sandboxed? Wish they had a manual or something.
     
  12. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,487
    Location:
    Sweden
    Chrome is sandboxed by ReHIPS automatically. But if you should have it sandboxed or not is an entire other discussion. There are two schools; some say sandboxing Chrome might break Chrome's already flawless sandbox. Others say you add another layer and make Chrome even safer to use.
     
  13. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,710
    I was hoping for the latter since I am currently running WD and wanted some further protection on my home PC. I am sure others run Chrome Sandboxed with ReHIPS correct?
     
  14. oZone

    oZone Registered Member

    Joined:
    Jan 18, 2017
    Posts:
    26
    Location:
    Earth
    ReHIPS isolation should not interfere with chrome sandbox, as ReHIPS isolate via user profile (different mechanism than chrome sandbox)
    if we ignore restrictions the only thing that ReHIPS change is integrity level, it will set it to untrusted
    If you run chrome without isolation it will be have appcontainer level

    but IIRC currently there is no sandbox software that can isolate with appcontainer level

    I think only those who have paid ReHIPS version
    ReHIPS will provide sandbox with more restrictions than running it in SUA
     
  15. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,710
    Thanks oZone. So it is ok to run Chrome within ReHIPS and have appcontainer enabled in Chrome?
     
  16. oZone

    oZone Registered Member

    Joined:
    Jan 18, 2017
    Posts:
    26
    Location:
    Earth
    it will be fine, ReHIPS will change integrity level to untrusted so you won't get appcontainer isolation, but it should be small price as ReHIPS will isolate chrome with more restriction than in SUA
     
  17. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,710
    Great I will check into this hopefully tonight. Cheers!
     
  18. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,487
    Location:
    Sweden
    That's one of the arguments for sandboxing Chrome... no one can tell if it's the right choice though.
     
  19. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,046
    Location:
    Europe then Asia
    I will precise something which i believe is important to the understanding of ReHIPS:

    - without ReHIPS, you run Chrome with your original profile as Appcontainer Integrity Level (IL) if it is enabled.
    - with ReHIPS, you run Chrome (or another application) inside a dedicated Isolated Environement (IE). The IE is in fact a tighten "dummy" user profile (ReHIPSUser"x"), this IE is ran as Untrusted which is the safest IL available on Windows (excluding Appcontainer IL).
     
  20. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,487
    Location:
    Sweden
    Nice! Good explanation! One can see why people argue which is the better of the two (Chrome 'AppContainer' vs Chrome 'Untrusted' but double-sandboxed).
     
  21. ReHIPS

    ReHIPS Developer

    Joined:
    Aug 29, 2014
    Posts:
    24
    Location:
    Europe
    I was going to post it in out blogs subforum later. It has a separate topic for ReHIPS FAQ here https://forum.rehips.com/index.php?topic=9520.0 which some of you will find interesting. But as this discussion is here and now, I'll post it here.

    I often get questions like what's better, ReHIPS isolation or AppContainer? Does ReHIPS use this feature? Should I isolate Chrome, if it's already in AppContainer? Let's figure it out.

    AppContainer is a Windows sandbox introduced in Windows 8. In low-level details it's some security add-on on top of existing tokens and access rights.

    So what's more secure, ReHIPS isolation or AppContainer? Short answer is AppContainer. Why? Because it appeared later (Windows Vista SP 1 for ReHIPS vs Windows 8 for AppContainer), it roots deep in Windows core with more capabilities than any 3rd party software and it's more specific while ReHIPS is more wide-oriented. Though the basics they're both based on are the same. But that specificness (is there such a word?) is also a disadvantage of AppContainer. You can't just take some random program, put it into AppContainer and expect it to work. The program should be AppContainer-aware from the very beginning on the development stage. That's why ReHIPS doesn't use AppContainer feature. But as they're more secure, ReHIPS doesn't isolate AppContainer programs. But make no mistake, I don't mean Chrome or Internet Explorer here as they have some AppContainer processes, but some processes are still without isolation. I mean purely AppContainer immersive programs here.

    So what about Chrome and other AppContainer-using programs? That's a different story. To exploit them, you don't necessarily have to bypass AppContainer, sometimes it's enough to attack their communication protocol with another non-isolated process. And that's the catch. If this exploit is successful, some code with non-isolated process privileges can be executed. But if this process is ReHIPS isolated, malicious code will remain in isolation. So yes, it's a good idea to ReHIPS isolate programs that already implement AppContainer feature, but have some processes non-isolated.

    Best Regards, fixer.
     
  22. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,046
    Location:
    Europe then Asia
  23. PrinceYann

    PrinceYann Registered Member

    Joined:
    Nov 29, 2015
    Posts:
    25
    Is there a community list of applications caught by ReHIPS trying suspicious actions?
     
  24. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,046
    Location:
    Europe then Asia
    Like a malicious apps database? No. ReHIPS doesn't use Blacklisting so there is no need for it.
     
  25. PrinceYann

    PrinceYann Registered Member

    Joined:
    Nov 29, 2015
    Posts:
    25
    It could be of use for those wanting to play with the program on a VM, for example, to simulate a threat.