This does not mean we should NAT everything, since I use some of those
protocols. But if every Joe User had a DLink NAT box in front of his
Winbloze box, the Internet would be a safer place. And you know it.

You're forgetting Rob Thomas's peripatetic presentation in Chicago.
Not to mention the guy whose SSH session was outed by a keylogger.
Check http://www.safer-networking.org/ for more on spyware and
trojans. If this was the only way the black hats could wreak havoc
then we would be seeing a lot more of it.

I think that the only thing which will make the Internet a safer place
is time and hard work. We have to put in the effort to address *ALL* the
weaknesses until we've raised the bar so high that only the toughest
black hats have the time, skills and energy to break the weakest link.

--Michael Dillon

After having read many of these posts I realized there are chips out there now,
oboard that do last mile protection at the gate level which eliminates any of
this and the products can come preconfigured for this or not depends on what
you want to pay for…