I think I know what caused the problem. When I started a few applications I had to check "Copy user data" to make the application run isolated. The problem is that those applications requested the Onedrive folder (55 gb of files, pictures etc) which also was located in user space. That took A LOT of disk usage and made the application freeze. So I moved the entire OneDrive installation off user space (user data area) and now each application doesn't have to copy the 55 gb data. ReHIPS working like a charm now. Maybe there should be an option in ReHIPS that makes it possible to exclude specific user data folders from being copied?
Is there any way to make the isolated applications to run like Chrome does (just with a red boarder), meaning no extra desktop for each isolated application?
Thanks! How much? I think it's worth it for applications that you do trust (for instance Spotify) but that you can isolate to some extent in case something bad could potentially occur.
Thanks. Fortunately, most of the applications I do want to run without extended desktop are working without the DESKTOP_HOOKCONTROL privilege. I'm lucky.
There was a blogpost about Separate Desktop feature here https://forum.rehips.com/index.php?topic=9483.0 I recommend visiting blogs once in a while as I try to regularly post interesting things that may be useful for ReHIPS users, software developers, and just curious in Windows internals people. Best Regards, fixer.
ReHIPS, fixer, what do you think of this? There are scenarios where 'Copy User Data' in user space is problematic. For instance my 55gb Onedrive folder which rendered isolated application broken. Would it be a horrible idea to be able to configure prohibited folders so folder XYZ doesn't get copied with "Copy User Data" checked? Never mind, I just noticed you can block access to XYZ folder.
In my opinion the best option is to keep all programs executables in Program Files folder. Windows was designed that way. And program settings in user profile folder in separate folders. This way programs require to copy only their settings data which is usually quite small. And then disable Copy User Data as you don't need it. Or don't enable it at all, programs will start with default settings and sometimes it doesn't matter. That'll be the most secure and easy way. We'll think about excluding some folders, but it's quite tedious work, so gotta think how to make it better. Best Regards, fixer.
I tried it briefly. It does seem to be a stable software with solid protection. I threw some nasty malware on it and all of them were dealt very well. I have just few comments. Firstly I absolutely hate the idea of multiple desktops. It is confusing for new users for sure. Why not to open isolated apps in the same desktop( as all other sandboxes do)? This feature can be kept optional if needed at all. Secondly there should be an option to get a border or some other GUI indicator for isolated apps.
You can and it is optional : https://www.wilderssecurity.com/threads/rehips.364248/page-34#post-2682701 but mind that you will reduce the protection : https://www.wilderssecurity.com/threads/rehips.364248/page-34#post-2682717 not sure what you mean?
You can if you choose to isolate applications within the normal desktop and not the extended. The color of the border is red. Also, the titlebar of the isolated app gets !# prefix in front of original name. I had the same thoughts as you @aigle but it just works. So now I've bough myself a license.
Thanks. IMO it should be default and I am not sure why other sandboxes can still protect without using multiple desktops( unless some one says that they are vulnerable in the same way). I am sure it will really confusing for the new users. I am not a user of ReHIPS but from marketing point of view I see it a turn off for user and they must think to change the default behavior. It is just my feeling.
It is not usable practically unless you can un-check this option globally( not per application basis). Is it possible? Thanks
ReHIPS' sandbox operates differently from other sandbox software out there. "Separate desktop" is default for new programs for compatibility purposes, I think. Maybe ReHIPS devs had noticed that majority of the software tested only work in separate desktops.
People confuse ReHIPS with Sandboxie, they don't works the same way. ReHIPS use windows mechanisms and tightened user profiles. Each IE (sandbox) you create and use is a separate user profile , separated from the others.. Not possible.
Thank you for your time and interest in our ReHIPS. The only reason Separate Desktops option is enabled is for security purposes. But we'll think about, maybe we'll set it to disabled by default for non-Expert Protection Modes. ReHIPS allows you to set the highest protection level. And there is a trade-off between security and usability. You expect ultimate protection level? ReHIPS can give you that, but you'd have to sacrifice some convenience. You don't expect any attacks and just want casual protection? You can always enable Permissive Mode and you'll be mostly fine as the vast majority of infections come through relatively small number of applications such as browsers, mail and office applications which are already isolated by defalt. Best Regards, fixer.
Thanks for pointing this out, fixer! I thought it's mainly for compatibility reasons (although I'm aware that it has security purposes).
I will give it a try after all!...I just think secure browsing shouldn't be over complicated with a multitude of options that can and do break the correct operation of legitimate programs..I know a number of users here love software that's infused with check boxes and then discuss at length their merits or not..I think winning security software that offers good protection out of the box wins after all there is no cure all, fire\bullet proof security application and never will be and most users just wish to surf and not have worry about software that needs to be set up correctly..Anyway, you're another developer on this forum who responds and listens to users and that's a very rare value here
