In this blogpost we'll briefly skim over some of new features of the upcoming ReHIPS 1.1.0 Beta release.
First, ReHIPS 1.1.0 will be based on the new multithreading engine. This engine is more stable and faster than the previous one.
Second, ReHIPS 1.1.0 will make your system much safer. In ReHIPS 1.1.0 restricted applications can be started on separate desktops. Switching between them is shown on the screenshot below.
Separate desktops are necessary to prevent "sandbox escaping" using windows hooks. If allowed and restricted applications were started on the same desktop and DESKTOP_HOOKCONTROL access right was set for the restricted application, then the restricted application can set window hooks on the allowed application's windows and possibly execute arbitrary code in the context of allowed application.
If DESKTOP_HOOKCONTROL access right was not set, then a restricted application may work incorrectly because runtime libraries use window hooks quite often. And even without this access right it's still possible to take screenshot of the current desktop.
Being run on a separate desktop restricted applications can set any window hooks they want and take screenshots while other applications are safe and secure.
We plan to release ReHIPS 1.1.0 Beta at the end of February. Stay tuned.