Is there any security disadvantage - to programs installed to ReHIPSUser with DeployHelper ?
By that, I mean, isn't a program installed to ReHIPSUser at least a bit more vulnerable to tampering or other mis-deeds - as opposed to it being installed in the real user profile (C:\Programs) ?
DeployHelper installation itself doesn't provide security, i.e. it you start some malicious installer by DeployHelper, it may do something bad during installation. But after installation it doesn't matter if you use this program after Allowing in isolation or after DeployHelper installation, both are equally secure.
I don't honestly know if there is any significant risk to malc0de having access to a program's executables and libraries within ReHIPSUser. Malc0ders don't typically try to modify program *.exes and *.dlls since the typical installation directories are protected against modification by Windows.
However, if the executables and libraries are installed to ReHIPSUSer, does ReHIPS protect them from modification - the same as Windows' file system protection mechanisms ?
At first I'd like to say, that even DeployHelper-installed software may reside in Program Files folder. It'll require admin during installation, but it's possible.
You're right, Program Files folder is write-protected, isolated programs won't be able to write into in/change files in it, and ReHIPS user home profile folder is isolated-program writable. But does it pose security risk? I don't think so. When it comes to overwriting executables, it means isolated environment is already compromised, and some malicious code is already executing in it. This executable files changing right won't allow it to elevate, something like let it persist in already compromised isolated environment. But such environment should be recreated anyway. Besides ReHIPS control hashes of executable files. Plus malware can persist without executable files modification, but controlling program data (some exploit, for example).