i recently installed comodo defense+ to protect myself from rootkits. i've spent a few days learning the software now, and i think i've found a major weakness: it fails to stop some drivers from loading! it does stop some drivers, but not all of them. to test this out, i installed a product called virtual cd. virtual cd is basically a virtual dvd rw burner (whereas daemon tools is just a virtual dvd rom). according to eqsecure 3.41, the trial version of virtual cd 9 ( http://www.virtualcd-online.com/vcd/apps/download/vcddownload.cfm?lg=0 ) installs 4 drivers: HH9Help.sys VC9SecS.exe VDRV9000.SYS vdrv9000.sys comodo stops 1: VC9SecS.exe and lets all the others through without even saying anything about a device driver installation. to confirm this, simply download and install that trial version and see which drivers your hips can catch! is this a weakness in comodo defense+? if it will let 3 drivers from a non malicious app through, then it can easily allow any rootkit through, right? i stopped using eqsecure because they are no longer updating the old version. they released a new version of eqsecure (version 4) but it's no longer free, and i can't read the chinese on their webpage anyways even if i wanted to. i have had serious trouble finding a replacement. i tried online armor already, but it doesn't allow you to detect only specific types of behavior like comodo does, and it also doesn't seem to have a mechanism for blocking drivers.