I'm all fine with noting that certain products are particularly awful. However, we have to be aware that users are simply not going to be required to go get a CompSci degree specializing in risk management and virus cleansing prior to being allowed to buy a computer. This implies that our operating systems need to be more secure, way more secure, our applications need to be less permissive, probably way less permissive, probably even sandboxed by default, our networks need to be more resilient to threats, ranging from simple things such as BCP38 and automatic detection of certain obvious violations, to more comprehensive things such as mandatory virus scanning by e-mail providers, etc., ... there's a lot that could be done, that most on the technology side of things have been unwilling to commit to.
Great comments Joe, and I agree with you that there is a lot more that can be done and should be done, but there is a main difference with your recount about the auto industry, all those changes were pushed by evolving regulation and changes in the law and enforcement. Going back then to a previous question, do we want more/any regulation ? Cheers Jorge