[vacri]

Given that he's going to the level of preferring a store-bought USB stick over one found in a parking lot, it shows he's concerned about transferring malware. Not using the OS for which the most malware exists seems like a sensible choice.

After all, if you're going to all this trouble and inconveniencing yourself in the name of security, what's a touch more inconvenience with using an operating system that you're less user-friendly with?

[danielweber]

Who is your threat? Are you worried about a spray-and-pray attacker who just dumps a bunch of malware out there? Or are you worried about being specifically targeted by someone who wants your stuff?

In the first case, a USB key bought at a big box store might be full of malware. In the second case, the big box store is the perfect place to buy something, as long as it's not the store where you always buy stuff, because the APT wants to keep his profile small.

[Zigurd]

That's a good point. But at the level this game is being played, I'm not sure if there is a difference. Schneier has made himself a high value target, so in the FOXACID hierarchy of exploits, he is worth risking the use of an expensively bought or developed zero-day exploit.