Re: Oh, like the average muddlehead has a choice!
A neighbor of mine, back in the late 1990s, bought himself a computer, and I helped him get set up with the Internet connection and all that. So he's browsing around the web, and there's a banner ad claiming that he has mail. So he clicks on that and lo and behold, the browser jumps to a site that he didn't actually want to visit. Well, duh!
Yeah, I just removed 17 different bits of malware from my neighbours laptop, as it had finally ceased to function.
But the muddlehead is going to keep clicking on crap, because they are muddleheads, and all they've got to use is a crappy OS.
Thing is, my neighbour is a carpenter, not a techie. He's not supposed to understand how botnets work or malware spreads. Or is it your view that only car mechanics should be allowed to drive?
If it's the job of the police to secure the net, then it's the responsibility of Microsoft, et alia, to write good and secure software. And Microsoft and the rest should be fined, and hard, for not doing it! Using best practices means actually using best practices! Not publishing a book about it, and then writing the biggest bunch of crap code I've seen.
Microsoft have made massive strides forward in security terms, over the past ten years or so, but yes, there is further to go. Given Java is responsible for most exploits last year though, there's only so much they can do.
If we took the view that UK law has global reach (bear with me), and set a mandatory jail sentance of one week per machine compromised, we could go a long way to eliminating the problem. Sure, some people will continue because they'll think they're safe, but the first teenager jailed for 10,000 years will curb their enthusiasm for exploits.