In theory, any compromised system cannot be trusted. In practice, though, I suspect it's better to have something that at least has an off chance of notifying you that that you computer is no longer trustworthy. Linux is pretty strong on the mitigation and containment end of things, but a lot of distros are notably lacking in means of notifying you that your security is kaput. (In fact, only the Mandriva and Fedora families do that by default AFAIK.) So I'm looking into OSSEC and other HIDS as a last layer of "defense." Do any of you have experience with such software? Are any of them suitable for a desktop or personal workstation? Or are they generally too oriented business use? P.S. Anyone know what the status of OSSEC's Windows compatibility is at the moment? I'm having trouble finding what parts of it currently don't work on Windows.