I think it sounds good, but it's pretty much a utopia. It will never come true.
The way I see it is not that people are ignorant (although some are, and they really don't care about the security of their computer) the problem is that many people don't know how to do it.
When a person is buying a computer for home use, they should go to a two hours course for free or for a small fee (sponsored by the big companies out there who make shitty software with security holes in it such as MicroSoft), and learn how to : update and patch their system, install an antivirus and update it and install a firewall.
What I'm saying I guess is : first teach them than go after them if they don't want to learn or they are to stupid to do it right. You can't just go to a person and tell her he or she has to pay 100.000 $ because some agency detected that an successful attack has been made from her computer against some target. Remember not every person knows as much about computer as some people around here. Some don't even have the smallest idea about computer security. Why ? because they never really had to learn about something like this.
A solution to this problem, IMHO would be instead of teaching every user in the world about security, how about for a fee when the ISP detects hostile traffic from a certain computer, they disconnect the computer, and a guy (working for the ISP) who actually knows about computer security goes and fix the computer.
Since we can't force this on everyone, I mean there is no point for someone who protects his computer to pay money for a service he doesn't use, you only pay the fee when the repair guy has to come and fix your computer, because you were lazy and didn't do it.
There are many sides to this story. But I think that to start going after the users, without trying to teach them first, or offering them a service, it's not a solution.