I think alot of the problems may be down to the ease of obtaining the information needed as well as the fact that to run certain programs you have to be logged on as an administrator.
That is ok for those users with technical savey who can quite hapily run as mutiple users as necessary there are users however who struggle with the computing basics.
I work for a small software house and the number of people who complained after all passwords were forced to be in what is considered to be a strong format was rather high. i am currently looking in to how to write secure .Net applications, while I understand some of what is written I dont really understand where in the code the various attributes go. I am also having difficulty with the key management side of things as if several users need to encrypt/ decrypt the same date before it is stored in the database they will all need the same key, while it appears possible by using DAPI if they are all using the same PC I am not sure how its possible if they all use different PC's. I am personally looking to achieve a pass for 70-340 but still feel I have alot to understand before I can get there.
So if we in the IT industry cannot get the information we need to write secure applications what hope is there of PC's being secure?