Ask Questions Here - ReHIPS Features & Unexpected Behaviors

Started by HJLBX, April 11, 2016, 01:56:50 AM

Previous topic - Next topic

aDVll

Quote from: XhenEd on June 21, 2016, 11:08:52 AM
Is it always slow when creating a new isolated environment?

As an example, when I create an isolated environment for Chrome and Copy User Data is checked, it would take about 2-3 minutes to launch, then it would hang for about 1-2 minutes, then all would be good to go. So, approximately, creating a new isolated environment takes about 5 minutes before it can be used.

My laptop has HDD, not SSD. So, expect relative slowness. :)
My Chrome profile folder is 700MB and it's small files so a few min sounds about right on an hdd. Especially if you have a slow 5400rpm drive. I am pretty sure it's not rehips issue tbh because on my ssd it takes only a few seconds.
Maybe others can confirm it's slow and my pc it's just a fluke.

fixer

Chrome (and chrome-forked) browser can be installed in 2 ways: in Program Files (actually this one is preferable) and in real user home directory. If there are some files in real user home directory that program needs, they should be copied to ReHIPS user profile directory as isolated programs don't have any access to real user folders. So if Chrome was installed at second location... well, there'll be some lag at first start/RulesPack rules installation. Anyway it only happens at first time, so it shouldn't be too bothersome.

XhenEd

Quote from: fixer on June 21, 2016, 09:27:32 PM
Chrome (and chrome-forked) browser can be installed in 2 ways: in Program Files (actually this one is preferable) and in real user home directory. If there are some files in real user home directory that program needs, they should be copied to ReHIPS user profile directory as isolated programs don't have any access to real user folders. So if Chrome was installed at second location... well, there'll be some lag at first start/RulesPack rules installation. Anyway it only happens at first time, so it shouldn't be too bothersome.
Mine is installed in the Program Files directory. Yes, it only happens at the creation of the isolated environment.

I presume that there are plans for making this easier and manageable, right? It's because how about the situations where the isolated profile, for example the browser's profile, gets infected? It needs to be cleansed. And right now, cleansing means deleting that user profile, and creating another one from scratch, which is a hassle.

Anyway, I don't intend to intentionally infect my browser.  ;D
It's just a thought for a possible scenario.  ;D

fixer

I don't think anything can be done to make this easier. The problem is: we've got a bunch of files, they should be isolated program writable. So we have 2 options.
1. We add some element of risk by either allowing isolated program access to real user home directory or copy them, but don't delete and copy all the files on isolated environment recreation, just some. Both are security risks.
2. We copy them all and recreate also by deleting and copying all files. Takes some time, but safe from security point of view.

XhenEd

Quote from: fixer on June 22, 2016, 11:57:49 AM
I don't think anything can be done to make this easier. The problem is: we've got a bunch of files, they should be isolated program writable. So we have 2 options.
1. We add some element of risk by either allowing isolated program access to real user home directory or copy them, but don't delete and copy all the files on isolated environment recreation, just some. Both are security risks.
2. We copy them all and recreate also by deleting and copying all files. Takes some time, but safe from security point of view.
I understand, fixer.  :)
With only those two choices available, I, myself, would choose the 2nd option.

aDVll

Quote from: Noverco on June 15, 2016, 05:59:32 AM
Thank you fixer for your interest regarding the Unexpected Behaviours I have posted, I have PM you regarding sending you an email so I can attach screenshots, log etc to you as I do not know the ReHIPS Supports email address.

I have discovered an issue at times when launching Internet Explorer in the isolated desktop environment that Norton Internet Security add fails to appear.  I have provided screenshots when NIS add-on is present and missing from IE.

Also I have just discovered another issue regarding Internet Explorer loading normally (not in an isolated desktop environment).  If you press windows key and g ,you get the xbox games recorder as my testing laptop is 5 years old does not support this feature and I receive an error message - "Sorry this pc doesn't meet the hardware requirements for recording clips learn more"  if I click on learn more Internet Explorer is launched normally - not within the isolated desktop? should this happen?  screenshot provide in post.

