Recent Posts

31

ReHIPS / Re: Problem with Directory OPUS's viewer and ReHIPS

« Last post by fixer on February 12, 2020, 07:49:42 am »

It'll definitely be this year Though I don't want to name exact dates as we planned to release it earlier,but decided to add more features that required more time.

32

ReHIPS / Re: Problem with Directory OPUS's viewer and ReHIPS

« Last post by matra on February 10, 2020, 05:46:02 pm »

When please version 2.5 will be released?

33

ReHIPS / Re: ReHIPS Questions

« Last post by fixer on December 30, 2019, 05:16:05 pm »

1. There are some reasons for this. Even when ReHIPS is disabled it's useful to support already running isolated programs. By support I mean usability features like isolated desktop for example. Another reason is monitoring, even when it's Disabled, sometimes it's useful to know what started what and when. Especially in corporate environments. So killing it completely is not recommended. Besides PC resources load is minimal.

2. The question of monitoring compared with Sansboxie is covered HERE. Updating usually takes different paths depending on where the program was installed. There usually are 2 locations: Program Files (global system-wide) or in user profile folder, AppData Local or Roaming (local user-wide). In the first case for the program to update Administrator rights are required as Program Files is one of trusted locations. So to update it (or install there) you'll have to run it without isolation. Which is usually OK since most programs like Office aren't malicious by themselves and only become ones when they're exploited. In the second case Copy User Data feature comes into play. In short words, you'll have a copy of the program in the isolated environment profile folder. And it'll be updated there. But in this case the best scenario is to install it straight into isolated environment with DeployHelper.

34

ReHIPS / Re: ReHIPS Questions

« Last post by LimeKey on December 29, 2019, 09:14:45 pm »

Thank you, fixer.  I appreciate your taking the time to explain.

1.  It's good to know that the increase is a static time instead of a multiplier.  However, is there any good reason why this needs to happen at all if ReHIPS is set to Disabled?  My expectation is that if it's set to Disabled, then it should take next to zero active resources (except for memory if a service/driver needs to remain running) unless it's started up or called on via context menu.  Is there a way to configure it so that this is the case?

2.  I only used the stenography app as an example - the workflow given applies to many types of applications.  The issue with the workflow suggested is that it's not that easy if the application is getting pointed to via the registry.  For example, an application update patch.  With Sandboxie, I can let it run, then easily observe what it tried to change and selectively allow or block the addition/modification of files.  I'm not sure how I can accomplish that with ReHIPS, since copying an application folder to a ReHIPS folder won't do anything given that the registry is still pointing to the original/real location.

35

ReHIPS / Re: ReHIPS Questions

« Last post by fixer on December 29, 2019, 12:26:48 pm »

Hello, LimeKey.
Welcome to our forum and thank you for your interest in our product.

1. I guess you're referring to this blogpost https://forum.rehips.com/index.php?topic=11868.0 ? Even when ReHIPS is Disabled, it gets notified about processes starting and exiting and other things. You can notice it by logs, they keep coming. Slowing a process startup in 10 times is not entirely correct. You see, for these tests a special program for used that does nothing on startup to minimize the time it takes to start. For this program, yes, startup with ReHIPS takes 10 times more. But even in this case a single start takes for about 10ms, I don't think you'll notice this time interval or that you start hundreds of processes in a second to start noticing it. Let's return to the real world. In real world programs take some time to start, some bulky programs take more time. For example a program takes 1 second to start. With ReHIPS it'll take 1 second+~8ms=1.008 seconds to start, difference is 0.8%. So I don't think it's noticeable.

2. The most simple (and insecure) way to do this is to simply allow READ+WRITE access to the desired folder. And voila. More secure alternatives usually take more steps. For example if a program supports it, it can read from one folder, but save to some other. Or you can copy files to a ReHIPS folder and process them there. As usual, the more secure you want to have it, the less convenient it'll be. On the other hand, I doubt a steganography program will insert some scary exploit into the images and security should be tightened to the max in this case.

36

ReHIPS / ReHIPS Questions

« Last post by LimeKey on December 29, 2019, 11:09:14 am »

I've been researching ReHIPS as an alternative to Sandboxie for me, and I have a few questions.


1.  According to the FAQ about performance, it seemed to indicate that if ReHIPS is installed, but set to Disabled, applications will experience a 10-fold increase in startup time. 

Is that correct?  The FAQ seems to indicate that these are fantastic numbers, but slowing down application startup by an order of magnitude seems to be absolutely awful.  If I have ReHIPS set to disabled, why would application start times have any additional lag whatsoever? 
Or does it only refer to apps that are started in isolation while ReHIPS is set to Disabled?



2.  Some applications are designed to process existing files - for example, an application that adds/modifies stenography in images might do the following:

a.  Scan the contents of a folder to find the appropriate files it wants to modify.
b.  Copy each target file to a backup (e.g. Target.jpg to Target.jpg.BAK).
c.  Modify the target file or delete the original and add the new replacement.


If I run this type of application sandboxed through Sandboxie, then the original folder remains protected and untouched - but I can find all new/modified files in the sandbox and selectively decide which ones to bring over into the actual file system.

Is this something that I can do with ReHIPS?  If so, just how messy a process will it be?

37

ReHIPS / Re: Some questions

« Last post by fixer on December 21, 2019, 09:20:19 pm »

Could you please describe it step-by-step, what you do, what exactly you get and what you expect to get with full real paths and paths in ReHIPS. And we'll try to reproduce the issue. Thank you.

38

ReHIPS / Re: Is there a conflict with sandboxie?

« Last post by fixer on December 20, 2019, 11:47:50 pm »

You're welcome

39

ReHIPS / Re: Is there a conflict with sandboxie?

« Last post by nick on December 20, 2019, 10:14:35 pm »

Thank you for taking the time to explain

40

ReHIPS / Re: Some questions

« Last post by nick on December 20, 2019, 10:12:18 pm »

Thanks for clarifying all of these. About the asterisks I'm not sure where exactly is the problem. It happens when I use scoop isolated and tries to execute git:
the path is ...\scoop\apps\git\2.23.0.windows.1\cmd\git.exe (with 3 more parent folders without any space or special characters). Any combination of asterisks, even exactpath\*.exe is not working, I get a popup window asking what to do with git.exe of the above path. If you don't get the same result for a path like that I can explain with all details under what conditions it happens for me (the rule is to open it in the same isolated environment)