It's a really complicated question that I will try to sum up in a quick and easy statement:
Virus outbreaks happen largely because of poor administration and dumb users.
There. I said it. I'm guilty as charged. So is pretty much everyone else that has been hit with a virus. The internet isn't friendly, never was, and never will be. You HAVE to take steps to protect yourself.
These steps are pretty simple:
1) Firewalling yourself and preventing internet worms from snooping you and hitting you.
2) Attachment filtering based on attachment type and signature at both the gateway and mail server level.
3) desktop level antivirus and firewall software
4) regular security updates at server and client level
5) not being a dumbass and practicing some responsible email habits
You follow those guidelines and and you'll protect yourself from 99% of the stuff out there. But, since 94% of computer users are lucky enough to barely know how to turn the damn thing on, you can see where the problems start to take place.
It still boggles my mind that some cable providers are STILL discouraging end users from using an internet router. Just this simple step would prevent tens of thousands of home PC's from being hit with internet worms. I know why they don't encourage them (lost revenue from multiple PC's) but still...it's a short sighted philosphy that could have prevented a lot of problems.
Compound that when Microsoft REGULARLY comes out and says "THIS IS PROBLEM...UPDATE YOUR SYSTEMS NOW!"...and people ignore it and what do you know? A couple days later they get slammed with a virus written to take notice of that exploit that was announced. If they had taken the precautions mentioned above, this would be a non-issue.
I know you can't always be on the ball and have the latest and greatest updates, but the simple combination of a personal firewall, local antivirus, and a half ounce of intelligence when it comes to safe email handling a very substantial portion of antiviruses could have been prevented.
