A common concern of security experts is "how do I prevent my security processes from being terminated?". Until the release of Process Guard there was no protection available - processes were considered vulnerable and it was assumed that there was nothing that could be done about that (we weren't even sure ourselves if we'd be able to make Process Guard a reality - the six months worth of research was very much a gamble, especially as other security companies had already said that it couldn't be done - we have since proved them wrong, and created a new class of security software in doing so: process integrity protection). And just in creating a new class of security software gains an added element of security, because nobody was expecting the creation of such a program, not even trojan authors - most of whom still don't even know about Process Guard. However, termination is only one attack vector that a rogue process can use against a security process (for example, a remote access trojan vs. a firewall) ... there's an even stealthier attack that trojans can launch - code modification. Termination can sometimes be a giveaway, especially if windows are visible and suddenly disappear, but code modification attacks are usually without any visual effects. As an example of this, somewhere in the program code of your anti-virus scanner is a statement that essentially reads "If a virus was detected, jump to the Alert subroutine". A rogue trojan or virus could modify this statement so that it executed as "If a virus was detected, DON'T jump to the Alert subroutine" - effectively silencing the anti-virus scanner. Likewise with a firewall it could change the program code so that no Block rules are applied, essentially turning off the firewall. Such code modifications typically only require changing one or two bytes so the changes are very subtle and not easy to detect, but Process Guard can easily render this attack null and void, simply by denying WRITE access to protected processes. IMHO Process Guard would be worth having just for this protection capability alone, yet this is only the tip of the iceberg as far as protection goes For a more detailed example of this type of attack, see the Process Guard helpfile, "Known Attacks\Code Modification" section.