Its probably just a turn in the evolution of malwares relation to OS version, Although XP and 7 are very similar on the graph and I have seen for years far greater systems with Vista infected than other systems, so Vista may be troubled by design. Might be because it asks are you sure you want to do something so many times that people dont read it anymore and then they allow the system to get infected when its a real threat vs just verification of a common routine because they dont read the message they just click OK
I had this same issue with people I tried to help with Spybot and the TeaTimer feature years ago. I gave them the info and tools they needed to stay clean and it got to a point that people told me that they were not reading the messages and just clicking OK and so that dirty website with a nasty script now got around TeaTimer because they didnt read the message and disallowed something that shouldnt run, because after so many OK's, they were stuck in a habit of saying OK ALLOW to everything!
Those who are going to make malware are probably more than likely going to target a newer OS. Its like those running Windows 95, 98, or Me are less likely to be targeted by malware because how many people are still running these OS online.... not many, and so its a waste of coding time to target them, so your probably safer than ever before running one of these older OS's behind a hardware firewall since they lack a software firewall.
So as time goes on without MS Update Support, there is the likelihood that some new flaw will be found to target for XP, but also that as time goes on more people will be moving on Windows 7 or 8.x, and so Windows XP down the line will eventually possibly have the same immunities by disinterest to be targeted for malware as fewer and fewer people run XP,
however so many people are still running XP, including myself on a few systems, so it may be quite a while before XP gets the same level of disinterest by malware creators as 95,98, and Me.