What FTP protocol / package do web hosting companies use?

I recently ran into an odd problem.

A friend of mine hired a website designer for his company. He asked for my recommendation regarding a tool to allow the web designer to perform secure file transfers so that he can update the website. Since he was involved with Windows 2003, my immediate recommendation was to enable webdav, that it and the good old "Open as web folder" trick worked fine. However, the web developer was out of luck. He was working on Vista, and they removed the "Open as Web Folder" option from IE and also made it painfully difficult to use webdav in general. Another issue was that the sire certificate had expired and all the other third party webdav solutions I tried did not allow me to ignore this fact.so he provided webdav not a good method in general for transferring files to outside contractors.

I guess no one would consider traditional FTP as it is inherently insecure and requires 2 ports, which is a pin in the ass to start with

I also appreciated SCP / SFTP which are ssh based. This is fine, but without jail chroot, they give access to the entire filesystem. This was true for Linux, but it appears to be true for cygwin based opensh installations.

The last one I tried was FileZilla. Being a fairly advanced FTP server, it does not seem to offer any SCP / SFTP server functionality. It allows FTP over SSH, but you need to buy a certificate again to do this. Or generate yours, but then you have to get your contractor to trust your root, unsecured parameter again.

I think we come to the question: what tool do people use for their web hosting contractors (windows or linux) to allow controlled secure file transfers?