Advice Request OSArmor and Exe Radar Pro -- temporary alternative?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
Hmm, this thread is kind of quiet. I guess people are concerned about the learning curve with ReHIPS. I admit there is a learning curve, but ReHIPS 2.4 free version has fine-grained anti-exe + strong sandboxing for Office apps, PDF readers, etc. That's a lot for no money.
Do you have the link for the free version of ReHIPS?

~LDogg
 

Recrypt

From ReHIPS
Verified
Developer
May 26, 2014
11
Hello everyone and thank you for your interest in our product.

ReHIPS is a completely offline solution. But it's implemented as a thin client: Service does all the heavy-lifting and Control Center simply communicates with it. This error means that Control Center couldn't connect to Service. Communication is implemented via sockets and local network connection. So don't forget to allow this local-only connection.

Best Regards, fixer.
 
F

ForgottenSeer 72227

A few days after having OSArmor, I uninstalled it. How compatible is NVT SysHardener on Windows 10 v1809?

I agree with @shmu26

From my understanding it uses Powershell camlets and registry tweaks to make its changes, so assuming Microsoft hasn't made any changes to how these settings are made/set, SH should work normally. I currently have it on my system and haven't noticed any issues and so far it seems like to tweaks are still working.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
A few days after having OSArmor, I uninstalled it. How compatible is NVT SysHardener on Windows 10 v1809?
Just curious what moved you to uninstall OSA?
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Any reason i should go with rehips free, instead of OSA, wich is working with 1809 from now. Thinking going back to qihoo + forticlient webfilter + osa or either forticlient +osa
 
  • Like
Reactions: stefanos and shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Any reason i should go with rehips free, instead of OSA, wich is working with 1809 from now. Thinking going back to qihoo + forticlient webfilter + osa or either forticlient +osa
Depends what you want your security soft to do.
OSA is better at blocking lots and lots of vulnerable processes, if you enable advanced settings. The only thing really missing in OSA, in that area, is rundll32 protection, and Andreas said he will probably add it.

ReHIPS free is a full-fledged anti-exe and it also isolates your Office/PDF apps, so you don't even need all that crazy paranoid vulnerable process protection.
I personally don't care about isolating Chrome and Firefox, they are secure enough anyways. There are no exploits in the wild that affect them, and there have not really been any for a few years. I have a beta license for ReHIPS, and sometimes I don't even bother to isolate Chrome, because I think it's overkill.
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Depends what you want your security soft to do.
OSA is better at blocking lots and lots of vulnerable processes, if you enable advanced settings. The only thing really missing in OSA, in that area, is rundll32 protection, and Andreas said he will probably add it.

ReHIPS free is a full-fledged anti-exe and it also isolates your Office/PDF apps, so you don't even need all that crazy paranoid vulnerable process protection.
I personally don't care about isolating Chrome and Firefox, they are secure enough anyways. There are no exploits in the wild that affect them, and there have not really been any for a few years. I have a beta license for ReHIPS, and sometimes I don't even bother to isolate Chrome, because I think it's overkill.
Hmm, im not programmer or very vulnerable/targeted person and all i do is browsing mostly. Id just like to go with forticlient + comodo firewall since i like forticlient alot. It has behaviour monitoring + anti-exploit wich covers the browsers. Comodo firewall just tend to be buggy sometimes, and has conflicted with forticlient a few times. The hips tend to conflict with forticlient that much its turning the web filter service off. And theres people or person on here mt who tends to say comodo is completely useless without HIPS

so
Rehips, yes HIPS is that im missing. So maybe i should try it out and see how it does...thanks
 
