Software makers need to make their products less vulnerable. In some cases, this requires line-by-line inspection and retooling of code. They also need to automate systems for bulletproofing programs once installed.
The feds already write guidelines to make government PCs more secure, but agencies need to put them into practice faster and plug holes. The government also should require suppliers to build protections into their products, as well as automatic upgrades -- or risk losing lucrative contracts.
It's not enough to buy security software. Companies should continuously update their defenses and train employees to avoid unwittingly letting viruses in -- either by clicking on mysterious e-mail attachments or doing unauthorized Web surfing.
Home PCs should have anti-virus software. But consumers must frequently download protections against new viruses and patches that close vulnerabilities. Some of the latest software includes automatic Internet updates -- but users must take time to install them.