Recent Posts

11

Developers' Blog / Re: [FAQ] This annoying yet secure separate desktop

« Last post by fixer on February 04, 2019, 05:19:57 pm »

Security is based on three big whales: confidentiality, integrity, availability.

Isolated hooks vs Separate desktop is basically Usability vs Security. Having an untrusted program on the main desktop introduces some threats like possible screenshots or sometimes intercepted pressed keys. It doesn't affect integrity and availability, but may affect confidentiality. I know, with blocked network access it's quite far fetched that it can communicate with some other isolated program with network access. So for 99.99% it should be OK. For the rest 0.01% totally paranoid separate desktop is always there

But it should be set by user. We can't deny network access in initial rules as it may result in blocked cloud communication.

12

Developers' Blog / Re: [FAQ] This annoying yet secure separate desktop

« Last post by shmu26 on February 04, 2019, 04:52:59 pm »

Thanks for this informative blog post.
Regarding MS Office, it seems to need desktop hooks, and it doesn't like running at low integrity level. But what about isolated hooks? What is the reason not to set isolated hooks for MS Office?
Isolated hooks + deny internet connection seems to be a good way to lock down MS Office.

13

ReHIPS / Re: ReHIPS vs Win10 Core Isolation/Memory Integrity

« Last post by Umbra on February 04, 2019, 03:31:48 am »

sadly the feature is way buggy, once enabled (and it does by itself) , no way to turn it off , even using reg tricks...

14

Other / Re: New users

« Last post by dinosaur07 on February 01, 2019, 08:32:57 pm »

Excellent. Seems quite good and reasonable this rule. Thanks for attention and for the warm welcome.

15

ReHIPS / Re: ReHIPS vs Win10 Core Isolation/Memory Integrity

« Last post by fixer on February 01, 2019, 07:23:57 pm »

Thanks for the heads-up. We haven't thoroughly tested these features yet, but yeah, looks like it should be completely compatible.

16

ReHIPS / ReHIPS vs Win10 Core Isolation/Memory Integrity

« Last post by Umbra on February 01, 2019, 02:02:08 pm »

hi,

Just to say there is no problem at all  , they are compatible (which isn't the case with many security apps)
It is in such situation that your design for ReHIPS by using Windows's mechanisms make all sense.

Cheers.

17

Developers' Blog / [FAQ] ReHIPS failsafe mechanisms and mitigations (part 1)

« Last post by fixer on February 01, 2019, 08:19:11 am »

There are lots of failsafe mechanisms and mitigations implemented in ReHIPS. This series of blogposts covers some of them. It's not essential to know them all, but it's always comforting to know that ReHIPS is ready for non-standard situations. Just in case.

1. All database operations use transactions. It's always sad to loose data when something enexpected happens during file write operations. Don't worry, ReHIPS uses custom made transactions, so either all changes are made into database or no changes at all, database won't be corrupted in any case. And it doesn't matter, whether these are programs database operations or settings database.

2. ReHIPS uses minimal possible privileges and access rights. For each and every action ReHIPS takes it tries to use minimal possible privileges and access rights. For example, when any handle is opened, only minimal necessary access rights are requsted. Having a service, it's possible to have and enable a lot of privileges, but only necessary ones are included. This serves two purposes: the less rights you request, the less possible it's to fail due to some filtering and denied access; from security point of view it may not be safe to run swinging a full access handle, when you only need to query limited information.

18

ReHIPS / Re: Questions about the License

« Last post by fixer on February 01, 2019, 08:16:58 am »

Hello, dinosaur07. Answered via PM.

19

Other / Re: New users

« Last post by fixer on February 01, 2019, 08:04:06 am »

Hello and welcome to our forum.
Newly registered members have some limitations: PM isn't accessible and all new posts and topics are pre-moderated. Once you have at least 1 approved post, all limits are lifted. This is to fend off spammers as there are quite a lot of them and we don't want to overcomplicate CAPTCHA or make some mind-bending questions that need to be answered before registration.
Thank you for your understanding.

20

Other / New users

« Last post by dinosaur07 on January 31, 2019, 11:54:35 pm »

Hello dear forum members!
I have a question for the community:
The new users of this forum are not allowed to PM other users until a status is assigned or something similar?
 
I wanted to PM someone and an error appeared not allowing me to create new PM.
Tried to find the guidelines or the rules to follow or something to read on this matter but i couldn`t find.
Thanks in advance for your help,