While I agree with Bruce Schneier that a shift in approach to dealing with fraudulent online transactions is necessary (The End, SC May), he fails to address an important fact about today's online world: most websites hosting malicious code are, in fact, legitimate.

Counterfeit websites working to craftily steal users' personal details and passwords are undoubtedly a serious problem, but research shows that a whopping 70 per cent of web-based malware is being hosted on innocent but exploited websites.

The consumer assumes that a genuine website must be safe from cyber attack, but many sites are not because their owners are failing to properly maintain them and keep up to date with patches.

It is the responsibility of web-hosting companies, as well as the businesses selling goods or services online, to guarantee the safety of their sites and protect users.

Graham Cluley, senior technology consultant, Sophos.