What could have been done differently?

Somewhere in the equation, the sysadmin/enduser, whether Unix
or Windows, has to take some responsibility.

Hence I loved this:

Worm Hits Microsoft, Which Ignored Own Advice

Among the companies that found its computer system under attack
by a rogue program was Microsoft, which has been preaching
the gospel of secure computing.