People Patching: Is User Education of Any Use at All?

In general, the anti-malware community splits dramatically into two camps when it comes to the evergreen debate about the effectiveness of user education and security awareness as a protective measure. One camp argues that "If education was of any use, it would have worked by now": the other says that "Education is key" and "one can't fix social problems with technological solutions". There are two extremes of viewpoint held in security, whether from a corporate management point of view, or from the more rarified atmosphere of academia or practical security research. In the red corner, the "Education isn't going to work as a security measure because it never has yet" argument: in the blue corner, the view that education is a key component of security strategy.