To say nothing of Microsoft Windows, there are few, if any, application software packages that are free of security vulnerabilities. Secunia currently lists 17,686 pieces of software and operating systems with vulnerabilities. Despite many software programmers' efforts to cut down on insecure code, mistakes will be made; there'll never be a completely secure program. That's the bad news.
The good news is that most reputable software companies, including Open Source groups, when informed of a vulnerability by security researchers, promptly issue a software patch to fix it. These are widely available to the public for free download or through update features built into the software packages. Windows allows you to turn on Automatic Updates (which you should do). Check the Help menu in other software packages for the update feature. The good folks over at Secunia have a nice, free, web-based tool to scan your computer for certain common vulnerabilities in a wide range of software, the Secunia Software Inspector. You can find out more about that in my Lockergnome article.
Despite the availability of these tools, most people don't keep up with patches on their systems (except for Windows updates). This is why I stress patching as computer security Maxim #5:
A vital part of PC security is keeping up with software patches for ALL of the software on your system, not just the operating system. Where it is available, use the software's automatic updates feature.
Ken Harthun is the Security Editor for Daves Computer Tips. He also writes about security issues for IT Knowledge Exchange and blogs on general Geek things at Ask the Geek. You can read more about Ken here.