In 2008 Panda scanning approximately 67 million computers looking for malware infection. Of all those computers 35 percent were infected with malware and they were running up to date anti-malware software.
How does that happen? The obvious answer is that the anti-malware software in use on the infected computers isn't adequate. Of course we also have to take into consideration the Internet usage habits of the people who use those infected computers.
Further, PandaLabs also reported that of the 67 million computers, approximately 13 million were infected overall. Again I wonder, how does that happen? I think the answer is easy enough to arrive at.
As Forrest Gump said in that rather famous movie of the same name, "Momma always said that stupid is is stupid does." Which of course applies to Internet security just as well as it does to other aspects of life. If you gain enough information about safe Internet use and apply it appropriately then it can be used to protect yourself - but people don't do that. So they blindly rely on software that can't protect them either.
People are gullible and they don't even know it. That might be why (according to PandaLabs data) "Arizona, California and Florida continue to be the states with the highest per-capita incidence of reported identity theft."
Ultimately, any good security solution has to include a megaton of end user education.