is it possible for a rootkit to be installed if its driver is blocked from installing, or are there other methods for rootkits to install themselves? i am using windows xp professional sp3. with this in mind, i am looking for a free hips right now to protect against rootkits. i do not care about anything else except this one feature (and keylogging protection i suppose, but most of the top hips seem to have keylogger protection built in already). i know plenty of experts frequent this forum, so does anybody have any suggestions? i tried most of the top programs at matousec here: http://www.matousec.com/projects/proactive-security-challenge/results.php here are my thoughts on the free ones or trial versions of the paid ones, with the limited knowledge i have - kaspersky: has a secret whitelist that you cannot disable according to a moderator on kaspersky's forums. zemana's keylogger test is on this whitelist. i do not want to use a program that has a whitelist i cannot control. online armor free: does it stop driver loading? i couldn't find the option anywhere. if this feature does exist, you would have to enable or disable it for every program. you cannot simply enable or disable the detection of driver loading for all programs by having certain boxes checked like in eqsecure and comodo. comodo: comodo allowed drivers through! see this thread: https://www.wilderssecurity.com/showthread.php?t=250833 otherwise it would be perfect. outpost free: outpost greatly increases my fan speed. a quick analysis using the open source program process hacker ( http://sourceforge.net/projects/processhacker/ ) shows that the i/o is close to 300 kb/sec! this creates a lot of fan noise and slows down my computer. otherwise it would be fine, but i haven't been able to test its other features because of this problem. i imagine the paid version probably has the same problem. pc tools: this firewall fails all the keylogger tests. this is unacceptable. eset smart security: great virus scanner, but the firewall part provides no protection at all against rootkits. it just filters internet traffic and does nothing against driver installation. zonealarm pro: failed to stop a number of drivers that eqsecure caught. i am extremely tired from all this testing and i am sorely disappointed that there is not a single hips product i have found that is able to catch all the drivers that eqsecure 3.41 has been able to catch. please help! i want to use a product that is currently being developed and has at least some keylogger protection. i am at my wit's end!