In today's world, the users _are_ the biggest liability to security, but the fact of the matter is that Microsoft's design architecture allows for much bigger holes than it should. So many of their programs required admin access to run, didn't restrict access to any other folders, use virtual memory that is simply a file like any other on the hard drive, and allows direct kernel access to the WEB BROWSER. Some of this has been improved, but these aren't anything a user can do anything about. These are design issues with a direct bearing on security.

Microsoft has been marketing their products intentionally to all users, then relying on the PC manufacturers to provide technical support, yet there is no training anyone is providing for basic users on how to really "use" a PC. Is this Microsoft's fault, I don't know, but if Microsoft were serious about security, they wouldn't place the users in a position to be compromised with their security architecture.