Serverlock, from Watch-guard Technologies, uses 239-bit public key infrastructure (PKI) encryption buried deep in the operating system's kernel to prevent changes to system files.
The product, which works with Windows NT and 2000, uses an old mainframe paradigm whereby the operating system has administrative and operational modes.
In operational mode, administrative features are locked down, blocking access to areas such as the registry files, Web pages and scripts, and any other resources defined by the administrator. In administrative mode, the normal state of the server is restored using encrypted commands to maintain protection when the system would otherwise be vulnerable.
Peter Morgan, Watchguard's vice-president of marketing for server security, said, "By locking down the registry and write-protecting directories containing, for example, executable files, Serverlock prevents damage from viruses and Trojan horses."
Morgan said Microsoft's recent problems with the Qaz Trojan might have been prevented if Serverlock had been fitted.
"Anti-virus software is still an essential part of the total security solution," he said, "but Serverlock greatly reduces the risk, particularly from new viruses, on Windows NT and Windows 2000 desktops or notebooks."
A spokesman for anti-virus company Sophos said that anti-virus software would still be essential. "Although the system could stop some viruses from delivering their payload, the virus would still be resident in memory and could still infect unprotected systems or may possibly cause damage when states are changed in administrative mode."