To me, it appears that the problem of security on the desktop will require two simultaneous changes. First, all software vendors--but most especially Microsoft--have to heed Bob Evan's call (see "Secure Computing Must Move To The Front") and step up to the challenge of producing code that actually delivers a high level of intrinsic security.
But second, we have to do our part. In the short term, that means deploying a desktop firewall and an antivirus tool on every PC, and keeping all PCs up to date with existing security patches--no excuses, no griping about cost, no finger-pointing. It simply has to be done. Yes, the costs are real, but so are the payoffs: These steps, by themselves, yield acceptable levels of security even with current software products, and totally prevent problems like the Blaster worm.
Looking further ahead, we all have to be open to change. We must be willing to abandon older software so we're not dragging along decade-old problems and inadequacies into new generations of software. And we need to vote with our dollars and reward vendors who deliver--and not just talk about--secure software.
But what's your take? Is responsibility for security shared between vendors and end users, as I suggest, or is it mainly a vendor problem? If someone said, "I can give you virtually hacker-proof software, but it will require that you toss all your current software," would you do it? Would your company? Do you prefer an incremental approach to improving security, even if that takes longer? What steps do you currently take to keep safe your own PC and the PCs you're responsible for? Join in the discussion!