Actually, one of the problems is that it's non-trivial for most users to even discover that the security of their system has been compromised, on any operating system, until it's far too late (or has been compromised in so many different ways that the system succumbs and fails to function in the expected manner).
If someone comes along and steals your car, it's not there when you get back. If they steal the car stereo, there's probably glass all over the place and the stereo's gone. Even if the take it for a joy ride and return it there may be clues, like the position of the seat and mirrors, the odometer reading, the amount of gas in the car, or a change in the position in which it is parked.
If your computer becomes part of a botnet, the best thing for the controlling interests to do is make sure that it's very hard to tell that your computer is infected. A virus or worm might sit on the machine for months infecting other systems before finally unleashing a destructive payload, for the simple reason that this makes it more effective. Tracking malware will hide itself in order to have more time on the system to gain more information for the advertisers that bought the information.
So the most effective, and damaging for the overall security of the network, forms of malware are those that are hardest to find. If the system doesn't tell you that there's suspicious behavior going on, and most users don't know how to see what processes are running on their system (and don't know what processes should be running on their system), then all of the security looks like hand waving, because they don't see a difference between the compromised and secure systems.
Half of the functionality in security products is alerting the user to potentially harmful activity taking place on their computer or network. Of course end users hate when these alerts get in their face and require action on their part, so if they're given a chance to disable them, they do so. The trick is alerting the user without annoying the user, and making it easier to disable a security warning when it's being overly paranoid than it is to disable the entire security system.
My simple analogy is not for a car, but rather my house: if I had to use the older style of home alarm system where I keyed in a security code and then attempted to exit the house while it armed itself, or come into the house and key in the code before the alarm went off, I would never use it. I'd rather depend on the keys that are only effective against those that would probably be stopped just as easily by the fact the door is closed. However, since my house's alarm has a keychain remote like most cars do, it's a simple matter of locking up the house and arming or disarming from outside. Additionally, the alarm is obnoxiously obvious when someone opens/breaks a window, trips a motion sensor, or opens a door. There's simply no chance of someone getting into the house without me knowing it unless they find a way to bypass the system.
Bypassing the system may turn out to be fairly easy for someone that knows how to do so, I really don't know. However, the system is there to handle a higher percentage of possible intruders than the simple lock that my wife can bypass in 30 seconds or less.
Make it easier for the user to understand what is really going on behind the scenes on their machines. Let them see the network traffic, where it's going, and what processes are using it. Make it easy for them to figure out what is supposed to be running on their system and what is not.