Well…maybe. There is no doubt that if sys admins could lock down their users machines, you’d solve a lot of issues, but that isn’t really feasible with all the new tools flowing in the door. Everytime someone downloads a new program that doesn’t require admin rights, someone else is going to develop an exploit.
There is no quick fix for this, whether it be under Windows, UNIX, Linux or otherwise. All you can do is educate.