People use Windows because when you consider Windows from a functionality perspective vs security perspective its worth using Windows. There are apps on Windows that Apple does not have. Period. And as much as people make excuses about it there IS more software on the PC then the Mac and contrary to popular belief its not crap software. 3rd party software support is the most important feature of any OS. Period. I can rattle off at least a dozen apps that Apple has no peer and we won't get into gaming.
I'm sorry folks but there are 5 simple steps to keeping your computer secure. 1. Use a firewall 2. Use a good antivirus software and make sure its set to auto update every day. 3. Use an alternative browser. 4. Set passwords for the DAMN admin account! I can not count the number of times I've gone over to someone's computer. Friend\relative\system not deployed by me and found NO password for the admin account. Can you say
WTF?!?! 5. Set security in your mail app to high and use ****ing common sense when running included exe files. I'm sorry but having the world's most secure OS means exactly jack squat if the ****tard of a user follows the instructions of an e-mail like a blind lemming and runs a Trojan/worm/virus
I now officially admin about 180 systems in my office and to date we have never had a virus infection here *knock on wood* that made it past Norton and even then the times when there were attempts it was due to a stupid moron user unzipping the file and running the exe in the file because the e-mail told them to. Moron.
Windows is a perfectly fine; fairly secure OS once its setup right. The problem is that it takes some tweaking to get Windows to that point something the average user don't have foggiest idea how to do. This isn't a big deal in an enterprise since we can tweak the image before rolling it out on a desktop and patch maintenance has become drastically simpler since we rolled out our System Update Server. The local desktops run auto updates once a day at 12PM and apply any patches I roll out from there. I can now hit all 180 systems in a matter of minutes. (That's assuming all of our laptop users are in the office.) But for the average home user they neither want to nor should they have to understand the fine details on how to setup a Windows system.
As for security of OSX. Lack of viruses/worms/Trojans doesn't mean that there are no flaws in OS X or unix. Yes I do believe that it is substantially more secure code base then windows but simply Apple has more then a few things going for it:
1. People don't hate Apple with a passion. Win users are more irked at apple and apple user more then anything else. I don't think it's enough to make some wintel user go out and get a mac so they can start looking for security holes. Linux users and generally the entire industry on the other hand hate MS. Does anyone truly like that company?!?! Finding a security hole is considered a badge of honor for some. Stick'n it to DA MAN if you will.
2. Cost of developing a virus. A cheap, 3 year old, PC system can be purchased for dirt. Any two bit hack can get a PC and start playing script kiddy. Going out and purchasing a Mac solely for the purpose of looking for a security hole costs more. One note on this. It looks like you CAN get older iMacs on ebay pretty damn cheap so this probably ends up being a moot point.
3. Market share DOES play a part in this. If you are a virus writer who would you be more interested in going after? 3-4% market share or 95%?
4. Apple doesn't give script kiddies vulnerabilities on a silver platter. The last 3 MAJOR worms/viruses have been based off of security vulnerabilities that were patched by Microsoft anywhere from a few weeks to months in advance. (Note: Blaster came out in late September. The patch for it was released in JULY!) Scrip kiddies don't look for vulnerabilities in Windows. They reverse engineer the various patches MS releases to the masses and exploit the fact that Windows users don't update. If people would auto update their systems when MS releases a patch things like the Blaster worm would become a moot point. Therein lies the problem. MS patches occasionally break things. (And don't tell me Apple patches don't do the same. See 10.2.8 for reference material.) A company needs to do testing before they roll out patches and that takes time. So when MS releases a patch a stopwatch starts. Who is going to get the task completed first? The user base and large companies who have to test this patch before implementation or the script kiddy who is trying to figure out how to exploit this security vulnerability.
*shrugs* all I know is this. I've run Windows 3, 3.11, 95, 95B, 98, 98SE, NT 4, 2000, XP, Server 2003. Currently I own two laptops a desktop, and a home server and in all that time I've never been infected by a virus. I think at this point both Microsoft, and the user are to blame for the problems with Windows. (With the virus/worm writer being overall to blame.) I see it as such. Microsoft: 60% User: 40%. Let me put it another way. If Ford put out a recall for their 2004 Explorer model because it explodes on impact from a 5MPH crash and you ignored the recall who's overall fault is it?