Re: Yes, that's one of the bad design decisions of USB
This might be simplistic and stupid, but why not just have the computer ignore USB devices until the user specifically clicks a doodah saying "Yes, I want to use this device" ?
The problem isn't that USB is insecure (things can be spoofed, but spoofing works all over the world - think about fake licence plates and counterfeit money), the problem is that the operating system will see a device, blindly install drivers for it (if it can), and then start talking to it. It is useful that one can plug in a new USB harddisc and it'll "just work", but it is considerably less useful when you take a moment to consider the opportunities that present themselves if the computer will not only install the device but would go a step further and try using and/or autorunning it. The possibilities are... worrying.