Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Software Troubleshooting
Build Security around ReHIPS 2.3 on a System?
Message
<blockquote data-quote="Recrypt" data-source="post: 701041" data-attributes="member: 22989"><p>Hello everyone and Merry Christmas.</p><p></p><p>Regarding Google and downloads. Truth to tell, I have no idea why it doesn't like us. I already posted about it here <a href="https://forum.rehips.com/index.php?topic=2032.msg16246#msg16246" target="_blank">Ask Questions Here - ReHIPS Features & Unexpected Behaviors</a> ReHIPS's served through https, certificate is OK, it's signed with a valid signature, no protectors, packers, whatsoever, no AV detections, compiler and installer are also standard and wide-spread. And I have no idea whom to write to fix this as I tried to leave tons of comments in Google webmaster feedback, but none were answered. So not sure what else we can do.</p><p></p><p>Since the question of hooking was discussed, let me copy-paste one of upcoming blogposts.</p><p></p><p><em>As you probably know, we state that "ReHIPS doesn't use rootkit-technologies (kernel-mode hooks etc.)". But some may wonder "hey, what's that HookDll32/64.dll then? I saw it was injected!". So let's talk about this a bit.</em></p><p><em></em></p><p><em>Since the dawn of time antiviruses were hooking the Windows kernel to intercept critical functions and inspect program behavior. And they'd been living happily till death in the person of PatchGuard did them part. Kernel Patch Protection (also known as PatchGuard) was introduced in Windows 2003 x64 (actually in Windows XP x64, but you can say it's based on 2003 kernel). Though it didn't stop some of the vendors from hooking the kernel (using hypervisor or some other shady stuff), it became something that is not just officially discouraged, but is actively being couteracted resulting in Blue Screen Of Death.</em></p><p><em></em></p><p><em>And what about user-mode hooks? They aren't something that is promoted, but if something can't be done without them, go ahead, use them, Microsoft even has a Detours project that helps hooking user-mode functions. And according to official Detours page "Under commercial release for over 10 years, Detours is licensed by over 100 ISVs and used within nearly every product team at Microsoft." So yeah, this thing is not that bad and dangerous like kernel-mode hooking, if it's "used within nearly every product team at Microsoft".</em></p><p><em></em></p><p><em>So what about ReHIPS? ReHIPS doesn't use any kernel-mode hooks. At all. And never has. And never will. We stand true to our statements. But yes, it does use some user-mode hooking. Why? They are for usability purposes only, no security or other potentially dangerous of important feature relies on it. For example when a process being started by explorer.exe (and that is pretty much every process you start double-clicking in explorer) is blocked, explorer complains about it and shows an error window. Injected HookDll intercepts this function in other processes like explorer and convinces them that everything is OK, no need to throw error windows. So it's purely a question of usability.</em></p></blockquote><p></p>
[QUOTE="Recrypt, post: 701041, member: 22989"] Hello everyone and Merry Christmas. Regarding Google and downloads. Truth to tell, I have no idea why it doesn't like us. I already posted about it here [URL="https://forum.rehips.com/index.php?topic=2032.msg16246#msg16246"]Ask Questions Here - ReHIPS Features & Unexpected Behaviors[/URL] ReHIPS's served through https, certificate is OK, it's signed with a valid signature, no protectors, packers, whatsoever, no AV detections, compiler and installer are also standard and wide-spread. And I have no idea whom to write to fix this as I tried to leave tons of comments in Google webmaster feedback, but none were answered. So not sure what else we can do. Since the question of hooking was discussed, let me copy-paste one of upcoming blogposts. [I]As you probably know, we state that "ReHIPS doesn't use rootkit-technologies (kernel-mode hooks etc.)". But some may wonder "hey, what's that HookDll32/64.dll then? I saw it was injected!". So let's talk about this a bit. Since the dawn of time antiviruses were hooking the Windows kernel to intercept critical functions and inspect program behavior. And they'd been living happily till death in the person of PatchGuard did them part. Kernel Patch Protection (also known as PatchGuard) was introduced in Windows 2003 x64 (actually in Windows XP x64, but you can say it's based on 2003 kernel). Though it didn't stop some of the vendors from hooking the kernel (using hypervisor or some other shady stuff), it became something that is not just officially discouraged, but is actively being couteracted resulting in Blue Screen Of Death. And what about user-mode hooks? They aren't something that is promoted, but if something can't be done without them, go ahead, use them, Microsoft even has a Detours project that helps hooking user-mode functions. And according to official Detours page "Under commercial release for over 10 years, Detours is licensed by over 100 ISVs and used within nearly every product team at Microsoft." So yeah, this thing is not that bad and dangerous like kernel-mode hooking, if it's "used within nearly every product team at Microsoft". So what about ReHIPS? ReHIPS doesn't use any kernel-mode hooks. At all. And never has. And never will. We stand true to our statements. But yes, it does use some user-mode hooking. Why? They are for usability purposes only, no security or other potentially dangerous of important feature relies on it. For example when a process being started by explorer.exe (and that is pretty much every process you start double-clicking in explorer) is blocked, explorer complains about it and shows an error window. Injected HookDll intercepts this function in other processes like explorer and convinces them that everything is OK, no need to throw error windows. So it's purely a question of usability.[/I] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
