I gave up after about 12 pages of replies. Is there a catch somewhere? While I'm interested in computer security, I don't know enough to understand everything going on there. I do get the feeling like it's mostly the server OS's that should worry, since their 'tools' seem to be targeted by this rootkit.
Anyhow, for desktops SSHD is often unneeded (and disabled by default in VL), I reckon most of our users should be fine.