ReHIPS

Discussion in 'sandboxing & virtualization' started by MrBrian, May 24, 2014.

  1. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    Yeah, but it's a pain in the @ss... for example, I use O&O ShutUp10. Since it requires to run elevated, every time I run it, I get a UAC promt... why Microsoft doesn't add a whitelisting feature to the UAC o_O
     
  2. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,550
    So how do you run an unsigned installer, let's say you downloaded some niche app from Github or something?
     
  3. guest

    guest Guest

    First, i always install under admin account, never from SUA so i put the switch in the taskbar like this:

    reg.jpg

    this can only be done in Admin Account, on SUA the registry is virtualized.
     
  4. ReHIPS

    ReHIPS Developer

    Joined:
    Aug 29, 2014
    Posts:
    37
    Location:
    Europe
    Besides denying execution from folder you can utilize fine-grained children control. Allow some processes that are essential like chrome.exe itself for chrome to spawn children and block all other. Or block children execution from some folder by wildcard mask.

    Best Regards, fixer.
     
  5. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    By "children" do you mean only .exe files or anything launched by the parent process, for example scripts, other processes and so on?
     
  6. ReHIPS

    ReHIPS Developer

    Joined:
    Aug 29, 2014
    Posts:
    37
    Location:
    Europe
    You see, scripts aren't processes by themselves, they need someone, an interpreter, to execute them. And this interpreter must be a separate process with its own .exe file.

    In case of a browser "scripts"="separate processes with .exe file". Browsers don't interpret .bat or other shell command scripts themselves, they launch some process like cmd.exe to do it. And it'll be blocked.

    In case of script-interpreting processes like cmd.exe itself "script" won't spawn any additional processes. But ReHIPS treats these processes with more checks, also checking their command line. In case it's not whitelisted, you'll get alert. But cmd.exe doesn't download anything from the web, so it's just for the completeness.

    And ReHIPS controls processes, so basically it doesn't metter, whether it's an .exe file or some other executable file. New process=filtering.

    Best Regards, fixer.
     
  7. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    Thanks for the clarification :)
    I'm much more convinced that this process filtering is the real strength of ReHIPS, the isolation feature is a great add-on in case of doubts.
    I'll definitely try this configuration when I have time (well, when my wife gives me time :p ):
     
  8. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,550
    ReHIPS is not over-the-top paranoid about scripts, vulnerable processes, etc. It's not as paranoid as all those advanced settings in OSArmor, or the full Excubits list. It is rather designed on the assumption that the user will isolate commonly abused applications, and it has rules that are strict enough to keep everything else safe.
     
  9. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,153
    Location:
    Member state of European Union
    It also does not install dirty kernel hooks, so it should not decrease stability of a system. It's especially important with nowadays Windows as a service/rolling-release model.
    It is also not cloud-connected, so it should respect your privacy.
     
  10. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,550
    Right, it is compatible with Core Isolation, due to your first point, and it is completely independent of internet connection, due to your second point. It doesn't check your licence by internet every X number of days, or anything else.
     
  11. ReHIPS

    ReHIPS Developer

    Joined:
    Aug 29, 2014
    Posts:
    37
    Location:
    Europe
    Hello everyone.
    We recently made some ReHIPS benchmarking and reviewed requirements. May be interesting to know.

    Let's take a look at ReHIPS system requirements and then move to performance to find out how fast it can be. Keep in mind that all these numbers are approximate due to the volatile nature of measured properties. They were taken for the latest stable release ReHIPS 2.4.0 unless explicitly stated otherwise running on Windows 10 x86 version 10.0.17134.1 in a virtual machine.

    At first disk space requirements:
    -installer file is about 35Mb; it includes both x86 and x64 builds;
    -installed ReHIPS occupies about 65Mb of disk space, most of which (~90%) are standard runtime libraries; so the ReHIPS code itself is about 6Mb.

    Let's move to network requirements and usage for ReHIPS Corporate Edition which is able to operate remotely via network:
    -it can satisfiably work with 64 kbit/s network connection with 15% packets loss; it generates for about 400-600Kb of traffic per hour.

    Now let's take a look at RAM memory usage:
    -ReHIPS usually has 3 processes running: Service, Agent and Control Center that use around 4Mb, 1Mb and 22Mb of RAM respectively; so it roughly uses 27Mb of RAM; it can also operate in so-called "headless mode" with no Control Center running, in this case 5Mb of RAM is used.

    And last, but not least, some performance numbers.
    There is an internal benchmark.exe that simply starts 100 instances of itself and tells how much time it took. Some numbers for the latest stable release ReHIPS 2.4.0:
    100-300ms - no ReHIPS at all;
    1000-1100ms - Disabled ReHIPS, no Control Center running;
    1500-1600ms - Expert+Lock-Down Mode, no Control Center running;
    2600-2700ms - Expert Mode with Control Center running.

    And now some numbers for the latest unreleased yet ReHIPS 2.5.0 alpha.
    Expert Mode with Control Center running, process itself allowed, parenting is allowed with children inspection, all entries are in permanent database. It basically means all checks are made by maximum and nothing is skipped.
    1500-1600ms - with 1 processor.
    800-900ms - with 2 processors.
    700-800ms - with 2 processors, 2 cores each=4 cores.
    It means that Windows starts a process in ~2ms and ReHIPS does a full and complete check in ~8ms.

    Can your security solution beat these numbers?

    Best Regards, fixer.
     
  12. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    5,099
    Location:
    .
    Thank you very much for such efforts @ReHIPS
     
  13. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,792
    How does ReHips compare to say AppGuard Solo in terms of security and usability?
    How different are they in the way they work and protect?
    Looks interesting.
     
  14. guest

    guest Guest

    You can't compare them, one is SRP (Appguard) with memory containment, other is sandbox with application control (rehips).
    Both are very efficient on what they do, rehips need some learning.
     
  15. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,792
    OK, thanks for that.
    So it's possible that they my compliment one another, that is as long as that there are no conflicts.
     
  16. guest

    guest Guest

    This is what I used to do. There will be no conflicts, and in case of, you can add rehips processes as power apps in AG.
     
  17. guest

    guest Guest

    +1

    if you can handle an HIPS, you will find it no so difficult to use
     
  18. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,550
    An open-minded user can handle ReHIPS. The problem is for users who expect it to be a clone of another program they are used to, and when they discover that it works a little differently, they are frustrated or disappointed.
     
  19. guest

    guest Guest

    Indeed, ReHIPS offers more security than any other standalone sandboxes but you need to put some efforts to master it.
    Next beta build which will improve usability is on its way.
     
    Last edited by a moderator: Jul 31, 2019
  20. guest

    guest Guest

    To those who wonders what are ReHIPS' failsafes & mitigations: from the FAQ

     
  21. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,097
    Location:
    Canada
    The next release will be a beta, and not a final release? Just asking because I see they closed beta testing, and they haven't released a final in >1 year.
     
  22. guest

    guest Guest

    The last stable (2.4.0) was in January if my memory is good. ReHips doesn't need constant updates like other similar softs grace to using Windows own mechanism. The next one will be a beta followed by a stable as usual.
     
    Last edited by a moderator: Aug 2, 2019
  23. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,097
    Location:
    Canada
    Okay thank you.
     
  24. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,295
    Location:
    Pennsylvania.
    The first link takes me to a phishing site for gift cards.
     
  25. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    103,720
    Location:
    U.S.A.
    Fixed.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.