With Vista, Microsoft took a different tact with hackers and security companies, actively inviting them to find holes and weaknesses while the software was in Beta. During this phase Microsoft uncovered weak code and worked to fix it before the final release of the software, and don't they still have a bounty system in place for hackers who discover exploits to the OS. Following their logic then I imagine that Win 8 when released will be even more secure than Win 7. They have also pursued a new tact in going after hackers that do go rogue by cooperating with law enforcement to make sure these miscreants are charged and held accountable for the damage they do. This new environment of working with and rewarding these hackers who might be now considered part of Microsoft's security directions in protecting their customers.

Then you have Apple primarily and Google both claiming they can't be hacked like Microsoft and now that they have enough market penetration with their smartphone products. They have both painted a big bulls eye on their various OS's and offered a challenge to hackers to disrupt their software. I mean think of the fun when an exploit of Apple is done and exposed and then listen while Apple denies, denies, denies until a secret fix is issued and still denies that their OS needs Anti-Virus software. Apple more or less challenges all levels of the security establishment to prove them wrong.

This is the new reality, Microsoft has become proactive in finding exploitable code while Apple and to some extent Google deny the possibility of it happening. Also for the majority of Microsoft users, persons who don't understand security, Microsoft has made moves to protect them, and the majority don't turn off the UAC and if a user doesn't install AV software within 60 days then Microsoft Security Essentials is installed as part of the update process and turned on by default. Yes there are malware for the OS but it is getting more difficult to dupe users into cooperating with their installation.