Jeff Atwood recently wrote an entry about the Fake User Interface (FUI), and how spammers use it to install spyware on unsuspecting user's PCs.
- Spammers will always innovate, and
- Users will do whatever is necessary to continue doing whatever they originally were doing.
Going off Jeff's original example: if a user is searching for information on lilies, and is presented with a warning page saying they have a virus, generally, they will download the program and run it, with the expectation they can eventually get back to their lilies.
The problem is that we expect the general user to manage their own PC, when in reality, they have no idea what they're doing. We don't expect everyone to be able to service their own car, so why do we expect everyone to be able to service their own PC?
The solution then is obvious -- and it's what corporations have been doing for a decade now: a managed PC solution.
You deliver the user a strictly locked down PC. No installing applications -- perhaps, even no running of applications not on a whitelist. They can download MP3s and videos fine, but that stray executable they download is effectively neutered. The important thing here is the user does not have administrator access to their PC. They don't even know the password. Want to install an application? File a support request.
I already do this for my dad; and his PCs generally run stably, virus- and spyware-free for years on end. And there's not even a virus scanner installed! Compare this to my sister's computer (where she has admin), and you see the stark contrast. Her PCs generally last 6-8 months before they contract something.