App Review ReHIPS against Ransomware

[SHvFl]

first time watching this vid, I have not installed or used rehips yet, so it was helpful to see its operation. Question, I saw rehips had "standard" protection mode, ok, and then when each ransomware opened, there's a rehips popup and it looked like the default was "allow" but then tester selected allow in protected environment (paraphrase). Any concern with default allow? or is that something the user can automatically globally set so that default is allow in protected environment?

If you allow there is no protection and the file will run as it would normally. When something is not secure you need to run it isolated. The reason that default is allow is because user is going to run more normal files that the appropriate action will be to allow so the default section should be allow.

 

[simmerskool]

The video shows that the weakness is the user. The default option is to allow the ransomware. ReHIPS protected the system because the tester/user chose the programs to run isolated. So, without changing or choosing anything other than the default, the system might have been infected.
But even then, I think that the HIPS part would have done all the protection once the "allow" was chosen.

emphasis added, so new user (or so far non-user but interested), I noticed same in video, but don't understand last sentence. rehips works even if the user selects "allow" ??

EDIT nevermind, I read your above posts after I posted this. Hope to play with rehips soon.

 

[simmerskool]

If you allow there is no protection and the file will run as it would normally. When something is not secure you need to run it isolated. The reason that default is allow is because user is going to run more normal files that the appropriate action will be to allow so the default section should be allow.

yes, thanks. I should have read more posts before I posted mine. questions answered by Umbra and XhenEd. I gurss I was "excited" to see rehips in operation.

 

[SHvFl]

yes, thanks. I should have read more posts before I posted mine. questions answered by Umbra and XhenEd. I gurss I was "excited" to see rehips in operation.

No worries. If you have more questions better ask here.
ReHIPS - An HIPS/Sandbox without kernel Hooks - (quick test included)

 

[simmerskool]

If only that were true... right ? No more need of security softs... everybody's digital life is much easier.
Just play music in the background while using system... soothes and protects the system and the soul.

reminds me of a move, Mars Attacks! (1996) music saves the day for earthlings.

 

[Recrypt]

This video shows one of intermediate RC builds. There indeed was Allow selected as default option. But in later builds and eventually in release build we removed it for security reasons so user won't accidentally click OK with defaulted Allow.
Best Regards, fixer.