My two (and a half) cents. 1. Systems that need a firewall, antivirus and antispyware software added on to survive for more than a few minutes SHOULD NOT BE CONNECTED TO THE INTERNET IN THE FIRST PLACE. They're simply not good enough. It's like bringing a knife to a gunfight. (nod to Mr. Connery) 2. The idea that you can run a program on a known-compromised OS and count on that program to detect and/or remove the problem is fundamentally flawed. The only way to have much confidence in the former is to boot from a known-UNcompromised OS and run it from there; the only way to have some confidence in the latter is to wipe the drives and start over. And there are still ways that both of these can fail (e.g., sufficiently clever malware which hides from the first and manages to survive the second by concealing itself in restored data). Hitting the "scan and disinfect" button or whatever they call it this week is well on its way to becoming a NOOP. 3. Banks, credit card companies, and numerous online merchants have trained their users to be excellent phish victims by training them to read their mail with a web browser. Anyone who is serious about stopping phishing will stop sending mail marked up with HTML. 4. Network operators need to be far more proactive about keeping Bad Stuff from *leaving* their networks. (After all, if it can be be detected inbound to X's network, then in most cases it can be detected outbound from Y's -- the exceptions being things like slow, highly distributed attacks which originate nowhere and everywhere.) 5. I have no sympathy for anyone who still uses the IE and/or Outlook malware-and-exploit-propagation-engines-disguised-as-applications. Not that the alternatives are panaceas -- of course they're not -- but at least they're a big step away from two of the primary compromise vectors. I figure little, if anything, substantive will be done about 1-4, but I have some hope that 5 is simple enough that sufficient repetition will eventually have some effect. ---Rsk