Isolated apps and system resources

Started by shmu26, August 12, 2017, 10:04:23 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

shmu26

August 12, 2017, 10:04:23 PM Last Edit: August 12, 2017, 10:08:49 PM by shmu26
This question grew out of an unresolved discussion in the thread on the MT forum.
We were comparing the isolation of ReHIPS to the sandboxing of Sandboxie, in an attempt to understand how ReHIPS works.
https://malwaretips.com/threads/rehips-an-hips-sandbox-without-kernel-hooks-quick-test-included.27453/page-38#post-661404

So, basically, SBIE at default settings does not limit the access of sandboxed apps to system resources. It just redirects the writes to a virtualized and contained environment.

How does the behavior of ReHIPS compare, in this respect? How does it limit the access of isolated apps to system resources, besides the total blocking of access to real user space?


fixer

#1
August 13, 2017, 04:19:01 PM
I don't think disclosing internals of other software like SBIE is correct from moral point of view. So I can't post about SBIE here, what weaknesses it has, vulnerabilities, etc. But I'll write about ReHIPS.

I started posting a series of blogposts about default file system access any isolated program has. The first part is here So where do isolated programs have access to (part 1)? So I think these series should cover the question of file system access, stay tuned :) Other resources access may probably be covered next.
Print
Go Up Pages1
User actions