The talk lately has centred about Vista's security APIs, but Linux certainly needs improvements in this area, because AV vendors still rely on an external kernel module to implement "real time" file scanning.
http://uk.theinquirer.net/?article=35263