Would be nice if everything instantly became better with a bit of explanation, but I'm just a bit to cynical to trust that. Most people using tech need guard rails.

Yes, guard rails are good. I'm not denying that. They are an important part of user education.

But only when they can be overridden. MacOS around 10 years ago is a good example. It came out of the box in a foolproof state — only apps from the app store or registered developers would run, and SIP is enabled. But if you know what you're doing, you could disable both those things without any loss of functionality.

You can see the problem by browsing old help forums and see how often people suggest 'disable SIP' as a solution to some problem instead of really fixing the problem. Also, the clueless user will -at best- just follow instructions and disable all kinds of security features making them more vulnerable to malware.

If someone is trying to help themselves by participating in forums and following instructions, that's already very much an above-average user. They'll be fine anyway. I'm talking more about the kinds of people who would download a .jpg.exe and run it. Or transfer their savings to a "safe account" because someone called them out of the blue and told them to do so. Or fall for scammy ads. You get the idea.

I'm more concerned about the 'good with computers' type people helping the average users. Those are the people who use google and forums and leave other peoples phone and/or computer in a less than optimal state which makes the .jpg.exe attack more likely to succeed.