To be fair to MS, how do you defend against a program that has been loaded onto a computer by the user and then executed? This file wasn't e-mailed, exploiting Outlook Express or Explorer. Trusting people have downloaded it, and will potentially run it.

I would imagine running an executable file on any other OS would be equally risky. Firewalls cannot be relied on to catch these things. After the program is up and running, it could disable your firewall, disable Virus detection, then do whatever it wants, because you have given it control.