...

It is regularly done with servers connected to the Internet. There is no *COMPUTING* problem or technical problem.

I beg to differ. Yes, it is possible for tech-savvy users to secure their machines pretty effectively. But the level of technical knowledge required to do so is completely out of line with, say, the level of automotive knowledge required to safely operate an automobile.

You need, at minimum, weeks of training in order to safely operate an automobile. But to safely operate on the Internet, you simply open the box, plug the DSL cable into the DSL port of the NAT/firewall/switch/gateway box, plug the brand new unsecured computer into the Ethernet port, and you can now safely operate on the Internet. The technical problem has been solved for a long, long time. The same factors which drive down the cost of computers, have also driven down the cost of NAT/firewall devices to the point where they could actually be integrated right into the PC's hardware.

We know how -people with specialized knowledge- can secure them, not ordinary people - and I submit that we in fact do not know how to clean and validate compromised systems running modern general-purpose operating systems, that the only sane option is re-installation of OS and applications from scratch.

This is an entirely different issue. It's like trying to cure AIDS and syphilis. Maybe prevention is an easier problem to tackle. Condoms are also fairly simple technology that works. --Michael Dillon