This does not mean we should NAT everything, since I use some of those
protocols. But if every Joe User had a DLink NAT box in front of his
Winbloze box, the Internet would be a safer place. And you know it.
You're forgetting Rob Thomas's peripatetic presentation in Chicago.
Not to mention the guy whose SSH session was outed by a keylogger.
Check http://www.safer-networking.org/ for more on spyware and
trojans. If this was the only way the black hats could wreak havoc
then we would be seeing a lot more of it.
I think that the only thing which will make the Internet a safer place
is time and hard work. We have to put in the effort to address *ALL* the
weaknesses until we've raised the bar so high that only the toughest
black hats have the time, skills and energy to break the weakest link.