Every time I read an article about information security I'm reminded how counterintuitive computing is for most people. "Trust nothing" is not natural for humans, but it's the only safe strategy for the internet.
For a long time I've been telling people that computing platforms tend to be built by and for experts. Nowhere is this clearer than in the world of IT infrastructure. Developers don't want to be burdened with IT operations, so infrastructure developers created environments that allow these "special" users to focus on their specific tasks and goals. If only normal IT users had it so good.
An analogy that I like to use is aviation. I learned to fly in the 80s, when there was only a single plane that could be considered "modern", the Mooney Porsche PFM. Then, as now, general aviation planes used manual engine controls - leaning the fuel mixture and adjusting the propeller speed with discrete manual controls. This is similar to where we are with end-user IT today. The controls that allow safe and secure computing are there, but they require manual manipulation, which requires quite a bit of experience and knowledge.
Eventually, I hope, the developers of end-user systems will stop thinking like computer experts and start thinking like their customers. Only then will we get safe and secure computing for everyone.
The innocent foundations of many computer systems remain a source for concern. So does the innocence of many users. Send enough people an innocuous-looking e-mail that asks for passwords or contains what look like data, but is in fact a crafty set of instructions, and you have a good chance that someone will click on something that they should not have done