By layered client virtualization, I mean stackable secure application containers. Each container contains one or more applications (i.e. IE or Outlook) or platform components. At each level, view 'down' defines the complete running environment. Theoretically, each browser window can be a complete PC. Even if a malware gets downloaded and executed, it is contained within the stack and so are any damages it causes. Each stack sees a controlled copy of the physical drive, changes to which is limited to the stack (if a stack deletes a file, the real file is not deleted but it is no longer visible to the stack).