I have software, to protect my software, to protect my software,etc.

The masses deeply despised nobility.... Are you noble?
Better hold on to your head with both hands if you are... ask Marie Antoinette!
Too bad they did away with that technology... Probably the most Humane all things considered. Very effective... To my knowledge, It never failed to provide the desired result on first attempt!

 

Ok, so back on subject...
Since having practically nothing used as protection works.... or having more than one applications to defend oneself is overkill...

Then How does one explain that a group of 17 hackers can successfully manage to infect millions of computer for inclusions into a botnet? across the globe... They had a nice little operation going there I must say. ($17 Millions in damages... Ouch!) and it's an under estimate.

Here is one brand new group busted right here in the great white north! (Vive Le Quebec Hacked! ).
http://www.itworldcanada.com/Pages/Docbase/ViewArticle.aspx?id=idgml-f68da310-1e34-4dc3&sub=372351

 

Given the populations of those countries, these numbers represent extremely small percentages of infected pc's.

 

That is probably because the cops only have fragmented idea of the actuals...
As they say in the article they have a large stack of hard disk they must do forensics on to figure out what the heck was really going on...
Besides, this is just a tiny local group acting in tandem... Can you just imagine what's out there?

 

The bit I like is:

"Although the security technology is necessary, Haro acknowledged the need for processes given that endpoint security is still very much a user behavioural issue."

My spin is that the correlation between security or lack of it and infection or lack of it is nowhere near as great as many would think. My guess is that there are some who are able to get infected simply by logging on and others are able to surf without using the usual security programs and not get infected. Any theory or model which tries to explain how infection spreads will probably find that user behaviour is the key and that how many security programs a user has or doesn't have explains very little.

 

And u call it only?

I have come down to three security applications from five. I am trying to cut it down to two or even one.

 

Long View

You get no argument from me on this, I would say for the majority of infections However this trend seem to be changing rather dramatically as some of the most sophisticated infections are now sourced to legitimate business web sites.

This is a reality that will buck the trend further as the user population gets more savvy, you can be assured the target will be more focused...

On my web site for example we track every visitor that tries to manually scan or run an automated bot scanning for embedded script vulnerabilities in order to exploit them... They are using sophisticated web crawlers similar to search engine crawlers and they look very effective. All I can tell you is that a lot are trying daily everywhere not just my site... Unfortunately many sites are not as sophisticated using appropriate defenses, rendering them even more vulnerable. As for my site,their target in most case is almost entirely focused on script based vulnerabilities. Mostly code Injection attempts, and so far very few SQL Injections at least in my case, but they are still very focused, and I'm sure it must be working in many places as I do recognize their targets as being good targets of opportunities, and easily exploited when I look at the scripts they are trying to exploit, crack or inject... I am certain this phenomenon will continue to expand as time goes as it will probably become one of the primary attack vectors in the future if it's not already...

I would bet, mostly because many who put up websites have no idea what they are doing, thus creating many vulnerabilities as they are often using free down loadable scripts they do not really understand code wise, and making them even more available via increased SEO efforts!

Under these circumstance, as a casual browser how does one know site A is ok compared to site B?

 

You can have each user review the underlying code before allowing access to the webpage, but that means each user must be competent in understanding webpage code layout which may be asking too much (as well as slowing down the entire online experience).

 

Right, This is asking too much of most anyone so this is why I make the recommendations on my web site to use firefox with noscritp... and relating more to your answer, to combine that with Linkscanner Pro and Siteadvisor...

Note: I read somewhere that less than 5 % of web sites are monitored by an anti exploit system by the developers... Think of the implications