- May 9, 2019
- 314
ReHIPS 2.6 is out
- Thread starter Zartarra
- Start date
- Jul 3, 2015
- 8,153
It's not surprising to get an alert like that, because ReHIPS does things that are unexpected and unusual. Its mechanisms are unique.
- Jul 3, 2015
- 8,153
ReHIPS is not malicious. But I can't tell from your screenshot whether ReHIPS triggered that alert or not.
- Apr 13, 2013
- 3,147
Although I dislike HIPS in general for various uninteresting reasons, I was curious if ReHIPS would change my mind in any way, so being a lonely person in a confusing world with time on her hands please allow a quickie critique:
ReHIPS is somewhat typical of the breed in that there are a number of security levels that can be chosen. The Learning mode is of obvious utility but one must be sure that during the extended learning process one should not even attempt to run an unknown application (which would defeat the point of this level).
The other available security levels (Permissive, Standard, Expert) are all what one would expect from a HIPS application. In order to test, on a Win 11 system with Defender disabled I proceeded to run a number of malicious files: a vbs worm, a script that shuts dwon windows firewall a python keylogger, Gryphon ransomware, and a java coded pony ransomware. For controls, I had installed Sophos Scan&Clean, and HiBit uninstaller. The results were as follows:
1). Expert Mode- as can be expected this is almost identical to a lockdown mode where every of the above test files were stopped prior to execution with an alert box asking the user how to proceed. This is fairly pointless as the ultimate purpose of a security application is to prevent malicious processes from occurring and not just throwing up its hands and essentially saying "maybe, maybe not...". In short, a setting that prevents everything prevents nothing.
2). Permissive mode- Indeed it was! Although allowing all of the legitimate applications, it also allowed all of the malicious stuff. As pointless as Expert mode, but far more dangerous.
3). Standard mode- This should be the sweet spot! Not too hot, not not too cold. Sadly this was not the case as the findings were identical to Expert mode (ask for everything) except Pony which happily trashed all the Documents and Photos available to trash.
So to sum up. if one wants to be confused and annoyed ReHIPS is your ticket. If you actually want system protection without the burden of guessing one should seek elsewhere for that answer.
ReHIPS is somewhat typical of the breed in that there are a number of security levels that can be chosen. The Learning mode is of obvious utility but one must be sure that during the extended learning process one should not even attempt to run an unknown application (which would defeat the point of this level).
The other available security levels (Permissive, Standard, Expert) are all what one would expect from a HIPS application. In order to test, on a Win 11 system with Defender disabled I proceeded to run a number of malicious files: a vbs worm, a script that shuts dwon windows firewall a python keylogger, Gryphon ransomware, and a java coded pony ransomware. For controls, I had installed Sophos Scan&Clean, and HiBit uninstaller. The results were as follows:
1). Expert Mode- as can be expected this is almost identical to a lockdown mode where every of the above test files were stopped prior to execution with an alert box asking the user how to proceed. This is fairly pointless as the ultimate purpose of a security application is to prevent malicious processes from occurring and not just throwing up its hands and essentially saying "maybe, maybe not...". In short, a setting that prevents everything prevents nothing.
2). Permissive mode- Indeed it was! Although allowing all of the legitimate applications, it also allowed all of the malicious stuff. As pointless as Expert mode, but far more dangerous.
3). Standard mode- This should be the sweet spot! Not too hot, not not too cold. Sadly this was not the case as the findings were identical to Expert mode (ask for everything) except Pony which happily trashed all the Documents and Photos available to trash.
So to sum up. if one wants to be confused and annoyed ReHIPS is your ticket. If you actually want system protection without the burden of guessing one should seek elsewhere for that answer.
- Jul 15, 2016
- 321
- Jul 3, 2015
- 8,153
2 Permissive mode means by definition that it only applies rules in the data base, and does not monitor unknown processes. It would be ideal for someone who runs, let's say, Voodooshield, but she wants her browser and Office apps to run in isolation. With permissive mode, VS will take care of the unknowns, and RH will take care of the isolation.
3 In standard mode there won't be any Documents or Photos available for trashing, because all browsers and Office apps and other internet-facing apps are isolated -- thereby blocking read-write access to files in real user space.
- Jul 3, 2015
- 8,153
It is not good at uninstalling itself, if you have other security products running. In such a case, you will need to do some manual deletion in the Users folder.ReHIPS is not a good product.
Make a good backup before installing it.
- Apr 13, 2013
- 3,147
- Jul 3, 2015
- 8,153
I am sure it didn't! But the brilliance -- or idiocy, depending on how you look at it -- of ReHIPS is the concept of separate user accounts for each isolated app.
Let's say I download a Microsoft Publisher file with Pony. The file will open in the ReHIPS MS Office user account, and trash everything there, unless there is another rule to stop it. But fortunately enough, your precious pics aren't there, because they are in your real user account. Pony can't even see them, and there is no way in ReHIPS to mitigate that protection, except for turning off ReHIPS altogether. (This last point happens to drive me crazy, because it is so stubbornly inflexible.)
- Apr 13, 2013
- 3,147
- Jul 3, 2015
- 8,153
Right. Exactly my point. You have the "pony" file on your real desktop, in real user space.
But had you downloaded it with ReHIPS installed, it would have appeared on the isolated desktop of the ReHIPS isolated folder. And when you executed it, it would not have been able to see your pics, unless you very unwisely placed them in the same isolated folder.
However, I think I should cry, "Uncle!" in advance, because neither do I have ReHIPS installed on my computer (linux over here), nor am I an active malware tester. So if you deem my explanations to be insufficient, foolish or worse, I could alert the ReHIPS dev about this thread, and that might get interesting.
Last edited:
- Oct 22, 2018
- 435
A couple of years I tried to run REHips 2.4 and kept trying for several months. I don't know whether it protected my laptop from anything other than me. I found Rehips unnecessarily complex. I suppose if I had spent a day configuring every single detail, even of software I use only on occasion, it might have been less of a pain in the neck. As it was, I removed Rehips and returned to Comodo Firewall and some time later discovered and added Hard Configurator.
- Jul 3, 2015
- 8,153
I am trying out the new version, and so far it seems to be the best one yet. It is running surprisingly smoothly.
Its both an anti-exe and a sandbox. If you don't feel the need for the sandbox in the demo version, set the security level to permissive, put the can execute program on inspect children and then toggle can be executed on allow. Then it will run as an anti-exe and application control. The free demo version limit of ten processes applies only to running it in sandbox mode and if you're overly paranoid, you could pay for a full license! However, if you really need sandboxing on untrusted sites, Microsoft Defender Application Guard is a free alternative running on Hypervisor and is supported in all modern browsers in which you install the browser extension.
If you run a browser in an isolated environment, if its infected by malware, that malware persists only in your container unless you're foolish enough to download it to your real desktop downloads folder.
Which would defeat the purpose of ReHIPS or for that matter, any security software that had built-in virtualization.
Goes without saying the weakest link here isn't the software but you blindly trusting anything that pops up during Internet surfing. Safe computing habits matter as much if not more than what security software you have installed on your PC.
Which at best is only an aid in helping you decide what should be and what shouldn't be allowed to run on your system.
Which would defeat the purpose of ReHIPS or for that matter, any security software that had built-in virtualization.
Goes without saying the weakest link here isn't the software but you blindly trusting anything that pops up during Internet surfing. Safe computing habits matter as much if not more than what security software you have installed on your PC.
Which at best is only an aid in helping you decide what should be and what shouldn't be allowed to run on your system.
Similar threads
