Werms

hey /prog/
i was wondering, how the hell do worms self propagate and infect computers without the user being stupid enough to download & run them (e.g. trojans)?
if all they do is take advantage of security holes in the OS/applications then those holes must be absolutely huge, so why the hell aren't they patched immediately upon discovery?

inb4 1337 hax0r

``Worms" tend to propagate using a variable amount of 2 different kinds of vulnerabilities:
1)Human stupidity ( ex. a message telling the user to run an attachement, or do some action which leads to execution of remote code)
2)Vulnerabilities in services or client applications, which are the result of 1, or just oversight from the coder or oversight from the user(not updating to a fixed service, browser, etc)

While 2 is fixable, and 1 may be partially fixed by education of said problem users, fixing 2 when the user is in condition 1 is not always an option, unless someone else does the required maintenance for them.

tl;dr: Even if there we lived in an utopic world with no bugs, the problem will always be between the computer and the chair. The choice of software/OS is not as relevant, as is the user using them.