Recent Posts

Pages: 1 2 3 4 5 6 7 8 9 10
1
Developers' Blog / [FAQ] ReHIPS failsafe mechanisms and mitigations (part 2)
« Last post by fixer on February 13, 2019, 06:23:25 pm »
3. ReHIPS tries to use the latest possible mitigations. Starting with Windows 8 new mitigations are kept being introduced with each major update. They are mostly accessible via SetProcessMitigationPolicy API. Some of them are really useful and help protect processes, especially critical ones, from being exploited. As new mitigations are added, it's important to monitor them to take advantage of the latest possible protections. Besides Windows built-in mitigations ReHIPS has some of its own. For example from ReHIPS 2.4.0 elevation mitigation was added. I remember someone told me something like "what's the point of ReHIPS if isolated program can bruteforce simple user password and impersonate". Of course it's a good idea not to use simple passwords. But just in case we have this mitigation, so no non-isolated program can be started by isolated program.

4. Recovery in case of unexpected exits. Sometimes unexpected things happen. ReHIPS is ready for its processes to unexpectedly exit, doesn't matter this was a user initiated action or a violent process crash. If Service or some other engine process (like Agent) crashes, it's restarted. And each and every restarted process tries to recover its previous state. For example, Service populates the list of already running isolated programs, Agent recovers isolated desktops and isolated programs running on them and so on. Sometimes it's not possible to recover the state exactly as it was before the unexpected exit, but they do their best. So sometimes user may not even notice that some process crashed.
2
Other / Re: Hello
« Last post by fixer on February 10, 2019, 07:49:31 pm »
Reverse engineering doesn't mean it's something illegal. But yeah, some people think RE=cracking and pirating.
Revolutionary is great, I like it :)
3
Other / Re: Hello
« Last post by Mr.X on February 10, 2019, 07:41:35 pm »
You're right, "HIPS" stands for Host Intrusion Prevention System. And "Re" is up to you :) Initially it was for Reverse Engineering as we're also working in this field.
Hmm I think that could have a negative connotation, you know, for a broader market and marketing purposes.
For the latter purpose I like Revolutionary instead. Pretty much.
4
Other / Re: Hello
« Last post by Mr.X on February 10, 2019, 07:39:19 pm »
It's weird i see the same people in every location. LOL!
rofl  8)
5
Other / Re: Hello
« Last post by fixer on February 10, 2019, 03:09:47 pm »
You're right, "HIPS" stands for Host Intrusion Prevention System. And "Re" is up to you :) Initially it was for Reverse Engineering as we're also working in this field.
6
Other / Re: Hello
« Last post by aDVll on February 10, 2019, 12:07:42 pm »
It's weird i see the same people in every location. LOL!
7
Other / Re: Hello
« Last post by shmu26 on February 10, 2019, 12:06:10 pm »
  :D :D
8
Other / Re: Hello
« Last post by Mr.X on February 09, 2019, 11:14:58 pm »
Question for fixer:

What does ReHIPS stand for?
Perhaps Revolutionary Host Intrusion Prevention System?
 ;D
9
Other / Re: New users
« Last post by shmu26 on February 06, 2019, 05:38:37 pm »
Welcome, @dinosaur07 !
10
Developers' Blog / Re: [FAQ] This annoying yet secure separate desktop
« Last post by fixer on February 04, 2019, 05:19:57 pm »
Security is based on three big whales: confidentiality, integrity, availability.

Isolated hooks vs Separate desktop is basically Usability vs Security. Having an untrusted program on the main desktop introduces some threats like possible screenshots or sometimes intercepted pressed keys. It doesn't affect integrity and availability, but may affect confidentiality. I know, with blocked network access it's quite far fetched that it can communicate with some other isolated program with network access. So for 99.99% it should be OK. For the rest 0.01% totally paranoid separate desktop is always there :)

But it should be set by user. We can't deny network access in initial rules as it may result in blocked cloud communication.
Pages: 1 2 3 4 5 6 7 8 9 10