Ohh.... stuff
At home we each have a PC plus I have a server under the stairs. All machines are windows except the server as I'd never connect a windows box directly to the internet. The ADSL uses a router not a modem. My machine and the other 1/2's machine are directly NAT'd to the net through the router, the kids' PC's are routed through the Linux box which forces them to go through Squid proxy, denying any URL's I don't want them to access. The Linux box destroys any open network connections from the kids' machines at 9pm every night and Squid rejects new connections from 9pm to 9am except weekends.
We run Thunderbird and Firefox (IE and Lookout Express are banned), every 'doze machine runs Zone Alarm and no machine trusts any other machine other than the Linux server. Other than these restrictions everyone has free reign on the LAN/Intarweb to do what they want. In 7 years I've only ever found one virus that was unable to propagate due to the zero trust rule. I destroyed that virus with the (imho) great Trend Micro free online checker (housecall.trendmicro.com).
I find it ironic to the point of fraud that MS distribute an antivirus program for their own OS, never mind how useless it actually is. I've known McAfee installations to miss 80% of viruses on various machines that were later diagnosed to have dozens of nasties on them.
Ban ADSL modems, make everything go through a router that drops all incoming connections and restricts outbound to the more common ports like http, pop3, imap, ftp, etc as the default config. If you understand how to manage a router then you probably know what ports you need open.
"Windows is what computers run, in the same way as IE is the Internet." If you believe the w3schools stats only about 56% of people use IE6 or IE7 with Firefox now being just over 1/3rd of browsers in use (about the same as IE6). Windows is what most USERS run, there's a lot of servers out there sat on the internet that don't run windows, most of those that are compromised are because numpties install e.g. BBS software with well known vulns in them.
Agree completely that ISP's taking some form of action against malware traffic would greatly reduce their bandwidth bills, there must be some 'implementation' cost in doing it that stops them.