Windows is "open" by default to make the life of common users simpler. If you want you can configure it to be much more safer. I can't even remember when was the last time I got any of my computers infected.
My "security" setup is anything but elaborate, I just have a router with built in firewall, AVG Internet Security , Lavasoft's "Ad Aware" and the "No Script" plug-in installed in Firefox. I also install every Windows Vista update and adopt a security conscious behavior online. So far it has worked.
In the eventuality if an infection, my important files are double backed-up in external drives.
And the format option is a good one, after the 3rd of 4th install you'll get the hang of it and start to face it as a performance refresher
