How to categorize 'desktop application firewalling'?

["Bill Stout" <bill.stout () greenborder com>]

[I posted this to firewalls as a firewalls question but the moderator
asked me to post this in focus-virus, and focus-virus asked me to post
to security-basics. - This illustrates the problem I'm trying to solve.]

I'm the IT department for our company, and I'm trying to figure out how
to simply categorize and describe our software.  

                Here's the complicated description:  Our software
protects Windows local system resources and the local network from an
application process accessing untrusted content.  It's like placing
latex around the application that opens untrusted content.
                 
                What it means is, processes launched in our protected
environment do not have the ability to; modify the registry, files on
disk or the local network.  It also adds confidentiality by blocking
processes accessing Internet content from read access to 'My Documents',
local network shares, etc.  Nearly any process can be launched in this
space, but it does it automatically for just IE and Outlook.  Currently
the software automatically detects if IE or Outlook is attempting to
access content from outside the defined network and re-launches an
application process in the controlled space.

                The result is that with the software installed, you can
purposely attempt to install spyware or viruses through IE or Outlook
and it doesn't infect the machine.

All the above is really difficult to explain quickly, and we end up
describing it as anti-virus/anti-spyware software, although we don't
recommend throwing existing software out.  

Would anyone have a simpler way of explaining something that firewalls
desktop applications from local resources?  

Thanks,

Bill Stout
IT dept
GreenBorder, Inc.
www.greenborder.com