I doubt a program will ever be able to satisfactorily plug the biggest security hole, the one between the keyboard and the computer.
Definitely a big factor, though another major issue is that Microsoft has only just now, with the release of Vista, started to implement the policy of not setting up every account as the Administrator/Root/Super User. If you've ever used a *NIX OS you know that using the root account for everyday tasks is NOT recommended. It only takes one network exploit or a user opening up a trojan and suddenly malicious code has control of the root account, and thus control over every OS system file.
The main reason OS X has no viruses in the wild isn't because they play second-fiddle to Windows, it's because you have to enter a password via sudo
any time you make a system-wide change to the OS. Make all the viruses you want for Linux/Unix/OS X, but unless the user is dumb enough to actually give the virus program their account password, the virus won't be able to do jack. Compare that to a default WinXP setup, where all you have to do to have worms spreading through your system is connect to the internet for 15 seconds without a firewall.
If XP had simply set up every default account as Limited instead of Administrator, and required a password for administrative operations, 90% of the virus/trojan issues out there for Win32 probably wouldn't exist. The functionality was all set up for that with NTFS permissions, they just had to actually make the Limited account usable for day-to-day use (as it is, you can barely run a CD-Player application without needing the admin account).
Vista has attempted to fix this with UAC (Cancel or Allow?), but since they've made it about 50 times more annoying than sudo a lot of users seem to be turning it off and sacrificing the security benefit.
Edited by arcman, 26 March 2007 - 02:41 PM.