But what about those rare but somewhat famous pieces of malware that are able to infect you without user interaction? For example Conficker. A worm able to spread within a network using ports usually opened on every windows machine with an exploitable windows service listening to them. Built-in Windows security is hopeless in front of sophisticated malware like that. Microsoft added too many features that are more or less useless for me but can become a security risk. For example UPnP - Universal Plug and Play - do I really need a service crawling my network looking for devices that might be attached? If I have UPnP enabled in my router also, malware can even open its ports if it wants too. Sure, Microsoft starting with XP, decided to allow only computers within a network to use this services (previously you could exploit these services over the Internet) but I can't always control every PC attached to my router. Friends might come over and I need to allow them to connect or I might be using a laptop that I need to connect to a hot-spot.