[FAQ] ReHIPS system requirements and performance

Started by fixer, September 17, 2018, 10:15:26 AM

Previous topic - Next topic

fixer

Let's take a look at ReHIPS system requirements and then move to performance to find out how fast it can be. Keep in mind that all these numbers are approximate due to the volatile nature of measured properties. They were taken for the latest stable release ReHIPS 2.4.0 unless explicitly stated otherwise running on Windows 10 x86 version 10.0.17134.1 in a virtual machine.

At first disk space requirements:
-installer file is about 35Mb; it includes both x86 and x64 builds;
-installed ReHIPS occupies about 65Mb of disk space, most of which (~90%) are standard runtime libraries; so the ReHIPS code itself is about 6Mb.

Let's move to network requirements and usage for ReHIPS Corporate Edition which is able to operate remotely via network:
-it can satisfiably work with 64 kbit/s network connection with 15% packets loss; it generates for about 400-600Kb of traffic per hour.

Now let's take a look at RAM memory usage:
-ReHIPS usually has 3 processes running: Service, Agent and Control Center that use around 4Mb, 1Mb and 22Mb of RAM respectively; so it roughly uses 27Mb of RAM; it can also operate in so-called "headless mode" with no Control Center running, in this case 5Mb of RAM is used.

And last, but not least, some performance numbers.
There is an internal benchmark.exe that simply starts 100 instances of itself and tells how much time it took. Some numbers for the latest stable release ReHIPS 2.4.0:
100-300ms   - no ReHIPS at all;
1000-1100ms - Disabled ReHIPS, no Control Center running;
1500-1600ms - Expert+Lock-Down Mode, no Control Center running;
2600-2700ms - Expert Mode with Control Center running.

And now some numbers for the latest unreleased yet ReHIPS 2.5.0 alpha.
Expert Mode with Control Center running, process itself allowed, parenting is allowed with children inspection, all entries are in permanent database. It basically means all checks are made by maximum and nothing is skipped.
1500-1600ms - with 1 processor.
800-900ms   - with 2 processors.
700-800ms   - with 2 processors, 2 cores each=4 cores.
It means that Windows starts a process in ~2ms and ReHIPS does a full and complete check in ~8ms.

Can your security solution beat these numbers?