The Register explains security within the context of the average user. Talking to a professor who gets a lot of non-technical computer users in his classes, we see some revealing answers to what most technical folks think are simple questions:
"Do you update your anti-virus software regularly?" I'll ask them. Most look at me as though I'd just asked them if they refloozle their hossenblobbets with tinklewickets. A few will tentatively volunteer a timid, "I ... think so?" Some are willing to admit that they don't even have anti-virus software. At least they're sure.
"Do you run Windows Update regularly?" I'll ask next. Hmmm ... those hossenblobbets really do need refloozling. Some state that yes, they do run Windows Update, but they have no idea what it is doing to their computer, so they just agree to everything and assume it's all good. Most say they've never done it once, if they even know what it is.
"Do you have DSL or a cable modem at home?" is my next question. Ah, finally! A question they can all answer. They know the answer to this one! About half usually have some sort of broadband connection, and they are enthusiastic in their answers: "Yes, I do! You betcha! Love it!"
"Great!" I continue. "Do you have personal firewall software running on your computer? Do you have a router/firewall so your Windows machine isn't directly connected to the Internet? Did you remember to turn off file and printer sharing if your Windows machine is directly connected to the Internet?" A pause ... and we're right back to hossenblobbets and tinklewickets.
It's enough to make someone who cares about security throw up his hands in frustration and just give up.
Here's the great disconnect between most technical users and the people who just want to use computers as a tool. Most people look at a PC the same way they look at a piece of stereo equipment or the TV - they plug it in, and they want it to just work. If there's any user interaction at all, they want it on - at most - the level of interaction they have with a ReplayTV or VCR. You simply cannot expect average users to deal with firewalls, security updates, etc. I know I've posted before that having Windows Update on by default would drive me nuts - but I think it's probably the right answer (so long as it could be disabled manually - most people wouldn't bother).
It's worse than that though. For way too many years now, Windows has been shipping with the defaults set to wide open. Maybe that was excusable through Windows 95 - but by Win 98, ME, and 2000? And XP? This is why there are so many zombies out there sending spam and viruses - because these systems have been shipped in what amounts to a broken state, and the unsurprising has happened - they've been compromised. In most cases, the infections won't clear until those systems are junked and replaced with new systems (presuming that the security defaults for those new systems are reasonable).
Next time one of your non-tech friends asks for system advice, suggest a Mac. You'll be doing the entire world a favor.