  • Like
Reactions: shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Hmm, im not programmer or very vulnerable/targeted person and all i do is browsing mostly. Id just like to go with forticlient + comodo firewall since i like forticlient alot. It has behaviour monitoring + anti-exploit wich covers the browsers. Comodo firewall just tend to be buggy sometimes, and has conflicted with forticlient a few times. The hips tend to conflict with forticlient that much its turning the web filter service off. And theres people or person on here mt who tends to say comodo is completely useless without HIPS

so
Rehips, yes HIPS is that im missing. So maybe i should try it out and see how it does...thanks
ReHIPS is not a true HIPS. It is re: HIPS, meaning that it is a response to HIPS.
It is an anti-exe+sandboxing solution that makes true HIPS unnecessary.
Also, it has a learning curve. It is not as easy and self-explanatory as OSArmor.
It's worth the effort, if it gives you what you are looking for.
Both softs are great, it all depends what you need.
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Installed re:hips free, expert mode enabled. It seems my firefox is isolated, is this okay? And will it affect into ublock origin lists updates somehow

Paid version just lets you isolate more applications, but when im only using browser mostly i probably dont need it:unsure:

Google chrome has too many processes and the isolation failed
 
Last edited:
  • Like
Reactions: shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Installed re:hips free, expert mode enabled. It seems my firefox is isolated, is this okay? And will it affect into ublock origin lists updates somehow

Paid version just lets you isolate more applications, but when im only using browser mostly i probably dont need it:unsure:

Google chrome has too many processes and the isolation failed
isolating your browser should not cause any problems, unless it puts you over the 10 isolated process limit on the demo version.

If I was you, I would first run ReHIPS in Standard mode, and get used to it, before enabling expert mode.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
A short explanation about ReHIPS isolation: it is not like the sandboxing you find in Sandboxie, Comodo, etc. They use light virtualization to achieve sandboxing.
ReHIPS does not virtualize. It runs the isolated process in a separate and limited user account. It takes advantage of the built-in Windows feature of limited user accounts.
There is more to it than this, but this is the basis.
Since ReHIPS uses native Windows features, there are generally less conflicts and breakage. When Windows updates, or your software updates, you will usually not encounter issues.
 
E

Eddie Morra

A short explanation about ReHIPS isolation: it is not like the sandboxing you find in Sandboxie, Comodo, etc. They use light virtualization to achieve sandboxing.
IIRC Sandboxie doesn't rely on virtualization.

When I looked into Sandboxie about 2 years ago, it was relying on another user account and user-mode API hooking combined with kernel-mode software (for kernel-mode callbacks - this would have been used for enforcement of the process access, file-system, registry and networking management rules). The user-mode DLL though... that hooked so many APIs.

If Sandboxie works when virtualization is not enabled via BIOS or is not supported by the hardware full-stop then it means it is completely software-based and not using any hardware-assisted technology for virtualization like COMODO and Kaspersky.

If something has changed since then please correct me because 2 years is a long time and I'd really appreciate it.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
IIRC Sandboxie doesn't rely on virtualization.

When I looked into Sandboxie about 2 years ago, it was relying on another user account and user-mode API hooking combined with kernel-mode software (for kernel-mode callbacks - this would have been used for enforcement of the process access, file-system, registry and networking management rules). The user-mode DLL though... that hooked so many APIs.

If Sandboxie works when virtualization is not enabled via BIOS or is not supported by the hardware full-stop then it means it is completely software-based and not using any hardware-assisted technology for virtualization like COMODO and Kaspersky.

If something has changed since then please correct me because 2 years is a long time and I'd really appreciate it.
SBIE is not hardware assisted virtualization. That much, I agree with you.
However, the basic mechanism of SBIE is to redirect writes to a virtualized sector of the hard disk. In that sector, processes run with limited rights.
ReHIPS does not redirect writes. It sets up a separate user account, and runs the isolated process from it. All writes go to that user account.
@Umbra and @SHvFl can probably explain it better.
 
E

Eddie Morra

1. COMODO and Kaspersky
2. Sandboxie
3. ReHIPS

1 - hardware-assisted and software-assisted virtualization.
2 - software-assisted virtualization.
3 - not really virtualization like 2 and definitely not 1.

Is this correct? :)
 
Last edited by a moderator:
  • Like
Reactions: Moonhorse
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top