Also I have not tested yet but when launching Internet explorer and does not auto switch to the isolated desktop I mentioned in my previous post, could be the result of Malwarebytes Anti-Exploit free, not sure as yet when I have time I shall test.
Hi novero after Fixer figured out the issue is on Norton side i went ahead and tried to allow it from within settings.
Here is the fix but note i didn't have time to test it a lot but it seems to work even after a lot of restarts. Will do some more testing tomorrow on some other vm's though to make sure. If you want to try it now here are the steps and remember after you change the settings please restart the computer. Norton doesn't seem to accept the changes before a restart.
http://i.imgur.com/kS7Rw5y.gifv

EDIT: I couldn't test the vault though because i don't have it and i am not even sure exactly how it works. Not many info on Norton site. Note if the addon needs to communicate with norton main application to do auto complete it will not be possible because IE runs on a different desktop.

Btw you said you don't like lastpass because it stores the password online but norton does the same and doesn't even have 2 step authentication. You might want to look into it.  ;)

Safe search works though, that i tested, but i know this is now what your main concern was.

EDIT2: Tested it again on a new VM and again works so i just need someone to confirm.

Noverco

Thank you aDVll for your post and PM on the issue.  Norton add-on works so far (fingers crossed!!), but still issue that I have to manually click on the ReHIPS gadget to switch to IE (does not autoswitch to ReHIPs isolated desktop environment).  I will change Norton before I have to renew!!

aDVll

Nice. Glad it works now. Maybe the auto switching issue will get fixed with a new IE isolated environment. Let me know if it does. It will be a good information to have.

Noverco

Thank you aDVll, Wow, fantastic - After following your instructions Norton add-on (now appears) and IE now auto switches into ReHIPS isolated desktop environment, with no problems.  You have helped me tremendously:>

Norton add-on fix from aDVll quote :-

http://i.imgur.com/kS7Rw5y.gifv

IE auto switches fix from aDVll quote :-

I checked and mine autoswitched when i start IE with norton after the fix. Can you try going in rehips gui and deleting Internet Explorer isolated environment, restarting and then clicking install rules in gui to install the rules again? Hopefully this will fix the autoswitch issue.

Also I wish take the opportunity to thank fixer for the assistance, time and support looking into this issue!!!, and finding out it was a Norton issue!!!

Noverco

I would also like to give an update regarding the Norton add-on (local vault - tested) for IE.  I can now confirm since aDVll fix, that the vault (local vault) for Norton add-on works perfectly as well. 

Once you click on the vault icon on the Norton add on for IE, within in the ReHIPs isolated desktop environment you must then switch back to the normal(main) desktop as you will see the Norton identity safe screen popup asking you to enter the vault password.  Once you enter the vault password, switch back into the ReHIPs isolated desktop environment which IE is present and you can use the vault normally.

fixer

I have a couple more things to add.
I looked into autoswitching issue. ReHIPS was autoswitching to isolated desktop. But then empty desktop timeout (if isolated desktop is active and there are no visible windows on it, it autoswitches to the main desktop after 5 sec timeout) was kicking in and switching back to the main desktop. I changed this timeout for the first autoswitch to 10 sec, just in case for slow PCs, and it's still 5 sec for subsequent timeouts. This addon issue was actually a norton issue, but I increased the first timeout anyway.
Without adding ReHIPS folder in exception list, norton can cause PC to deadlock. ReHIPS is indirectly involved into this, but it's also norton issue. So it's highly recommended to either add ReHIPS folder to exceptions as aDVll suggested or disable norton auto-protection as it's the feature that causes this behavior.
And I'd like to thank aDVll for his tremendous help in debugging this and other issues.

XhenEd

Quote from: fixer on June 23, 2016, 06:59:37 PM
And I'd like to thank aDVll for his tremendous help in debugging this and other issues.
I certainly agree with this.  :) :) :)

Noverco

Thank you fixer, Its certainly good of you for the detailed investigation, time, explanation and making an adjustment for the issue with Norton and auto switching.

Yes I wholeheartedly agree with fixer and XhenEd regarding fixers quote I'd like to thank aDVll for his tremendous help in debugging this and other issues.

aDVll

Thanks guys. Anything to help if i can. It's worth it to help devs that care about users and actually check all reported bugs from all users.

fixer

Quote from: Noverco on June 14, 2016, 12:07:14 AM
Also if I click on an email via windows mail (Windows 10) should the screen briefly go blank and received an error message unable to open ......., but when I switch manually to the isolated environment the email link has been successfully loaded?
Should be fixed now.