Bruce Schneier is quite perceptive in his article about the Sony rootkit debacle. His main point is that anti-virus companies should have known (and probably did know) about how this nasty little exploit was spreading, but it was only after it became a publicized issue that they started classifying it as dangerous and removing it.
Symantec's response to the rootkit has, to put it kindly, evolved. At first the company didn't consider XCP malware at all. It wasn't until Nov. 11 that Symantec posted a tool to remove the cloaking. As of Nov. 15, it is still wishy-washy about it, explaining that "this rootkit was designed to hide a legitimate application, but it can be used to hide other objects, including malicious software."
The only thing that makes this rootkit legitimate is that a multinational corporation put it on your computer, not a criminal organization.
I used to at least try to recommend something when my 'doze-using friends would ask for advice on how to protect their machines. But now I'm not sure that I can do so in good conscience.
On a different note, I got set up with the Gizmo project. I've tried out Skype and wasn't terribly impressed with their client, but what really turned me off was the fact that their communications protocol is completely closed. (Kind of like the way email used to be closed when Compuserve users couldn't email AOL users or Delphi users and vice versa.) Gizmo uses SIP, which interoperates with most other VOIP providers free. (More details about why open networks are good.)
It's not perfect; running a separate program just for voice is a bit annoying. But it'll do until Gaim 2.0 comes out with all its Summer-of-code goodness. If you want to talk, my screen name is technomancy.
If you're on GNU/Linux and access remote hosts over SSH a lot, sshfs looks to be a lifesaver. Finally I can ditch tramp.