Software applications have traditionally been deployed on computing machines by a setup or installation program that copies application files onto the system and manipulates shared configuration stores such as the registry. This model may have some shortcomings, depending upon the system configuration, the operating environment, and the application. For example, multiple installs and uninstalls of software applications can lead to the accumulation of “cruft” or undesired code fragments on the system, which may cause the operating system to become slower and less stable. In addition, multiple applications may need to share common files or components, which can cause instability when such applications have file version collisions. In addition, some shared components, which are installed and registered for one application on the system, become available to all applications (including a web browser) installed on the system. This can increase the attack surface of the system and further expose the system to hostile web pages and other threats. Moreover, application upgrades and changes can be difficult to manage. For example, such upgrades and changes may require synchronized changes to many files and registry entries. Consequently, setup programs tend to be complex in nature. In this regard, setup programs typically maintain installation logs and system restore features that enable them to rollback failed partial installs.
A portable memory device such as a flash memory stick may be utilized to store an application intended for execution on a system. The memory device includes application execution files and a virtual registry file of a software application such that, after the memory device is mounted to the computing machine, the application stored in the portable memory device can be executed. This technique utilizes application program interface (API) hooks that map all of the API calls of the operating system to access the files resident in the portable memory device. This effectively creates a temporary drive (for example, the D:\ drive) from which the application executes. This approach is undesirable because such API hooking may not be supported by the operating system, and there may be no well-defined interface for doing API hooking, which can result in unpredictable behavior if more than one application attempts API hooking. API hooking is also a technique commonly used by malicious software, therefore, operating systems may be designed to make it very difficult or impossible to hook APIs.