Exactly.
I removed virus for my living - the vast majority of end uses don't understand the basic operation of a computer, much less the concepts of networking, security. Most of them don't even understand how a program runs or have the ability to discern between real software and malware.
I have one customer who calls in about once a week to have the "FBI - moneypak" virus removed. He just won't stop going to some shady porn sites and "finally clicks yes" on a prompt asking him to install something because it won't let him off the site if he doesn't, I can't convince this customer to avoid the site or to simply rightclick close the browser stack when he gets that msg. But hey as long as he wants to keep paying me $100 a pop for 20 mins of work... whatever.
its a facebook advert that prompts stuff like.
"someone has a crush on you click here to see who"
"new message click here"
"someone wants to share a photo"
u get the jist..
i seen it myself as one person gets it soo often they actually deemed me the culprit. so i went to their house and asked them to do their normal activities. sure enough they were drawn to the facebook advert.
many people in england now know it to be from facebook redirecting them off of facebook to stealth download of the fake warning.
it use to come up as a fake antivirus, but now its an FBI thing.
so not really linked to porn, as i myself once thought.
its up to you to inform your regular customer why they keep getting it and to stick to the standard facebook message, photos and friend buttons. or continue milking them dry, as i done as the moron deserved it
i too think the weakest part of the computer system is not the firewall.. but the user.