Yeah this is literally insane to have a malicious window pop inside the wallet and nothing is done to prevent it.If you are not experienced enough to have the reflex to verify the GDP signature or your anti-virus doesn't detect it you're basically screwed.Hell,at this point I don't trust desktop wallets anymore.
You can't prevent something you don't know about. There are latent flaws in pretty much all software. No one knows about them until someone exploits it. Look at Wannacry and all the other big name exploits.
As soon as it was discovered, the Devs did do something to try and mitigate it... they immediately released patches to try and mitigate the effects of the vulnerability and even went so far as to effectively "DoS" older versions so they couldn't connect to servers to try and force users to update to newer versions.
In addition, it has been publicised on their website, twitter, it was in the "News" section at the very top of EVERY Bitcointalk page for a number of days/weeks including a link to a thread about it... and it's been all over BCT and Reddit and other crypto news sites since it all started back in Dec/Jan. It's been around 8 months!!?! How do people not know about this?
I'm not sure what else people expect the devs to do at this point? They've patched the flaw and it's been widely publicised. Anyone that doesn't follow the advice that the Electrum devs have ALWAYS states of only downloading from electrum.org and ALWAYS checking the digital signatures is risking their funds.