This looks neat and claver solution for Windows Vista.
One of the security features within Windows Vista that is not evident is file system virtualization. This type of virtualization allows an application a silo'd virtual store where it can read and write to without compromising the system.
Let's say you have an appication that attempts to write to System32. Instead of allowing the application to do so, Vista creates a virtual System32 in the user's profile that the application will use. Application developers can code their applications to automatically run virtualized or you can set this manually. IE7 running in protected mode utilizes this functionality so when you visit a webpage that tries to insert a file into the Startup folder, it instead is placed in the virtual startup folder and will not execute upon the next boot. Let's look at a simple example.