Unfortunately, no matter how secure an OS, the weak link is always the fleshy human bit attached to the keyboard. Even if you had a secure OS that blocked all remote execution of code from every conduit you can think of you would still get a retarded user legitimately installing malware.
As long as there are humans interfacing with computers your network is at risk. We need some kind of Social Engineering device that stops the naive and unwary being caught out. It's simply not possible to make a system (that can still be used by 95% of the population) that is 100% immune from malware.
Where's my coat?!