Comment by mrguyorama

After things like

https://en.wikipedia.org/wiki/Blaster_(computer_worm)

https://en.wikipedia.org/wiki/SQL_Slammer

https://en.wikipedia.org/wiki/Sasser_(computer_worm)

Bill Gates sent out the "Trusted Computing" memo to harden Windows and make it somewhat secure.

Essentially, Windows used to be trivial to exploit, in that Every single service was by default exposed to the web, full of very trivial buffer overflows that dovetailed nicely into remote code execution.

Since then, Windows has stopped exposing everything to the internet by default and added a firewall, fixed most buffer overflows in entry points of these services, and made it substantially harder to turn most vulnerabilities into the kind of remote code execution you would use to make simple worms.

>better at security than we were way back then

In some ways this is dramatically understated. Now the majority of malware comes from getting people to click on links, targeted attacks that drop it, piggyback riding in on infected downloads, and other forms of just getting the victim to run your code. Worms and botnets are either something you "Willingly" install through "free" VPNs, or target absolutely broken and insecure routers.

The days where simply plugging a computer into the internet would result in you immediately trying to infect 100 other computers with no interaction are pretty much gone. For all the bitching about forced updates and UAC and other security measures, they basically work.