My very first editor at Rice, Steve Jackson, took O'Reilly's Clue after graduating. Instead of finishing law school he went to his first love, board games, and started a company to make them.

His first hit was called Ogre. (This image is from Goingfaster.com, a gaming enthusiast and Jackson fan.) At a time when the big cost of producing games was making, and printing, all the cardboard game pieces, Steve cut costs in half by having one player take one piece, the Ogre.

In the real world, of course, the Ogre can't win.

With every turn of time, the other side gains more allies. The Ogre remains the Ogre. Even if the Ogre grows, he's not going to out-grow his opponents. The bigger he gets, in fact, the more opponents he draws.

That is just what is happening to Microsoft. No matter how energetic Microsoft may be about stamping out bugs or vulnerabilities, there are a growing number of people on other side gaming things the other way, and allies who are anxious to use the exploits.

But the latest example of this, the img1bbig.gif bug (a keylogger comes in on a pop-up after it's clicked-away, and activates on a banking site) demonstrates that the Ogre principle doesn't just work in software.

As a warning on this bug notes, it "watches for HTTPS (secure) access to URLs of several dozen banking and financial sites in multiple countries." That's a few dozen banks, worldwide, no doubt the biggest.

In other words if you bank at a small bank, you're safe from this pest. If your bank uses non-standard software for online access, you're safe. If your bank isn't an Ogre, you're safe even if you use Internet Explorer.

(Of course, just try and find an ATM out of town...)