Help the users
"Six weeks after it was all up and running, the idiot clicked an email." (from an earlier comment); and there was another about a lady clicking on some game.
Clicking on stuff is what a mouse is for isn't it?
Please stop sneering at the customers/clients/users - help them.
I'm not a dev/sys admin or whatever. I've registered here as a user interested in understanding more about datacentres/cyber security but as a generalist not an expert. I am glad I did because I am getting aware more about this bad stuff. It's not if bad things will happen, it's when.
People (users, me) have no idea - and about half of them have an IQ lower than their body temperature - yet they are allowed to use computers, drive trucks, cars, planes.
If Microsoft can do the top right X not closing but agreeing trick then the really bad guys are going to have worse tricks.
Is there a solution?
I don't know - perhaps concentrating anti malware effort at the internet ISP level - because that's a sort of data funnel. A billion users can't be made malware savvy, but a few thousand ISPs can, maybe?
A PC/phone/tablet should be tool or a toy not a way to blow up your own company or whatever.