I agree with you somewhat.
Users should take a more active role in making sure that their computers are not causing serious damage to the system as a whole. But I also assign blame to the OS and application makers for not making that simpler.
Essentially what I am saying is ... users should follow best practices (security, patches, A/V), but those practices should be easy to implement and the end user should not necessarily be required to understand how they work. This is where the end users have been let down.
It boils down to ..... not everyone should have to be an expert in computer security to use the internet.