It's not the viruses that you attack, it's the infection method. The problem is that you have 10,000 programmers in Redmond designing for functionality and not security.