My problem: rootkits and driver-based malware like Stuxnet are common now, and older versions of Windows are very vulnerable (especially to ones that can be transmitted through infected USB sticks). My hypothetical patchwork solution: some software that prompts the user whenever something tries to load a driver, set up an autorun service, or write to the MBR. IOW a very limited HIPS. (I figure that, if it can't get into the kernel and hide itself, I can find it and disable it using Autoruns/ProcExp/etc. Hopefully I'm mostly right about that.) A few things like this already exist... - Outpost Firewall Free 6.51: What I usually use on Win2k. Getting a bit long in the tooth though, and seems to let through anything with a "valid" digital signature (so probably would let Stuxnet right past it). - System Safety Monitor, AntiHook, etc.: Haven't really tried. Old and unmaintained, I'm thinking they may not protect old systems from new rootkits. - MJ RegWatcher: hooks the registry areas that are involved with driver loading and autoruns, so if run as admin it should theoretically be able to block that... Right? However, when I tried it on my Win7 install vs. the Rootkit Revealer driver, it became clear that there are ways of avoiding this method of interception... So unfortunately RegWatcher is a no go. Is there anything else out there worth trying? Or is it time to switch all the Windows 2000 boxes to OpenBSD?