Allow me to apologize. I misunderstood your point.
I agree that by itself, Windows can be extremely vulnerable to attack, however, to properly lock the OS down, IMHO, would require the usability factor to plummet to the point that most users would move to another OS.
My point, in fact is this: To have a truly unexploitable OS, you would need to lock the system in a hermetically sealed box, that has no outside connection other than the necessary power leads, never let anyone touch it, never connect it to the net or internet, and never allow any installations of software, hardware or saving of data to the system. That is the perfect security protection for a system.
Other than that (since that is obviously not realistic), you should always take steps to protect yourself from attacks, to the best of your ability. The best solution is to combine Anti-virus utilities (1 or more) with a good firewall (preferably a hardware based one that also does a stateful packet inspection).
I don't believe that any company makes a truly secure OS, Windows just happens to be the most prolific and consequently the easiest to attack. It obviously does not help that some of the usability features are also the weakest points, but by locking at least the inbound traffic down to a manageable state, exploits of this kind can be reduced, probably not eliminated, but definitely reduced.
<Stepping down from my soapbox>