How many of those Win2000 systems were servers? I find it difficult to believe that servers are infected with malware, unless you consider "malware files stored on servers" as infections. And if you do that, you can even claim that Samba servers are infected with Windows-based malware and viruses.
I haven't used Vista much. It came on my notebook and I replaced it with XP. I didn't like how it was so slow, I didn't like the look and feel, and I didn't like that most software (at least when I purchased it) had problems with it. I also didn't like how the Automatic Updates did not give any meaningful progress indicator. However, as much as I dislike Vista, I do so, and will continue to do so, on the merits. I will not bash Vista because of people's stupidity.
I've said it before, and I'll say it again -- a computer cannot protect people from themselves. In the end, it is the user who instructs the computer what to do. As an anecdote, I had a client a number of years ago (2001 or 2002, I think) who had infected her computer with a virus, and I was called out to remove it. She had antivirus software on her computer, and it was an older virus, so I didn't understand how she got infected. When I asked what happened, she said she received an email and the antivirus software warned her that the email attachment was infected, but she selected to ignore it and run the attachment anyway. When I asked her why she ran a file she knew was infected, her answer was "Well, I had to see what it was".
If you build a foolproof system, they will build a better fool. When you have users who click "OK" and "Yes" buttons without even reading the messages they are responding to, you cannot blame the OS. There are those of you who will say you can blame Microsoft because you feel they conditioned people to click on things, but in the end, it's the users performing the actions. As such, it is the users' fault for not reading what they are responding to. This goes for pop-up windows as well as license agreements and contracts.