[Written Review] ReHIPS Review.

Discussion in 'Giveaways and Contests' started by tarekma7, Feb 7, 2018.

  1. tarekma7

    tarekma7 MDL Member

    Sep 28, 2012
    119
    225
    10
    #1 tarekma7, Feb 7, 2018
    Last edited: Feb 9, 2018
    [​IMG]

    Professionals must know that some of the isolated running processes carry a high risk of damage to your computer. Also, the sandbox technology is now very important to protect you against many threats.

    ReHIPS is an innovative Host-based Intrusion Prevention System (HIPS) protects your computer from malware and doesn't require frequent updates. It is the only way to isolate processes in a secure and reliable way. Windows XP had runas which was pretty safe to use for processes isolation. All windows versions after Windows XP introduced UAC and broken runas so that no process isolation is available. This makes you at risk. reHIPS will keep the integrity of your system through prevention of intrusions and application sandboxing system

    The program has built-in features that restrict running processes in many ways and levels. For example;
    completely restrict network access, restrict child processes creation, and even block execution of the process itself. You can run any suspicious file or process on a separate desktop for better security.
    The program offers advanced options which allow users to set rights acess, for example; what file, folder and registry objects acess

    ReHIPS isolated environments are based on Windows built-in isolation of different users from each other and from the system (if they don't have admin privileges). If you have an isolated program, it will be executed from a specially created ReHIPS user with limited access rights. This unique way to run your applications makes the real user's profile folder and registry hive unaccessible by the isolated programs

    The program has a built-in DeployHelper which helps to install the program right into the new ReHIPS user. Now all the settings will go from the start into isolated environment

    The program will keep you safe and secure against many online threats, ransomware and cryptolockers.
    [​IMG]

    Homepage:

    https://rehips.com/en/

    Current version:

    2.3.0

    [​IMG]

    Release Date:

    2017-12-28

    You can download the program from the official website. The program is compatible with all current Windows versions from Windows Vista SP1 to Windows 10, both 32 and 64 bit versions of windows are supported.

    Installation is very easy, simply double click the installer and follow few online steps

    [​IMG]

    [​IMG]

    [​IMG]

    [​IMG]

    [​IMG]

    [​IMG]

    [​IMG]

    RulesPack:

    [​IMG]

    The program includes many built-in predefined rules for some widespread applications. These are installed with the program installation (in a separate consol window) and are continuously updated. It includes many apps and vendors. It can be used only for already installed programs. The current version includes RulesManager which includes an extended and highly customizable RulesPack. If a program is installed, rules will be created for it. You can manually start the RulesManager at any time you want. Simply, clicking Install Rules button in the settings tab. Only missing rules will be installed.

    limitations of the free (demo) version:

    The number of concurrently running isolated processes is limited with 10 and forbidden to be used for commercial purposes.

    Purchase:

    The program has a unique way of license generation that lets you have only one license for your computer. The license is generated and mailed to you after purchase with the details of activation. However you need to install the program first then send your hardware ID (HWID) number during purchase. You can find how to do this in a step by step way below

    [​IMG]

    You can purchase an official license from the official website.

    To purchase full ReHIPS version follow these steps:

    Download full ReHIPS version from our site: https://rehips.com/ReHIPSSetup 2.3.0.zip

    Install ReHIPS on your computer. Here is a video-tutorial of ReHIPS set-up:



    Start ReHIPS.

    Copy HWID from ReHIPS Registration form to the HWID field of Additional Ordering Information.

    The license is lifetime Perpetual with 1 year support includes free updates. It will cost you 49.75$

    If you need more information or have any questions, you can visit the forum here to have answers from the developer:

    https://forum.rehips.com/

    You can also visit this topic with links to ReHIPS FAQ blogposts to keep them all in one place

    https://forum.rehips.com/index.php?topic=9520.0

    If you are searching for blogs subsection with lots of information on ReHIPS internals, coding tips and tricks and Windows bugs, most of which are still unpatched. Visit:

    https://forum.rehips.com/index.php?board=13.0

    User Interface:

    The user interface is very friendly, easy to use, intuitive and well arranged. You can see the main app interface with one of two options either the simple or the advanced modes. The simple mode shows the protection and antispy parts only in the main interface. If you prefer the advanced mode; you will find three buttons on the left side (see image) including protection, isolated programs and logs
    The left sided bar shows the simple/advanced modes button, rules database, settings, about and the option to purchase a license for the program

