ProcessGuard is available only for NT, 2000, XP and 2003.) With ProcessGuard every attempt of any process to access another process is filtered: processes can be either protected, in which case the admin can specify which access attempts (read/modify/terminate etc.) are prevented, or they can be explicitly allowed to perform these operations in case it's necessary and legitimate. Admittedly, this requires a bit of finetuning (although the default set of permissions leaves you at least with a system you can work on). But it is about the only program that I know of that prevents all of the three attacks described above.