Addendum to my earlier comment:

There is another drawback to "Blame the Users" cures.

Some users -- whether

<1> because of inability to understand and properly apply the security Patches; or

<2> because of fear of polluting their systems via unknown side-effects of security patches; or

<3> out of desire to put one over on the big companies; or

<4> out of careless disregard for their own and others' online security;

-- indeed some users will not conscientiously apply security Patches in a thorough and timely manner.

The system needs safeguards to minimize vulnerability to infections of that residue of still-vulnerable users.

Perhaps some antibody scheme might work, such as attaching appropriately-signed "SAFE" and "WARNING" flags to messages and packets thereof, that are coming, respectively, from properly-protected computers vs. recognized compromised computers {which would have been cut off automatically by Winkler's "cure"}. Such flags could be checked by firewalls upon reception. Alerts could be presented to Users who might otherwise accept harmful data -- indications that real risk has been identified, rather than the feeble "DO YOU KNOW YOUR SENDER?" pop-ups.

Similar warnings can be returned by webmasters to the message/data origins -- to alert the comprised system's users of the identified damage in their system -- along with Warning that they may become partially responsible for harm to others resulting from their unprotected, compromised system. -- More work for the internet infrastructure, but more effective and less draconian protective messures.

P.S. NOTE TO BLOG EDITOR:
_______ Having written and posted the earlier part of this comment, I now get an "ACCESS DENIED for This Page" notice when I try to reread my own comment.

___Why?______________________
___ and what can I do about it?
______

Thank you for your attention to this Post-noted issue.