Do you like the idea of "hardening" a host by installing a host intrusion prevention system (HIPS)? Dailydave list has this fun discussion on the value (and hackability of HIPS), check it out. Here is one take on it - patching is more useful than HIPS:
Fwd: [Dailydave] RE: We have the enemy, and the enemy is... you: "Verdict [on HIPS]:
Don't buy them! Don't spend the time and the energy to get them to work
for your enterprise. There are several reasons for me to say this but i
would like to first start offering you the alternative.
Pay attention to what MSFT is doing!"
Others violently disagree...