Does this mean you have to specify "Trusted" files/programs to be protected along with "Untrusted" programs to be restricted? How can you restrict the likes of Internet Explorer from accessing and changing real system files (e.g. fonts, cache, Microsoft's Java VM) or registry keys without breaking it? If you are creating "shadow" files or registry keys to accommodate all attempted changes, how long do these last? (e.g. could user-requested changes vanish on reboot like with DeepFreeze and similar software). What happens if an untrusted program uses a Windows component to do its dirty work? (possible examples include cmd.exe, rundll32.exe, net.exe). What if a user decides a download is actually trustworthy (e.g. an anti-virus scanner) - do they have to reinstall it as a trusted program? Finally, how about multiple untrusted programs - do they each see different files/registry key values or do they all see the same "Untrusted, temporary" values? What happens if that trojan tries to install a driver or create a keyboard hook? Or for that matter tries to access Physical Memory to overwrite the Service Descriptor Tables? (which could disable any other security software - including the likes of Process Guard, though this can now block physical memory access). If anyone running BuferZone wishes to investigate, visiting the Win2K/XP SDT Restore page and trying that utility would be a good initial test (I'm running rather too many other betas to consider testing it myself at the moment).