I wrote this for StopBadWare who are well supported & backed by some of the major players (Google etc.), thought I should make the arguement about what are the major players doing to prevent the BadWare / Malware getting to the PC in the first place. Any comments?

Only become recently aware of StopBadWare and as a victim of badware / malware (like most of us) more than willing to become an activist.
However in developing approaches to stopping badware and looking through the posts within this forum there is very little mention of the other side of the coin, i.e. the prevention of badware even getting onto a pc in the first place?

As a professional & elder geek I do have some sympathy to the average webmaster and those on the hosting side, for example the pleas of some of the webmasters within this forum. All I would recommend anyone to do is take a look at a really interesting web site http://www.zone-h.org which provides a global report on digital attacks, so far 2,255,044 reported web site hacks in their archive and a 1,000 + a week and growing. A report from a few days ago even showed the Microsoft IEAK (Internet Explorer Administration Kit) website was a victim of defacement. I defy anyone not to come away from that site without a sense of depression about the world wide size of the problem(s) for us all. So if anyone thinks the problem resides only with overzealous web masters we are in a fool's paradise, it is my bet that much of the badware is actually applied by the pro hackers without the webmaster's or hosts knowledge.

This leads me to the main issue i.e. prevention, to assist in describing this I will use some of the examples of a very recent personal BadWare horror story to highlight this area, I will not fully describe my incident within this post, I will follow up later, because on this assault I was so personally incensed I am spending the time doing the forensic work as to how and who caused my problem, and it has already unearthed some very disturbing chain of either deliberate or possibly unwitting collaboration.

So the incident commenced with the usual symptoms a very fast, highly tuned PC with triple banked firewalls, two levels of anti virus, etc.
etc., starts to lose speed, processor working flat out, Internet Explorer starts to freeze up regularly. So I soon realize I have an uninvited guest.

First stage - to determine what processes are actually running, I use a very simple and reliable utility "Security Task Manager" to find out and provide description, as there is nothing within Windows XP for the user that has this capability. Yes and there it is a hidden process in memory (dll) that is attaching itself to IE for redirection & pop up purposes. Now fast forwarding to stage 17 and 3 days later via related rootkit removal and all sorts of exciting time consuming tasks I won!
That is exactly the real problem why did I have to go through this in the first place? Let us now examine a few examples with demonstrate the other side of the coin that has emerged from the forensics, and I hope none of the companies mentioned will take offence.

Google - A great fan, but back to the micro level of my problem they set a poor example. I use Google Web Accelerator which does a great job but on any process investigation the Google Accelerator files actually are flagged as potentially dangerous hidden files and code within to avoid firewall detection, with no digital certification or evidence they actually are from Google. Some of the worst viruses and trojans use "win..." or "hp..." to avoid simple detection, so by using "google..." within a file name is not good enough.

Symantec - Long time user of Norton (even when it was really Peter
Norton) once into the problem discovered the Norton anti-virus had actually quarantined one of the related files a week or so before. On checking logs the some of the symptoms had been recorded but there was no flagging of this to me the user. Also it had not detected the other trojans or the related root kit(s).

Microsoft - Surprisingly the real nasty had a digital certificate (which now appears fraudulent) but discovered 3 / 4 of the related files had no certification, and if I understand it correctly they are required to have this to be able to operate. However the IE browser allowed itself to be hooked, now that is my choice in theory as I can use the settings to prevent add-ons or active X. After the problem in a spate of paranoia I did just that, however after about 2 out of 3 web sites not even opening I had to reset back to a medium level.

Adobe - I could go on, but these examples will suffice.

The examples demonstrate to me that this "prevention" approach to the problem must also be part of the StopBadWare solution and that is really in the hands of the big boys to provide us, the users, with products, services, and tools that allow flexibility but also "prevent".

The leaders of the industry have a major task to show leadership in preventing the problem in the first place and applying to the core security niceties of at least ensuring any of their products demonstrate good practice to the rest of us mortals. Just to end with a little humorous cynicism, as Google are correctly now acting to at least highlight potential BadWare web sites I assume they are not still taking revenues for ad-words campaigns from them?