Compare what you have said here To what you have said here Both types of scenarios can. Yet you seem extremely worried about the zero days and percieve it as a threat where as you dont seem to care about the customized keylogger where in fact you have no idea how often either is used to exploit machines. Because none of the computer users in these agencies exercise good practices. People are the weakest link, not security systems. Then why are you defending your position? So is it still possible for programs with low disk access to see these partitions?