In Windows, that's not going to happen. The rootkit vulnerabilities go to the core of Windows. They're not just bugs; they're flaws in Windows' basic design. Waiting for Microsoft to fix them is pointless. Microsoft doesn't have a fix, at least not short of entirely ripping out and replacing the guts of Windows.

And the only trade-off is that we foot the bill for Microsoft's years of failure to secure Windows.

Yes, some rootkits will be blocked by tighter security in Vista when it finally arrives -- but not all rootkits. The soonest we can hope for a completely rearchitected, rootkit-proof Windows is literally years from now. And Microsoft has yet to promise anything like that.

Meanwhile, we don't have just one work-around for the rootkit problem. We can actually try three different approaches.

Option A: Nuke and restore. You can automate the process. It might even become smooth -- for IT. But don't underestimate the cost in lost productivity for users, who'll still have to adjust settings, rebuild their desktops and shortcuts, and re-install their own applications (yes, they have them, even if they don't tell IT about them).