The solution is, in concept, incredibly simple. Operating systems and applications that accept infected files without question, that try to do too much for the user and as a result end up making disastrous decisions that leave us vulnerable; users who are trained by security nagware to just click “OK” or “Yes” all the time without thinking about it; systems that impose no effective privilege speparation: these are all part of the problem that could very easily be swept away, if we but had the will and determination to do so. Users who insist on using such software are part of the problem, whether they mean to be or not. If users on the whole could be elevated above such thoughtless acceptance of poor security practices, we would have taken significant steps toward solving the malware problem. Add to this a culture of secure software development, where software vendors no longer pushed such security opiates, and the malware problem would all but disappear.

Instead, we are plagued by “convenient” software development, by people who have never encountered secure development techniques, giving us “security” by constantly nagging us with unnecessary questions that ultimately train us to just approve everything, and by operating systems that allow applications to access pretty much whatever the heck they want to. It’s really easy to solve the problem of vulnerability to malware, if we but make the effort, if we only care enough to bother. There is software in the world that is significantly hardened against such threats, even without being inconvenient to use, but we must choose to use it.