[nkozyra]

I still don't think that's true - visiting a malicious site without any action still provides far more of a risk on Windows than it does on OSX.

Are there improvements on the browser and OS side that are helping? Sure. Do those impact the vast majority of Windows users? Probably not. Look at browser & OS version usage and you'll see that the "users you and I know" are probably not indicative of the majority of users in general. At least not yet.

[JohnTHaller]

All major browsers on Windows block outdated Flash and Java by default. All major browsers on Windows are automatically updated to the latest version by default. So, for the vast majority of Windows users, the attack vectors you're mentioning simply don't apply anymore. That means users you and I know and most users we don't.

What I'd meant by that line was that this doesn't apply to users in other countries where the majority of users are still using hacked (and completely insecure) versions of Windows XP. Sadly, Windows XP still represents about 19% of online users. Thankfully, most of those users are using a 3rd party browser as IE 6 is down around 1%.