Recent Posts

91

ReHIPS / Re: Air vpn

« Last post by Denis on July 30, 2018, 09:20:11 am »

Eddie version: 2.15.2
Eddie OS build: windows_x64
Eddie architecture: x64
OS type: Windows
OS name: Windows 10 Pro
OS version: Microsoft Windows NT 10.0.17134.0
OS architecture: x64
W 2018.07.30 07:51:37 - Recovery. Unexpected crash?
Rehips 2.4.0
Installing and rebooting is all i have to do for reproducing it. i am on the vpn on this moment and leaking. https://browserleaks.com/ip

92

ReHIPS / Re: Air vpn

« Last post by fixer on July 30, 2018, 07:05:04 am »

Hello, Denis. Thank you for your interest in our product and welcome to our forum.

Just to make sure we're on the same page.
What OS do you use, Windows 10 Pro x86 or x64?
Air vpn 2.15.2? x86 or x64?
What ReHIPS version do you have, 2.4.0?

I guess your IP leaks because air vpn is crashing. How does it happen? Any particular steps to reproduce it?

93

ReHIPS / Air vpn

« Last post by Denis on July 29, 2018, 11:52:20 pm »

Not sure if i am doing it ok. Installing air vpn in learning mode. Check. Putting it in standard mode. Rebooting. All fine. But after next reboot always the same problem. My real ip is leaking.  Also air is crashing. W 10 pro with shadow defender and emisoft anti maleware. I am using the last stable version of Air.  Any simple step by step would-be great.  Thank you for your time.

94

Developers' Blog / Re: [FAQ] ReHIPS installer

« Last post by fixer on July 29, 2018, 09:07:01 pm »

You mean for example your set of rules for programs? The short answer is no.

You see, .rdb file contains more information which isn't stored in ReHIPS.xml. For example in .rdb file you can indicate that this program should be looked for in installed programs, take path from there and append file name like photoshop.exe. In .xml file it's just plain C:\Program Files\Photoshop\photoshop.exe and you have no idea where it was taken from. Even if you take that path as is, it'll fail on another PC where it's installed for example in C:\Program Files\Photoshop 10.0\photoshop.exe. So it's a one-way process, you can get .xml from .rdb, but not the other way.

95

Developers' Blog / Re: [FAQ] ReHIPS installer

« Last post by shmu26 on July 29, 2018, 05:25:15 pm »

2. Installed rules. These are already installed rules. They're kept in ReHIPS.xml file. These rules are valid for the PC they're installed to only and can't be moved to any other PC.

Just wondering is there a way to take my settings from the .xml file and put them in the default.rdb file?

96

Developers' Blog / [FAQ] ReHIPS best practices (part 3)

« Last post by fixer on July 23, 2018, 09:51:30 am »

5. It's not recommended to execute files over the network. ReHIPS relies on file hash to make sure it's the same file that was allowed. But it's impossible to ensure proper hashing over the network. In other words one file contents may be sent when you try to hash the file (and everything may seem OK here), but when it comes to execution, completely different contents may be sent (possibly malicious). It's not just ReHIPS issue, UAC suffers from the same problem and it stems from network file operations. And there is no easy way fo fix it.

6. Keep all your private data in user profile folder. By default Windows tries to provide security. That's why it suggests you to save all your personal data in user profile folder (in folders Documents, Music, etc). It's the most secure way. Other users and isolated programs have no access to this folder, nor read, neither write. This folder is entirely yours and for you only. And no other folder is designed to be this way.

97

Developers' Blog / [FAQ] ReHIPS best practices (part 2)

« Last post by fixer on July 16, 2018, 05:13:29 pm »

3. There are a couple of "windows" when ReHIPS doesn't provide protection.
   a. ReHIPS Control Center isn't connected to Service. Unless Lock-Down Mode is enabled ReHIPS doesn't filter processes without its main GUI as it won't be able to ask user and silently blocking processes may not be a good idea. Connection to Service is usually lost because Control Center isn't running (who could have thought?) or if it's a remote connection and because of network issues. Don't forget that sometimes Windows 10 autostarts processes (including ReHIPS Control Center) with a delay, so it'll probably be a good idea to enable Lock-Down Mode without GUI.
   b. ReHIPS Service is down. Service does all the filtering and heavy-lifting, so it should always be up. Unlike GUI ReHIPS Service is supposed to be always running, so unless you manually stop it or it violently crashes it shouldn't be much of an issue.
   c. Initial rules are being installed. When ReHIPS is installed or when a new user logs in for the first time, ReHIPS installs initial rules. Until these rules are completely installed ReHIPS doesn't filter processes as we don't want to block something critical.

4. Make sure you check alerts before allowing them. ReHIPS supports unicode. So on one hand it has no problems with file names in different and exotic encodings. And on the other hand it's susceptible to unicode-based spoofing. One of them is right-to-left mirroring. For example unicode has a control character 0x202e, it's invisible to the eye, but mirrors the remaining part of the string. So file with real name pic#gpj.exe which has this control character in place of # will visually look like picexe.jpg . It may confuse inexperienced users making them believe it's a harmless picture while it's an executable file. Or for example letter "o" may look exactly the same in english and russian encodings, so file like svchost.exe with russian "o" will visually look the same while it's not standard svchost.exe. It's not possible to filter all these tricks automatically, so keep your eyes opened and don't just click Allow in alerts getting bored.

98

Developers' Blog / [FAQ] ReHIPS best practices (part 1)

« Last post by fixer on July 10, 2018, 09:09:40 am »

In this series of blogposts I'll try to outline ReHIPS best practices. ReHIPS is a security product. And like any other security product, no matter how perfect it is, it won't automatically make you completely secure and won't let you fly and deflect bullets. It provides you a way to make your PC safe and secure, very safe and really secure. But it's up to you whether to follow this way or not as sometimes to achieve high security a sacrifice of usability has to be made.

1. Keep your Windows updated. It's the first and one of the most important requirements. It's generally a good idea to keep all your software up-to-date, but it's not that important for ReHIPS isolated software. ReHIPS relies on built-in mechanisms and though it can mitigate many threats on its own, having a vulnerable OS is a high risk, so don't forget to update it or setup the autoupdate. It's also a good idea to update non-isolated programs or privileged software like drivers or services.

2. Customize installed initial ReHIPS rules. ReHIPS installs initial rules looking at the list of installed software. And there is no way to be 100% sure that for example it's indeed Chrome listed under Chrome installed item. So it's always best to manually check installed rules. Besides initial rules are intended for an average PC, so if you want to build a tight security, some rules should probably be blocked like telemetry programs. Most rules can be tightened like specifying a limited set of children and blocking or at least alerting about other child processes. Take your time and tighten them, it'll pay off in the end.

99

Developers' Blog / [BUG] Shell actions and isolated processes

« Last post by fixer on July 04, 2018, 09:07:16 am »

Some shell-related actions may fail for isolated processes. For example, directory change notifications in select file dialogs. Then contents of the directory are changed, but visually they remain the same and have to be manually updated. On low-level the issue is in SHChangeNotifyRegister API function. Or for another example SHChangeNotify API function doesn't notify OS about events. Or for another example AddJob doesn't add printing tasks. All these functions try to communicate with explorer.exe process calling SHAllocShared. This call will fail because of security and isolating restrictions.

100

Developers' Blog / Re: [FAQ] ReHIPS installer

« Last post by Tarnak on June 28, 2018, 10:55:39 am »

Thanks.  ...It must have been the last option that I was seeing, because it went on for few seconds. Usually, when I see a console window it is for a very brief time. Almost, like just a flash, and it is gone!