    [​IMG]

    Simple or advanced modes:

    This allows users to use the program in one of two modes according to your preference. Simple or advanced modes can be chosen. The advanced mode shows more options as isolated programs and logs in addition to those in the simple mode

    [​IMG]

    Technology:

    Windows meets the requirements of C2-level security of the U.S. Department of Defense, it already has all the necessary mechanisms to provide access control. ReHIPS takes advantage of these built-in mechanisms and operates in a restrictive manner (if it is not explicitly allowed, block it). It executes every restricted application in the isolated environment (ReHIPS mode) with its own set of rights. Even if this application is compromised, your operating system stays protected and secure.

    ReHIPS protects and doesn’t require updates:

    ReHIPS doesn’t detect malware. Instead it uses Windows built-in access control mechanisms to ensure system safety and data security. Thus ReHIPS is always actual and doesn’t require frequent updates.

    ReHIPS ensures system integrity and stability:

    Unlike some other sandboxes ReHIPS doesn’t use kernel-mode hooks, splicing and other unsafe rootkit-techniques. It is based on documented Windows security mechanisms ensuring system stability.

    ReHIPS provides reliable protection and compatibility with actual Windows versions.

    Rehips offers you the best antimalware solution ever:

    This is done using the built in sandbox technology and documented Windows security mechanisms

    You will enjoy a reliable and stand alone offline protection from all kinds of malware. No clouds, No regular updates, No telemetry data, No spying

    Customizable protection for any case:

    This is easily done in the settings section of the program. You have simple and advanced mode with many built-in tools that let users set the protection level for each app or running process

    Safely open any file in an isolated environment:

    with the help of ReHIPS you can open any file on your computer in an isolated environment. This will protect you from any threats and damage to your computer. The isolated programs will open on a separate dektop with an easy switch between the real and virtual desktops using ReHIPS icon

    Simple navigation throughout the program with all settings and options arranged for easier use

    Surf the internet in a safe way with the help of Rehips. All internet browsers are included in the isolated programs by rules. This will keep you safe from any online threats. When you launch the browser, you can see red border around which means that it is isolated and you are safe.

    Right context menu options:

    This is done through integration with windows explorer. It will show you deployhelper and run isolated in ReHIPS options which let you run any program in an isolated environment even if the protection level is set to zero.

    New Features (Changelog):


    Wildcards are ready

    Improved installed software detection;

    All top level windows are now mirrored on all desktops;

    Added custom taskbar on isolated desktops;

    Added restricted token, which allows to use main desktop without danger of DLL injection with allowed hooks;

    User SID is shown in isolated environment; Also rules could be installed for a user with wrong SID

    Fixed process isolation with UAC and UIAccess;

    Separate isolated desktops can be globally disabled;

    Desktops widget could be closed with UAC disabled, fixed;

    Blocked access to several new Windows 10 locations;

    Improved security for open file access and copy user data

    RulesManager registry now supports wildcards * and ?;

    Copy User Data metadata is now available not to copy the same data several times;

    DLL may not be injected after Service restart or into some processes due to race condition

    Fixed Windows bug with printing and devices list

    Added several programs and trusted command lines/vendors to RulesManager;

    -Lock-Down Mode can be changed from tray menu;

    -ReHIPS folder can be opened from tray menu;

    -isolated processes list update on GUI startup was missing;

    Full changelog here:

    https://rehips.com/en/news

    ReHIPS vs Ransomware:

    ReHIPS offers you a good and effective protection against many online threats as ransomware and cryptolockers. You can see the video here for more details on the reliable protection and safety features of ReHIPS



    Better understanding of the program:



    Now let me discuss the features and uses of the program and how it will keep you secure

    First you need to remember FOUR important program options; protection and isolated processes, antispy, program settings (on the main program window with log files) and deployhelper with right click menu

    DeployHelper:

    This feature is useful if you are installing some new program on your system so that it will be installed in isolated environment. This will keep you safe and secure from any threats. All you have to do is to right click the installer and use Run in ReHIPS DeployHelper option. That’s all! Now all settings are already installed into isolated environment. If you are a program tester, you can test any new app with no problem or damage to your system
    To install an application using DeployHelper simply right click the application installer in the Explorer and select the «Run in ReHIPS DeployHelper» menu item. You can choose «Run as administrator in ReHIPS DeployHelper» if the installer needs administrator rights. The executable file you have selected will now be added to the program database with correct settings and can be run in the ReHIPS mode in a safe way.

