And the intetnet used to be such a nice place....

Yes, the internet was a nice place, back before it became a marketplace. Now that it has become a marketplace, it's no different that being accosted on a not so well lit thoroughfare when you are taking your earnings to the bank. The article series does raise some interesting issues that the developer community should respond to. The most significant is discovering how to do business in an infected environment. The anti-malware industry has been at odds with the hacker community since before the internet was a household word, back in the days of the BBS's virus's were a problem and they still are today. It's obvious that prevention is not the answer, since we have been fighting that battle for several decades. It really does come down to how do we beat them at their own game?

And a question nobody's considered:

What does the consumer do?

I keep my system patched and up to date, but according to this series, I'm still stuck.

There are certain populations, for instance the disabled, who couldn't survive in the modern world without things like online banking. It really is essential to keeping sane financial management if you can't transport yourself (say, if you can't drive to your local bank branch).

Not using such things isn't an option. So am I a lamb left out for the slaughter while those who won the luck of the draw get protection? Should I just assume my identity will be stolen?

The solution lies more with educating the users. e.g. Do not open email attachments, be careful what you click on while surfing, etc.

To quote Douglas Adams, "The biggest problem encountered while trying to design a system that was completely foolproof, was, that people tended to underestimate the ingenuity of complete fools"

The underlying cause could also be attributed to the computing monoculture that microsoft has brought into being.
I have no problem with such a large market share - but such a shoddy line of products security-wise is unforgivable.

What price security?

The solution as a consumer is simple: Switch to an alternate operating system. Mac OSX and Linux have been credible options for quite a while now. Both are more secure than any variant of Windows has ever been.

Personally I use Linux. I receive (mostly via spam) Windows malware email attachments all the time. However, even if I were to deliberately try to run them, none of them would work on my system.

@John Penta:

Tell me, what do people who don't have a computer but are disabled now currently do?? A computer (ala online banking) is not a requirement to manage finance. I'm sure you'll find more people that are in that situation without a computer than those that are.

@Michael R. Bernstein:

Alternate operating system is not the answer. Linux may appear to be less vunerable to attack than Windows, but that is just because its less used. As it becomes more mainstream the attacks will still be the same.. Case in point; Firefox. Security of Firefox is a highly touted feature, but the number of exploits for firefox != 0. Its still vunerable; and if you get anything from this series is that all you need is one exploit to compromize a system.

Switching to linux is putting your head into the sand. Better pray that no one else does as well, otherwise everyone will be in the same boat.

I think a good question is what is "Microsoft" going to do.

The solution is one time key pads which authenticate the transaction, and confirmation emails to the accounts.

My bank is already using that.
You need a hardware keygen (cheaply available these days for <$5US), which they give you as a keyring.

You login with that, auth with the keygen number. You do your business, and confirm the transaction by confirming an id number emailed to you, with the transaction details. You confirm the transaction id in the bank website, and it performs the transaction.
Multiple steps, but reasonably safe for now. (Until they break the hardware key random number crypto...)

Each transaction has a unique code, and part of it is not based on whats available on the computer, so its going to be hard enough for this type of criminal activity to work.

Most banks can add this kind of functionality relatively easily, and it stops this type of crime.

One way to fix this in the short run would be to switch the customers to OS X or Linux or some other OS with better security than Windows.

For the long term, why not use a token? The banks already make you wait one to two weeks anyway while they send you a PIN to get onto online banking. Why not spend a dollar and give each customer a password generator that generates a unique password for them each time they log into the system?

Better yet, make it a USB password generator, so they can plug it into their computer for authentication, and save the nuisance of entering that randomly generated password for each session?

With what the banks are already spending on fraud, I assume this solution would be cheaper.