ISPs could give the same information to their customers or even put certain 'security requirements' in their contracts. They could send their users a 'security newsletter' and/or setup a special website/page with usefull information (usefull information != some links to your sponsors and and some FUD text written by people from the marketing dep.)
This particular approach to education of the average ISP patron is a good idea in theory, but if such contractual stipulations or useful information were presented to the average user it would elicit no more than a nod. The braver users may attempt to understand what they are being told "for their own good", but the a majority of them are likely to give up their benefits after reaching the 3rd technical term that they don't understand.
I agree that the only way to truly secure the desktop PC, once and for all, is to force into the users' hands a read-only device. If all administration were controlled by a competent professional then we'd all be relatively safe from data and revenue loss, as well as having our sensitive datas compromised. I believe that nothing will ever stop security threats and breaches completely, but that is good because it shows something hopeful for the ingenuity, tenacity, and adaptability of mankind.
Your friend, Ethan E Sundstrom
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html