    ReHIPS Special Folders:

    Installed programs on your computer (for example, adobe reader), needs to have an access to the real user home profile folder or in HKCU registry in order to read the settings and operate in the usual way. Now, with isolation offered by ReHIPS, these programs can’t access these locations. In this way, these settings need to be copied and saved in special Folders. These folders include the registry and setting options for various programs.

    Wildcarded Programs:

    The current release of ReHIPS has programs path wildcards support. Wilcard is a placeholder represented by a single character, such as an asterisk (*). It is used to replace or represent one or more characters. Symbols "?" and "*" serve as wildcards. Wildcard operations support the same options as those for non wilcarded apps. You can allow, block and islate according to your wish. Hashes or level of trust and vendor are not available with wildcard use as no specific program is present

    [​IMG]

    Working Modes for Intrusion prevention:

    [​IMG]

    The program has 5 different protection modes. You can choose the appropriate protection level for comfortable work. From the main interface or from the taskbar icon right click menu, you can easily change the protection level. The available protection modes include disable, Learning, Permissive, Standard and Expert.

    [​IMG]

    Disabled:

    Protection is completely disabled

    Learning:

    ReHIPS is learning of programs on your PC. If programs are in the database, rules will be applied. Other programs will be allowed and added to the database

    Permissive:

    Programs in the database are processed according to the rules while others are allowed

    Standard:

    Some applications are allowed based on heuristics. It is similar to the expert mode, but shows less alerts

    Expert mode:

    This mode offers maximum protection with many notifications. Programs not in the database wait for user decision. Trusted Vendors list is ignored

    Antispy:

    ReHIPS offers you a reliable protection from cyber espionage. Nobody will spy on you though web-camera or microphone. Camera and Microphone can be easily disabled. ReHIPS allows you to disable microphone to prevent audio spying. Additionally, it disables your sound card completely, including audio output.

    Secure separate desktop:

    Separate desktop is the most secure way to maintain your integrity. The current update of Rehips lets you use isolated hooks. This feature makes hooks setting possible so that isolated programs won't fail. DLLs will not be injected into other process on your computer. This feature is based on restricted tokens.

    Isolated Programs:

    [​IMG]

    When you run a program in isolated mode, you will notice a red line around the open program window. This means that this app is isolated and will not be able to make any changes to your computer. For example all internet browsers are isolated in the program rules, when you launch the browser, it will open as usual with red border around the window. This will protect your system. Also I tried to install a new program as CCleaner then add it to the isolated environment, it will not clean your system as usual but only the programs in the isolated list
    An isolated program or group of isolated programs can have their own isolated environment with many security and usability settings

    [​IMG]

    [​IMG]

    Log:

    All the ReHIPS events are available using a simple click on the log button of the main screen. You can check many logs such as isolated environments names and programs paths.

    ReHIPS settings:

    These can be accessed from the main screen window. The settings allows you to set many options so that you will have a customizable protection for any case.

    Simple mode: Interface, protection and programs

    [​IMG]

    Advanced mode: Interface, protection, programs, trusted vendors, trusted command lines, trusted users and log. A program can be bound or un-bound. A program is bound if it has a corresponding isolated environment.

    [​IMG]

    On the lower bar, you can find 3 buttons; Advanced mode/Simple mode, reset to defaults, reinstall Rules

    Interface:

    This includes many options to set. For example; you can select interface language, auto start ReHIPS Control Center with the operating system, pop-up timeout and maximum log lines

    Protection:

    Lock-Down Mode:

    This is an additional option in Settings that is located on Protection tab. It is used with other modes as standard and expert. It is useful for administrators who install and configure ReHIPS once and are not available all the time. Three options are available for you to choose from; disabled, without GUI and always active

    Remove isolated environment

    This built-in feature lets you remove isolated environment after being removed from "Programs" tab

    Programs:

    This is the most important option with 4 subheadings; all, allowed, blocked and isolated programs

    Unbound applications include those applications which have never been run in restricted mode and no user was created for them.

