I subscribe to Consumers Union's magazine Consumer Reports. The June 2010 issue has an article on computer security. (Note that the on line article is a teaser for the dead tree version, which is only available to subscribers.) Some of the statistics are interesting.
Much of the article goes on to discuss security on facebook. For all I know, it's good advice. I don't use farcebook, so I wouldn't know.
Associated is an article on computer security software: McAffee, Norton, etc., and rating them. The article actually mentions two free programs and gives them high ratings, the only CR Best Buy ratings in the lot: Avira Personal 9 and Microsoft Security Essentials. However, CR neglected to report that the second requires Genuine Windows, formerly Genuine Windows Advantage, definitely a strike against it.
But I wonder…. For one thing, I missed the magic word in the articles: Linux. Linux is a much more secure operating system than Windows. If you are getting ready to replace a computer, you can often extend its life by putting Linux on it: Linux is usually much less resource intensive than Windows.
For another thing, do people replace a computer solely because it is infested with malware? That doesn't sound like the best advice. Short of replacing it, you could disinfect it. If that fails, you could re-install the OS or put Linux on it. So maybe that's 2.1 million computers the owners were getting ready to replace anyway, and the malware accelerated the decision?
In my 30 years of dealing with computers, I've been hit by malware once, count it, once. It was my own dang fault: it was late and I wasn't thinking clearly, and it came in an email which claimed to be from Microsoft, and I was working for Microsoft at the time. Oops. Since I finished working there, I've switched entirely to free and open source software, and don't regret it in the least.
By neglecting to mention the magic word, CR once again flubbed its remit to help consumers protect themselves by offering all the alternatives.