Process isolation

Process isolation is a set of different hardware and software technologies designed to protect each process from other processes on the operating system. It does so by preventing process A from writing to process B.

Process isolation can be implemented with virtual address space, where process A's address space is different from process B's address space – preventing A from writing onto B.

Security is easier to enforce by disallowing inter-process memory access, than compared to less secure architectures (such as DOS) in which any process can write to any memory in any other process )

In a system with process isolation, limited (controlled) interaction between processes may still be allowed over inter-process communication (IPC) channels such as shared memory, local sockets or Internet sockets. In this scheme, all of the process' memory is isolated from other processes except where the process is allowing input from collaborating processes.

System polices may disallow IPC in some circumstances. For example, in mandatory access control systems, subjects with different sensitivity levels may not be allowed to communicate with each other.

Notable operating systems that support process isolation:

Internet Explorer 4 used process isolation in order to allow separate windowed instances of the browser their own processes; however, at the height of the browser wars, this was dropped in subsequent versions to compete with Netscape Navigator (which sought to concentrate upon one process for the entire Internet suite). This idea of process-per-instance would not be revisited until a decade afterwards, when tabbed browsing became more commonplace.

...
Wikipedia