A security model restricts binary behaviors on a machine based on
identified security zones. Binary behaviors can be attached to an element
of a document, web-page, or email message. The binary behavior
potentially threatens security on the local machine. A security manager
intercepts download requests and/or execution requests, identifies a
security zone for the requested binary behavior, and restricts access
based on the security zone. The binary behavior can identify a security
zone according to the related URL. In one example, all binary behaviors
associated with a security zone are handled identically. In another
example, a list of permissible binary behaviors is associated with a
security zone such that only specified binary behaviors are granted
access. In still another example, a list of impermissible binary
behaviors is associated with a security zone such that binary behaviors
that are found in the list cannot initiate access.