A few weeks ago, Microsoft released its 2008 Security and Intelligence Report.  In it, they detail a number of interesting trends.  One is how much the Malicious Software Removal Tool removes per operating system infection.

The infection rate for Windows Vista is significantly lower than that of its predecessor,
Windows XP, in all configurations. Specifically:

• Comparing the latest service packs for each version, the infection rate of
  Windows Vista SP1 is 48.8 percent less than that of Windows XP SP3.
  
  
• Comparing the n-1 service packs for each version, the infection rate of the release
  to manufacturing (RTM) version of Windows Vista is 56.2 percent less than that
  of Windows XP SP2.
  
  
• Comparing the RTM versions of these operating systems, the infection rate of the
  RTM version of Windows Vista is 85.4 percent less than that of the RTM version
  of Windows XP.

The higher the service pack level, the lower the rate of infection. This trend can be
observed consistently across client and server operating systems. There are two reasons
for this:

• Service packs include fixes for all security vulnerabilities fixed in security updates
  at the time of issue. They can also include additional security features, mitigations,
  or changes to default settings to protect users.
  
  
• Users who install service packs generally maintain their computers better than
  users who do not install service packs and therefore may also be more cautious in
  the way they browse the Internet, open attachments, and engage in other activities
  that can open computers to attack.

Dare I say that if users upgrade their operating systems, we'd see fewer botnets?  Maybe, maybe not.  But it seems to make sense.