I stand corrected "regprot.exe" is the gismo that runs in the background and monitors what is going on. Mine is currently using 120k of RAM, so it is very light on resource.

I have not had any problems with MS updates. OK you get warnings, but as you know you are installing/updating you just click OK. At least it proves that the software is "on its toes" and you have had a second chance to make up your mind.

I tend to take the arbitrary view that anything that requires more than half a dozen registry entries is probably pretty lousy software anyway, so I take a positive view of the warnings.

Another "good idea"..in my humble opinion, is software that intercepts the running of scripts, and warns you if you might be about to launch an executable from the net. I use "Script Defender" from AnalogX, and "Scrip Trap", by Robin Keir. You may find the latter slightly over the top because it warns you about Word and Excel documents (they may contain a macro virus), but it will interface with your AV software product to let you scan suspicious items "on the fly".

I also like "Winsonar" which monitors for new programs running in the background (like trojans for example). You can then add them to the list of "good guys" and they will be ignored, or you sort out your problem.

You are quite correct about social engineering, but a lot of it is down to people's gullibility. MAJOR SOFTWARE COMPANIES DO NOT MAIL YOU UPDATES....if you are lucky you get a mass mailed advisory that an update is available from their website, or the software has an auto-update facility.

Another point is that major software houses know how to check spelling and grammar. In your example, "Devision" should be "division" and "attatchment" should be "attachment"

If in doubt go to the software supplier's website and your AV providers site to check that anything you receive unsolicitedly is genuine.

Be safe