Recent Posts

Pages: 1 2 3 4 5 6 7 8 9 10
1
Developers' Blog / [FAQ] ReHIPS failsafe mechanisms and mitigations (part 4)
« Last post by fixer on April 14, 2019, 05:27:10 am »
7. User can always make final decision. ReHIPS does its best to protect your PC, but it's just a software, no matter how smart. So user can always override ReHIPS behavior. For example, it's possible to terminate ReHIPS processes or to stop ReHIPS service. It requires administrator rights, so don't worry, no vulnerability here. Or no ReHIPS component is loaded when Windows is booted in Safe Mode. This feature may not be used at all, but if something goes seriously wrong, you can always fix it.
2
ReHIPS / Re: ReHIPS vs Win10 Core Isolation/Memory Integrity
« Last post by Alldredge on April 13, 2019, 04:56:49 pm »
How can it be that it can't be disabled? What do you do then, reinstall Windows?
3
Developers' Blog / [FAQ] ReHIPS failsafe mechanisms and mitigations (part 3)
« Last post by fixer on March 06, 2019, 07:38:17 am »
5. Several ways are implemented to achieve the same goal. For some critical or important actions several ways are usually implemented. If the first way fails, ReHIPS tries the second and so on. Fo example to get process name ReHIPS tries to find it in internal cache at first, then it tries to resolve it by process file handle and then it resorts to getting process name by process handle. I haven't seen both 1+2 fail, but it's nice to have a third option as a backup plan. Or for example when ReHIPS deletes a file, it makes several tries. Why? File system is a shared resource, a lot of processes may work with it. For example some antivirus may be inspecting the file right the moment we try to delete it and we fail. So it's always a good idea to double check these actions. We don't want to leave any trash files behind, we want to have a clean PC, right?

6. All critical resources are secured. ReHIPS itself uses a lot of internal resources for internal purposes. For example, it uses files to store databases, lots of communication channels for different components to interface with each other and so on. All these resources are properly secured. As definitely you don't want for example isolated programs to read database with other isolated users passwords or some isolated program to interface with driver and tell it to allow all programs. As corporate ReHIPS allows remote control, this also includes securing network channel which includes authentication and channel encryption. And even with these measures isolated users passwords aren't send over the network. Because Control Center doesn't need them and just in case.
4
Developers' Blog / [FAQ] ReHIPS failsafe mechanisms and mitigations (part 2)
« Last post by fixer on February 13, 2019, 06:23:25 pm »
3. ReHIPS tries to use the latest possible mitigations. Starting with Windows 8 new mitigations are kept being introduced with each major update. They are mostly accessible via SetProcessMitigationPolicy API. Some of them are really useful and help protect processes, especially critical ones, from being exploited. As new mitigations are added, it's important to monitor them to take advantage of the latest possible protections. Besides Windows built-in mitigations ReHIPS has some of its own. For example from ReHIPS 2.4.0 elevation mitigation was added. I remember someone told me something like "what's the point of ReHIPS if isolated program can bruteforce simple user password and impersonate". Of course it's a good idea not to use simple passwords. But just in case we have this mitigation, so no non-isolated program can be started by isolated program.

4. Recovery in case of unexpected exits. Sometimes unexpected things happen. ReHIPS is ready for its processes to unexpectedly exit, doesn't matter this was a user initiated action or a violent process crash. If Service or some other engine process (like Agent) crashes, it's restarted. And each and every restarted process tries to recover its previous state. For example, Service populates the list of already running isolated programs, Agent recovers isolated desktops and isolated programs running on them and so on. Sometimes it's not possible to recover the state exactly as it was before the unexpected exit, but they do their best. So sometimes user may not even notice that some process crashed.
5
Other / Re: Hello
« Last post by fixer on February 10, 2019, 07:49:31 pm »
Reverse engineering doesn't mean it's something illegal. But yeah, some people think RE=cracking and pirating.
Revolutionary is great, I like it :)
6
Other / Re: Hello
« Last post by Mr.X on February 10, 2019, 07:41:35 pm »
You're right, "HIPS" stands for Host Intrusion Prevention System. And "Re" is up to you :) Initially it was for Reverse Engineering as we're also working in this field.
Hmm I think that could have a negative connotation, you know, for a broader market and marketing purposes.
For the latter purpose I like Revolutionary instead. Pretty much.
7
Other / Re: Hello
« Last post by Mr.X on February 10, 2019, 07:39:19 pm »
It's weird i see the same people in every location. LOL!
rofl  8)
8
Other / Re: Hello
« Last post by fixer on February 10, 2019, 03:09:47 pm »
You're right, "HIPS" stands for Host Intrusion Prevention System. And "Re" is up to you :) Initially it was for Reverse Engineering as we're also working in this field.
9
Other / Re: Hello
« Last post by aDVll on February 10, 2019, 12:07:42 pm »
It's weird i see the same people in every location. LOL!
10
Other / Re: Hello
« Last post by shmu26 on February 10, 2019, 12:06:10 pm »
  :D :D
Pages: 1 2 3 4 5 6 7 8 9 10