Is the big elephant in the room the fact that pretty much just Windows has these problems with getting infections? Or are we not going to think about that fact?
Edit: I'll admit this is a Windows forum.
Windows does not have problems getting infections; if you connect a Windows box on the Internet, it does not just get infected all by itself.
Malware gets on Windows boxes through two methods:
1 - The user gets duped into running it.
2 - The user visits a website that exploits a flaw in their software and the malware gets executed on the computer.
Regarding point 1 - while Windows has what could be considered a flaw in its design, being that a .exe file is a program, a .exe file can simply be downloaded and then double-clicked on (and this is something that could be addressed, and has attempted to be by MS*), a user can be duped into doing just about anything, which is just as applicable on any other platform.
Regarding point 2 - this is OS independent. If a platform has a large enough following, it will be targeted; something that browsers have demonstrated perfectly well.
* - Though I wonder whether Windows could be altered to provide more protection, basically make it so that exe files can't be double-clicked on, and to run one you need to get a command or run prompt up and funnel the exe execution through an approved funnel, a single allowed interface for direct execution (let's say runexe32 for laughs), then in order for users to still freely be able to download software from any source on the Internet (this is definitely an advantage on Windows, it also represents a security risk), either an exe installer is distributed with a shortcut (runexe32 myinstallapp.exe - or possibly go one further and have permissions dictate that in order to write data to specific locations one has to pipe the program through runinstaller32, which then monitors the program's activity) that provides an easy method of installation and also makes it more difficult to get a user to simply proceed with their brain switched off through an install routine.
My idea doesn't break backwards applications compatibility because existing apps can simply be run through runexe32 (I think, I am not an OS designer).
However, again regarding point 1a - consider how easy it is to dupe a user - one of my customers was duped into running a dodgy VLC installer simply through a website popup that told him that his VLC version was out of date. So he probably would have been quite willing to jump through the extra hoops I just described so he could get to his porn/copyrighted movie.
