The truth of the matter is Windows is vulnerable because windows is vulnerable. Its attacked because is is vulnerable and any 13 year old can break in with only a few scripts.
Hey, my kid isn't just "any 13 year old" ;-)
A similar situation occurred with OS/2. Because of the way it was built, it was very difficult for a virus to infect it. About the only way in, was a boot sector virus, which means you had to boot from an infected floppy, to get infected. Viruses are almost entirely a Windows problem, because of inherent deficiencies.
Sadly I miscalulated IBM's ability to market OS/2, so now I'm running 5+ year old software on most of my office desktops, at least until I can finish updating my proprietary software to run on Linux. I've never had a virus or exploit of any kind on any of my OS/2 or Linux boxes. My decision to select reliability and security over popularity has caused me to endure constant hassling by employees who don't want to use anything but Windows (I suspect because it has the best selection of time wasting toys). Nevertheless I've held firm and it looks like I've picked the right pony this time. Jeff