[FAQ] ReHIPS best practices (part 5)

Started by fixer, August 06, 2018, 03:55:29 PM

Previous topic - Next topic


10. Don't use Open File Access feature. This feature was already discussed in one of the previous blogposts here https://forum.rehips.com/index.php?topic=9484.0 If you want to build a safe and secure system, don't use it.

11. Keep your software number to a minimum. Each and every software may have bugs, including security ones. The problem with security software is that they usually require highest privileges possible. And it means when they're exploited, the whole system is subverted, not just a single user. And there are enough published papers showing how vulnerable some security software is, that having it installed exposes your system to a higher risk compared to a bare system without any security software at all. So the less programs you have installed and running, the less attack surface you have.

12. Move files you're working on in isolation in respective ReHIPS subfolder. ReHIPS folder was already discussed in one of the previous blogposts here https://forum.rehips.com/index.php?topic=9487.0 The best practice here is as follows. At usual times your ReHIPS subfolders are empty. When for example you download some file with an isolated browser into ReHIPS subfolder, you move it into your user profile folder right away. When you need to view or edit some document with an isolated program you move it from user profile folder (as you should keep it there along with other private data) into respective ReHIPS subfolder, view/edit it with the isolated program and move back. Bothersome? Probably. But safe and secure.