Hi Tech,
The whole situation can only change, when this all is done automatically, because the average users do not understand what they are up against, and the real protection policy is way over their heads, I cannot see the average user install NoScript without later getting him/her to the help-desk with the problem that such and such is not functioning fully. These protection methods are for the more advanced user. So the average user should not worry about update, upgrade, patch and yes using the appropriate rights (not full admin rights off-course) or the application must be build in such a way that you can flush it right with the malware and you will start with a clean browser slate every time you start it up or those parts of the browser that can infect you are running as a virtual machine, and cannot hamper the Operational System.
At the moment we have a situation where you can patch after patch endlessly, websites have content from whatever source you can mention and the webmaster is not security savvy enough to prevent browser users from infecting them with drive-by-downloads, droppers, file-infectors, malware redirects etc. etc. , most Internet protocols are broken, SSL has been circumvented, and a whole litany of mishaps. Actually the whole Internet is hanging together by "rubber bands" so to put it, but that is the actual situation and we are on the verge of total collapse....so the solutions should be a drastic one, but of so simple a nature that a complete nitwit & n00b cannot tamper with them, the security should be 100% "idiot-proof" and complete,
polonus