I imagine security firms are concentrating their efforts on web browsers; firewalls, such as Windows XPs and other third party products, mitigate, rather than directly address, any vulnerabilities in system services, but a web browser cannot be protected in the same way. And, for most people, the web browser and the email client are their primary interfaces for the web, simply requiring a black hat or script kiddie to coerce the user to visit their infecte web site/ page; a depressingly easy thing to get your average net-user to do, it would appear from the continued popularity of phishing scams.
Of course... one may ponder how much havock could be wreaked a vulnerability on a P2P client; all those users on a single virtual network and little to no coercion would be required, depending where the flaw lay.