Not a strong area for me So I was wondering as a Process Guard / SNS user what the likes of DefenceWall and BufferZone actually give me. I liked Defencewall when I ran the Beta but ... Given I have these PG/SNS already and could run processes untrusted by launching like below: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure11152004.asp Michael Howard outlined how you can programmatically spawn a process that runs with reduced privilege, even if you are logged on as an administrator. The aim was to run processes performing Internet functions (applications most subject to attack), such as Web browsers and e-mail clients, in reduced privilege to decrease the damage potential of any malware using these agents as attack vectors. What am I missing?