    Isolation of programs:

    Before you decide whether to add the program to the isolated list, you need to check for some points which will help you to decide. For example; is it an internet-facing software, if it work with data or files that come from untrusted sources, known unpatched vulnerabilities, software is still supported and updated. The common isolated programs include office, browsers, PDF apps, file applications as WinRAR, and mail applications

    Isolated programs will open as a new desktop with the ReHIPS Agent desktops widget which lets you change between the two desktops. The separate desktop feature confers a high degree of security. The restricted application will start on a separate desktop with the help of ReHIPS. In that way, the restricted applications can set any window hooks they want and take screenshots while other applications are safe and secure.

    Add new program:

    [​IMG]

    You can add new program, simply specifying its location using browse button (in program pathway). You can specify the other settings you want for this app such as username, can execute programs (inspect child processes), process execution (allow, block, isolate) and vendor trust. You can also specify sub programs execution if applicable to this particular program

    Edit program:

    [​IMG]

    These settings are concerned with how you want the program to execute the program and the level of vendor trust. The pop up window lets you edit the program path, username, inspect child processes, aloow, block or isolate the program and the trust level and vendor. For example; you can choose to allow, isolate, block, alert and so on. If you trust the program vendor, you can add it to the vendor list

    [​IMG]

    [​IMG]

    This window shows the program pathway, windows username, can execute programs, can be executed, can execute subprograms and trust level. There is an option to add the vendor to the trust list

    Can execute programs: Select parenting mode for this program.

    [​IMG]

    Can be executed: Select execution mode for this program.

    [​IMG]

    Can execute sub-programs: Defines if the program can be executed with command line parameters.

    Trust level may be full, usual, low or undefined

    [​IMG]

    Edit isolated environment:

    [​IMG]

    [​IMG]

    [​IMG]

    [​IMG]

    Allows to customize privileges and access rights, For example; to set network access, file system objects and registry keys access rights (including inheritance). You can also set privileges and additional access rights. These settings affect all programs bound to this isolated environment.
    Object permissions offer manual access rights adjustment to folders, files and registry keys. Privileges can be accessed from the button in the isolated environment edit window. It offers manual adjustment of the isolated environment privileges and additional access rights

    Trusted vendors:

    The program has an editable list of trusted vendors for your comfort and protection. You can compare with other software. The upper right buttons let you add, delete or add vendor from file

    Trusted command lines:

    The program has a built-in list of trusted command lines. You can edit the list at any time using the upper right buttons which help you to add or delete command lines

    Trusted users:

    This is the user list that can launch and operate ReHIPS Control Center. All computer administrators are trusted by default

    Log:

    This option helps to customize log settings through pop up checkbox. This helps you to turn on or off notification settings

    Pros:

    Good sandboxing security

    Multiple modes of protection

    Keep your system integrity

    Simple friendly user interface

    Management of child programs

    No frequent updates needed

    Good support team

    And many more

    Cons:

    Need more image and video help files specially for new users

    The browsers are isolated by default and better to be optional

    Conclusion:

    Rehips is a perfect security program that will protect you through application sandbox technology. It will prevent intrusion of your system and improve the overall security of your system with no need for updates. It helps process isolation and prevent any changes to your system using windows built-in access control mechanisms. All you need to do is to download, install and try it yourself. You will test any application with no problems to your system
     
  2. sid_16

    sid_16 MDL Giveaway Organiser

    Oct 15, 2011
    2,315
    4,363
    90
    The review looks well written- will read it thoroughly later .
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    6,148
    13,732
    210
    Great piece of security soft.

    I proudly actively translate main gui, secondary guis, etc., to Spanish lang. :cool:
     
  4. Keenoo

    Keenoo MDL Novice

    Dec 3, 2015
    40
    26
    0
    Great review! Thanks.
     
  5. tarekma7

    tarekma7 MDL Member

    Sep 28, 2012
    119
    225
    10
    Topic is updated with more details added
     
  6. dinosaur07

    dinosaur07 MDL Member

    Jan 19, 2016
    133
    190
    10
    Many thanks for the professional review! :thumbsup:
     
  7. grrgrr

    grrgrr MDL Member

    Oct 4, 2017
    119
    103
    10
    Nice review @tarekma7
    Program is new to me, but looks interesting
     
  8. qaj1shi

    qaj1shi MDL Senior Member

    Apr 10, 2011
    340
    140
    10
    thanks for the review mate!
     
  9. Tiger-1

    Tiger-1 MDL Guru

    Oct 18, 2014
    4,131
    4,641
    150
    wow fantastic review dude, thanks for very good application downloading now :D:good3:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...