[etiam]

This is a fair point, but I find that in practice I usually need something more like a probability assessment to act on, or better information about mechanisms.

Disambiguating information such as 'the flash component reloading normally occurs under condition X and Y, you guys may have been compromised but you'll have to decide if that's more plausible than X or Y' or technical constraints like 'to pull off exploit delivery that way an attacker would have to P, Q and R. If they did it should leave traces in S which you could try to check by doing T' would be a real help.

I'm certainly not disagreeing in theory with taking a pessimistic view on the security of any networked machine, but unfortunately that's way too restrictive as basis for action in most situations.