Sure, blame both the software and the vendor when people never place file/sys auditng and policies over their systems... blame everything except users when folks accept downloads from random people and do everything with full admin privileges. How is the ability to disable things in relation to AV or firewall software new, inginuitive, or original at all? It's been done before... mention an M$ product, and all of a sudden people actually care now?
the only thing i hate about this, is that microsoft SAYS it is safe, and that so much other events in the past have proven that windows isn't that safe...

but suppose i would write a script disabling the default firewall, and disable the notification of it, i know exactly what to do, since it is the same in every windows XP sp 2 system (no need to find out what firewall is running). and then use the bug that is found recently which allows me to access the netbios shares through the firewall, and put that script in startup. then next time the system boots up (2 times to be exact). the firewall is gone, and the user never noticed it. Complete system is open to attack!

that's what i hate about microsoft, the false feeling of safety they give you...
because most users don't participate in a security forum and don't even know what an IP adress is, and that is exactly the kind of people that are vulnerable to this flaw.