That is the funniest thing I've read in a long time. Thanks for the laugh.

Very true here. However, most IT departments have more important things to worry about, like making sure the new security patch isn't going to interfere with the CEO's favorite gambling website. Looking for malicious code isn't going to be on any priority lists when a wipe will "solve the problem".

An anti-virus scan will only catch malware that is widespread and has been in the wild for several days. Look how old Stuxnet was before it was detected by A/V. Their are other custom jobs that have gone years without detection as well. The 'paranoia process' would require a forensic examination. A decent forensic triage takes at least 4 hours on a smallish drive. A full examination can take days just to determine if something unusual is present. Than you have to take apart that unusual piece of software just to find out you are chasing down the wrong rabbit hole. This is the kind of work it takes to find the next Stuxnet.

Unless you are in the security industry then some VP is going to look at a poorly done risk assessment, look at the pricetag as overhead, and slash the budget, thinking "that won't happen here" and put down on his next review how many millions he just saved the company. Even in the security industry this isn't done nearly as often as it should.

Their are several well known adages in the IT security field. The most important one is that the usability of a system is inversely proportional to the security of the system. The corollary to this is, the only secure system is the one locked in a safe with no power or internet connection. I've worked cases of documents being stolen from computers which had never been connected to the internet and had all the security bells and whistles. If the computer is required to be capable of running software (kind of important for most users) security holes will be found. No exceptions. The biggest threat I've seen to network security is admins who are overconfident in the security of their network.

For those who don't like to verify there connection themselves can just use Firefox 3.0. If the site really is secure the background of the favicon changes to blue or green depending on how trusted the certificate is. So when the background of the padlock doesn't change color you will know it is fake.

Taiwan is not governed by the PRC in any way.

That depends on whether you are asking a Chinese or a Taiwanese.

I'm sure it wouldn't require too much sophistication to replace the blood with injected dye after using a cheap sealant on the severed end.