HIDS solution for NT4 machines

[bcihak () gmail com]

I work in a large distributed network.  We have several workstations and servers that are running on NT4.  I've been 
tasked with finding some sort of a HIDS (Host based Intrusion Detection System) software solution to protect these 
machines from zero day exploits, worms, and BO's.  I've looked at Cisco, Blink by Eeye, Destop Protector by ISS, and 
Primary Response by Sana Security.  None of these will support anything lower than NT4 SP6a.  My biggest problem is I 
have several machines that are running below SP6a and because of the flaky software running on these machines, I can't 
install SP6a without breaking the app.  Does anyone have any good experience with other products for NT4 
server/workstation below SP6a.

Just a side note, most of these machines will be replaced within 2 years, but that is a long time to leave exposed 
machines on the network.

Thanks!

Bcihak

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------