One significant contributing factor to the lack of care or clue by mid and large size ISPs is the level 1 helldesk. I do not intend to insult anybody who is doing level 1 support, but you are not going to find people with serious network engineering expertise for $12/hour (or when outsourcing tech support for $5/hour to India). Far too many layer 1 people have to deal with clueless users who call in saying "Your mail server is haxxxing my firewall!". How do you seperate the legitimate abuse complaints from the chaff? That said, if somebody has a fast connection, hand-holding them through the process of using Windows Update by phone isn't terribly difficult. I think one of the smartest things a DSL/Cable ISP could do is negotiate a bulk license purchase with an anti-virus software vendor such as Kaspersky (makers of AVP), which can provide licenses for as little as $10 each in bulk. Is $10 per customer per year too much to pay for comprehensive auto-updating virus-scanning of client PCs?
1) Summarily fencing/sandboxing/disconnecting clients sending high volumes of spam, virii, etc. You might politely contact your commercial/static clients first, but anyone connecting a "bare" PC on a broadband circuit is too stupid to deserve coddling. The great majority of your clients would thank you profusely.
So far as I can see, detection of serious abusers should pretty straightforward. It wouldn't require any pretense at spam or virus filtering, per se; just pick off the clients that are flagrant sources of the plague of the month.