@ martosurf
1. DMR only downgrades application permissions not the Users overall account permission, DMR as its name implies drops the rights of a user with Administrator rights to that of a limited user, only for that program, browser, email, etc.
It doesn't isolate it like in a sand box the programs runs as normal but if it tries to do something that requires administrator rights (like creating registry entries and placing files in system folders) it can't because it is effectively run under limited rights.
There is nothing to stop it doing anything that doesn't require admin rights and looking at data, so if under normal circumstances you can't look at another users data, but there is nothing to stop a limited user looking at 'his' own data. So you have to have your firewall protect against unauthorised outbound connections.
When you quit the (host) program run under DMR the only thing that dies is the browser, etc. any malware downloaded would still be there but it wouldn't have been able to create registry entries and place files in the system folders. This as I have said greatly reduces the potential for damage as the file/s won't be in the system folders and there are no registry entries to run the programs on boot, etc.
That is why you need to have multi-application protection and periodically run on-demand scans with them to remove that dormant malware, avast, anti-spyware/adware programs, etc.
2. DMR only works if you use the shortcut to launch the program if something else launches it like a link in the a program, settings, help file, etc, it launches the default browser directly (in some it may launch IE not the default browser) and not the link you have to run the program under DMR.
This is important to remember as that wouldn't be run at a limited rights, if you already have the Browser running using DMR any links would open in that and now open the full rights browser.