ReHIPS - ochrona proaktywna bazująca na własnych możliwościach systemu

[ichito]

No tak właśnie...specyficznie dość...działa ReHIPS (już chyba wiem skąd nazwa programu - od "Restrictive mode" czyli trybu uruchamiania nieznanych/niezaufanych aplikacji). Z pliku pomocy

Restrictive mode (ReHIPS mode) is a mode, in which the application runs on behalf of the user, which
was created by ReHIPS specifically for this application (the so-called ReHIPS-user). Access to other objects
(which do not belong to a ReHIPS-user) will be allowed only if the security descriptors of these objects have
allowance entries for the ReHIPS-user. A number of ReHIPS-users corresponds to a number of applications,
which are considered potentially dangerous by the system administrator.
This means that every potentially dangerous application will run on behalf of its own ReHIPS-user, which
allowstheadministratortorestrictaccesstothesensitiveoperatingsystemobjects.Anyattemptstoviolate
policieswillbestoppedbytheWindowssecuritysubsystem.Evenif anymaliciouscode runs,itsabilityto
access operating system objects will be bound by the system administrator settings.
All information about applications is stored in a database, which is represented by a file in XML format.
Accesstothefileisallowedonlytotheoperatingsystemandtheadministratorsgroup,whichblocksany
unauthorizedaccess.ReHIPSworksdirectlywiththedatabasefile,whichallowsmaintainingup-to-date
information and takes into account any user changes to it. All write operations use transactions with backup,
which provide integrity of the database even if an unexpected application shutdown occurs while writing to the
file.

Running an Application
When an application is started the following occurs.
Iftheuserchoosesthe«Allowrestricted»optiononthefirststartoftheapplication,theexecutionis
blocked and the application is terminated. Then ReHIPS-user with the specified security settings (access rights,
privileges, etc.) is created for this application.After that the application is restarted on behalf of this user.
If the user chooses the «Allow» option, the application will be started without any restrictions.

Funkcja oczyszczania - jako automatyczne działanie - jest dostępna w zaawansowanych ustawieniach...ilustracja i opis ze str. 23

«Delete user directory» setting controls deletion of user’s home directory. When an application is deleted
fromthemainReHIPSwindow(fig.1)respectiveReHIPS-userisalsoremoved.Withthissettingchecked
ReHIPS-user’s home directory which may contain some useful files will be also deleted.

[Aby zobaczyć linki, zarejestruj się tutaj]