What's an O/S Supposed to do ?
An O/S is supposed to control access to things like processor, memory & I/O. It is also supposed to (In a "modern" O/S like *nix, Windoze, etc) to isolate applications from each other, and to protect the O/S (and hence the underlying hardware) from unauthorised access by user space programs.
If an O/S cannot achieve these basic things then it has some fundamental problems. Bolt ons to the O/S to stop software which can exploit these weaknesses are too little too late. Here's a bit of an analogy (Which I'm sure someone will flame me for): You want to protect your house. Do you put in strong doors and windows with strong locks, or some cheap stuff and buy a guard dog ?
Anti-root kit (and SOME A/V) protection is fixing the symptoms of the problem (unsecure O/S) rather than the real problem.
With modern complex userspace software, some anti-virus is likely to be needed to prevent things like macro viruses, etc. But these should NOT be able infect the kernel. Heck, IF the O/S is setup properly, a user-space virus should not be able to infect anyone else's files on the machine.
IMHO, Windows from two problems:
1) It blurs the line between supervisor mode and user mode. This is done to make computers more easy to use. However, all these little chinks soon add-up to big security problems. (Why should a user be able to install files into the O/S binary directories ?)
2) Microsoft (or any company making a consumer O/S) will make more money from selling a new version of their O/S that has more pretty functions, than has good security. Look at the recent spate of 3D desktops.
Security and useability are, at best, uneasy bedfellows. At worst, they are an oxymoron.
With Windows, MS decided to focus on the usability. Other O/Ss tend to lean more towards the security.
Unfortunately, MS has such a large market share of the desktop, that it is very hard for anyone else to break into that market space.